TECHNOLOGIES
FORUMS
JOBS
BOOKS
EVENTS
INTERVIEWS
Live
MORE
LEARN
Training
CAREER
MEMBERS
VIDEOS
NEWS
BLOGS
Sign Up
Login
No unread comment.
View All Comments
No unread message.
View All Messages
No unread notification.
View All Notifications
Answers
Post
An Article
A Blog
A News
A Video
An EBook
An Interview Question
Ask Question
Forums
Monthly Leaders
Forum guidelines
shrikant kesharwani
NA
11
0
How can validate SAML Assertion in .net
Jun 30 2011 1:32 AM
Hi All,
I am getting the valid SAML response from the vendor and I just want to validate SAML Assertion.
Below is the SAML response and I have mask few things with xxxxxxxxxxxxxxxxxxxxxx due to vendor concern.
<samlp:Response IssueInstant="" ID="gzRaMPjm98mgG0_s0ylFgO85wao" Version="2.0" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
<saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">http://xxxxxxxxxx.com/</saml:Issuer>
<samlp:Status>
<samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
</samlp:Status>
<saml:Assertion Version="2.0" IssueInstant="6273" ID="wZT13pIVg8n60RZgGm_fWAhYNSP" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">
<saml:Issuer>http://xxxxxx.com/</saml:Issuer>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#wZT13pIVg8n60RZgGm_fWAhYNSP">
<ds:Transforms>
<ds:Transform Algorithm="http://www..w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>xxxxxxxxxxxxxxxxxxxxxxx</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
</ds:X509Certificate>
</ds:X509Data>
<ds:KeyValue>
<ds:RSAKeyValue>
<ds:Modulus>
xxxxxxxx
</ds:Modulus>
<ds:Exponent>xxx</ds:Exponent>
</ds:RSAKeyValue>
</ds:KeyValue>
</ds:KeyInfo>
</ds:Signature>
<saml:Subject>
<saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">staff</saml:NameID>
<saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
<saml:SubjectConfirmationData NotOnOrAfter=" " Recipient="https://xxxxxxxxx.com"/>
</saml:SubjectConfirmation>
</saml:Subject>
<saml:Conditions NotOnOrAfter="" NotBefore="">
<saml:AudienceRestriction>
<saml:Audience>http://xxxxxxxxxxxxxxxx.com</saml:Audience>
</saml:AudienceRestriction>
</saml:Conditions>
<saml:AuthnStatement AuthnInstant=" " SessionIndex="wZT13pIVg8n60RZgGm_fWAhYNSP">
<saml:AuthnContext>
<saml:AuthnContextClassRef></saml:AuthnContextClassRef>
</saml:AuthnContext>
</saml:AuthnStatement>
<saml:AttributeStatement xmlns:xs="http://www.w3.org/2001/XMLSchema">
<saml:Attribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" Name="role">
<saml:AttributeValue xsi:type="xs:string" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">http://xxxx.com/</saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>
</saml:Assertion>
</samlp:Response>
I have tried the below code in the .NET 3.5 web application and I am always getting the invalid signature message from the code. Please have a look in the code and suggest me.
Thanks in Advance.
XmlDocument doc = new XmlDocument();
doc.Load(Server.MapPath("SAML.xml"));
SignedXml signer = new CustomIdSignedXml(doc);
signer.AddReference(new Reference("#_d4559638-3abf-4433-9fad-b10f8a950351"));
// _d4559638-3abf-4433-9fad-b10f8a950351 is used as reference to DigestMethod & DigestValue.
signer.SigningKey = new RSACryptoServiceProvider();
signer.ComputeSignature();
string s = signer.GetXml().OuterXml;
SignedXml verifier = new CustomIdSignedXml(doc);
verifier.LoadXml(signer.GetXml());
if (verifier.CheckSignature(signer.SigningKey))
Response.Write("Signature verified");
else
Response.Write("Invalid signature");
Reply
Answers (
2
)
How to get all the Web sites and Web services deployed on IIS
How to display dropdownlist value