I am getting the valid SAML response from the vendor and I just want to validate SAML Assertion.
Below is the SAML response and I have mask few things with xxxxxxxxxxxxxxxxxxxxxx due to vendor concern.
Expand|Select|Wrap|Line Numbers
- <samlp:Response IssueInstant="" ID="gzRaMPjm98mgG0_s0ylFgO85wao" Version="2.0" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
- <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">http://xxxxxxxxxx.com/</saml:Issuer>
- <samlp:Status>
- <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
- </samlp:Status>
- <saml:Assertion Version="2.0" IssueInstant="6273" ID="wZT13pIVg8n60RZgGm_fWAhYNSP" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">
- <saml:Issuer>http://xxxxxx.com/</saml:Issuer>
- <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
- <ds:SignedInfo>
- <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
- <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
- <ds:Reference URI="#wZT13pIVg8n60RZgGm_fWAhYNSP">
- <ds:Transforms>
- <ds:Transform Algorithm="http://www..w3.org/2000/09/xmldsig#enveloped-signature"/>
- <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
- </ds:Transforms>
- <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
- <ds:DigestValue>xxxxxxxxxxxxxxxxxxxxxxx</ds:DigestValue>
- </ds:Reference>
- </ds:SignedInfo>
- <ds:SignatureValue>
- xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
- </ds:SignatureValue>
- <ds:KeyInfo>
- <ds:X509Data>
- <ds:X509Certificate>
- xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
- </ds:X509Certificate>
- </ds:X509Data>
- <ds:KeyValue>
- <ds:RSAKeyValue>
- <ds:Modulus>
- xxxxxxxx
- </ds:Modulus>
- <ds:Exponent>xxx</ds:Exponent>
- </ds:RSAKeyValue>
- </ds:KeyValue>
- </ds:KeyInfo>
- </ds:Signature>
- <saml:Subject>
- <saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">staff</saml:NameID>
- <saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
- <saml:SubjectConfirmationData NotOnOrAfter=" " Recipient="https://xxxxxxxxx.com"/>
- </saml:SubjectConfirmation>
- </saml:Subject>
- <saml:Conditions NotOnOrAfter="" NotBefore="">
- <saml:AudienceRestriction>
- <saml:Audience>http://xxxxxxxxxxxxxxxx.com</saml:Audience>
- </saml:AudienceRestriction>
- </saml:Conditions>
- <saml:AuthnStatement AuthnInstant=" " SessionIndex="wZT13pIVg8n60RZgGm_fWAhYNSP">
- <saml:AuthnContext>
- <saml:AuthnContextClassRef></saml:AuthnContextClassRef>
- </saml:AuthnContext>
- </saml:AuthnStatement>
- <saml:AttributeStatement xmlns:xs="http://www.w3.org/2001/XMLSchema">
- <saml:Attribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" Name="role">
- <saml:AttributeValue xsi:type="xs:string" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">http://xxxx.com/</saml:AttributeValue>
- </saml:Attribute>
- </saml:AttributeStatement>
- </saml:Assertion>
- </samlp:Response>
Thanks in Advance.
Expand|Select|Wrap|Line Numbers
- XmlDocument doc = new XmlDocument();
- doc.Load(Server.MapPath("SAML.xml"));
- SignedXml signer = new CustomIdSignedXml(doc);
- signer.AddReference(new Reference("#_d4559638-3abf-4433-9fad-b10f8a950351"));
- // _d4559638-3abf-4433-9fad-b10f8a950351 is used as reference to DigestMethod & DigestValue.
- signer.SigningKey = new RSACryptoServiceProvider();
- signer.ComputeSignature();
- string s = signer.GetXml().OuterXml;
- SignedXml verifier = new CustomIdSignedXml(doc);
- verifier.LoadXml(signer.GetXml());
- if (verifier.CheckSignature(signer.SigningKey))
- Response.Write("Signature verified");
- else
- Response.Write("Invalid signature");