<samlp:AuthnRequest.......... <samlp:RequestedAuthnContext Comparison="exact">Hi Faris
This can be specified through the PartnerIdentityProvider section of your saml.config.
<PartnerIdentityProvider
Name=“XXXX”
AuthnContextComparison=“exact”
AuthnContext=“urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport”
You are better to use the SAML high-level API as it’s easier to use and is configuration driven.
The low-level API is available for less common use cases.
The Examples Guide walks you through the example projects that call the high-level API and include SAML configuration files.
https://www.componentspace.com/Forums/9351/Examples-Guide
The Configuration Guide provides details of SAML configuration.
https://www.componentspace.com/Forums/9350/Configuration-Guide
These are done for you when you call SAMLServiceProvider.InitiateSSO.
The URL encoding occurs as part of the call to SAMLServiceProvider.InitiateSSO.
No further action is required.
I’m not sure how you captured the sample but if you use something like browser developer tools to take a look at the raw URL you’ll see it’s properly encoded.
Below is a capture of a URL using Chrome’s dev tools.
https://localhost:44390/SAML/SSOService.aspx?SAMLRequest=fZLNbsIwEIRfJfI9JCFJCRYgUWhVJFoiQnvopTLOUiw5dup1KH375gcqeoDramfm86xHyApZ0mll92oNXxWgdRbzMfnwhwnELM5dHoDvRvk2dId5DO42GARwByEPk5g4b2BQaDUm%2FZ5PnAViBQuFlilbj%2FwgcYO%2B2482fkL9gEZxL%2FEH78SZ1ylCMdsq99aWSD1Pas7kXqOlURQOfS%2BbPi%2B9LFtlYA6CQ49heSTOozYcWtox2TGJ0KSmDFEc4G%2BSGm011%2FJeqFyozzGpjKKaoUCqWAFILaeNPa2p6bZbQvq02aRuuso2xJkigmnwZlphVYA5Qbyul1eAw6QDvqY84R8LqZC2nd%2BmKk9PIJNRs03bas2F%2FracnTHI5Iz7cGRFKeHEU1d0EDmYkXdh32WV9KX2W8xTLQX%2FaRovmL0eF%2FSCdiJyd9eu0kphCVzsBOR1lVLq75kBZuv7WFPV5%2FEmXer%2Fbzf5BQ%3D%3D&RelayState=%2F&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=U2igM2N05qVsQAcqVUhgs%2Fvk%2BM1jLb1NrJEBmmFV%2BX7D9dCOvpWhf96V5Jr%2B2uM5Uv%2BckyIalBbIh0i6lVN%2BgR9BeBN%2BFD4d%2B0Zn3gJeIROB8EhAMoBmpBjGEmcTMu10DcDcNnLxI14bW%2FaQJnbaH4pB1abmXVcztwEa0pA8fTbSbfyg1UHGv8ToMxjgqWacQeKvJtQaoLIO47JUpCWULyHqVO83FrlHIaNsA5S6IYQh6KgEPwvnA7Ny4tDA6ceyw3g7PZRTU7OvuQx%2B%2Fql5gx06Iyw%2BE%2BdqS389DkKpMv6cGFHagag16fu5hrBpF9mN0lWXuHz%2BQILMpKEbnOlClw%3D%3D
The SAML message is encoded correctly.
I can assure you that there are no issues with the encoding of SAML messages by our product.
Have you tested with the third party identity provider?
If so, and you’re seeing an error, please provide the details.
The HTTP-Post encoding is correct.
If you’re seeing plus and equal signs, the browser dev tools have decoded them.
For example, using Chrome dev tools, the default is to show the decoded (parsed) form data.
You can click the “view source” link to see the raw form data which is correctly encoded.
SAMLRequest=PHNhbWxwOkF1dGhuUmVxdWVzdCBJRD0iXzkwNjU3MjMyLTQzZjItNGE1Ny05M2Q4LWRlYWU4NTRiYzA5OSIgVmVyc2lvbj0iMi4wIiBJc3N1ZUluc3RhbnQ9IjIwMTgtMTItMjRUMDg6NTc6NDEuNjE0WiIgRGVzdGluYXRpb249Imh0dHBzOi8vbG9jYWxob3N0OjQ0MzkwL1NBTUwvU1NPU2VydmljZS5hc3B4IiBGb3JjZUF1dGhuPSJmYWxzZSIgSXNQYXNzaXZlPSJmYWxzZSIgUHJvdG9jb2xCaW5kaW5nPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YmluZGluZ3M6SFRUUC1QT1NUIiBBc3NlcnRpb25Db25zdW1lclNlcnZpY2VVUkw9Imh0dHBzOi8vbG9jYWxob3N0OjQ0MzM4L1NBTUwvQXNzZXJ0aW9uQ29uc3VtZXJTZXJ2aWNlLmFzcHgiIHhtbG5zOnNhbWxwPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6cHJvdG9jb2wiPjxzYW1sOklzc3VlciB4bWxuczpzYW1sPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIj5odHRwczovL0V4YW1wbGVTZXJ2aWNlUHJvdmlkZXI8L3NhbWw6SXNzdWVyPjxTaWduYXR1cmUgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiPjxTaWduZWRJbmZvPjxDYW5vbmljYWxpemF0aW9uTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8xMC94bWwtZXhjLWMxNG4jIiAvPjxTaWduYXR1cmVNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGRzaWctbW9yZSNyc2Etc2hhMjU2IiAvPjxSZWZlcmVuY2UgVVJJPSIjXzkwNjU3MjMyLTQzZjItNGE1Ny05M2Q4LWRlYWU4NTRiYzA5OSI%2BPFRyYW5zZm9ybXM%2BPFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNlbnZlbG9wZWQtc2lnbmF0dXJlIiAvPjxUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiPjxJbmNsdXNpdmVOYW1lc3BhY2VzIFByZWZpeExpc3Q9IiNkZWZhdWx0IHNhbWxwIHNhbWwgZHMgeHMgeHNpIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8xMC94bWwtZXhjLWMxNG4jIiAvPjwvVHJhbnNmb3JtPjwvVHJhbnNmb3Jtcz48RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjc2hhMjU2IiAvPjxEaWdlc3RWYWx1ZT5lYXRHNHVRY2tFQ2RvUlZTR2piMFdvMk4vZk1ZRFlZNWk4VEJBNG1ubWxrPTwvRGlnZXN0VmFsdWU%2BPC9SZWZlcmVuY2U%2BPC9TaWduZWRJbmZvPjxTaWduYXR1cmVWYWx1ZT5vc2lTQjh1dzFJMlVQRFN0Wi9UQndUYVBYRXhReE5QM0Y3Mi81ckd1a1JpVlhQN0xOSGd0UGp3azhKWFdYb0pwL29YaVFSYXoyNHRsbEVCb3ZJMGtKdFRjQlJya3gzL2orZllZR2wrYzZDd3FWaFlCS2FIQjkzTEU4R0QrRWNYUzhDNTYvbUZKZjJFRG1Tb3hTU3Z5VGpMd0txc0c1OFdkTnljTXFOcEE2amI3M1FTZERhcEFtZGVmWVBUMnJrVDZidktEZ1lRa1FGUmpsNFJ4V1g0Y3A1MlBIK2JrQURGTWdjeHhjUXIwMGMzOTdENm9TU0VudDN3ak5TZjJwakV2VFVUVUwrT2ZxczR1VDN0c0dwT2JFeFd6TEdUNGxCOXZmTzI0YzZYUzFZZzFuUDFhREIxUjUxQXZNeDg1bUxoVDNBNlliRkptQlB2eGRvVU5lSWYxc0E9PTwvU2lnbmF0dXJlVmFsdWU%2BPEtleUluZm8%2BPFg1MDlEYXRhPjxYNTA5Q2VydGlmaWNhdGU%2BTUlJQy9qQ0NBZWFnQXdJQkFnSVFDR2VoZmNudjZyNU15L2ZucmJmRGVqQU5CZ2txaGtpRzl3MEJBUXNGQURBVk1STXdFUVlEVlFRREV3cDNkM2N1YzNBdVkyOXRNQjRYRFRFek1URXlNakE0TWpNeU1Wb1hEVFE1TVRJek1URTBNREF3TUZvd0ZURVRNQkVHQTFVRUF4TUtkM2QzTG5Od0xtTnZiVENDQVNJd0RRWUpLb1pJaHZjTkFRRUJCUUFEZ2dFUEFEQ0NBUW9DZ2dFQkFNUG0vZXc5amFHV3BRUzFDN0t0cHZnelY0blNPSUZQZ1J0L25sUllSK3BVV2RERWZTS215aksyOG5rUTFLS3VqUkpUbnZubVp5ZG1Vcm1FRnBWditnaUJpVWt2Q0pZM1B4Wi9FRFNzRjNSL096V2hrVXY1bmZBWFBucWtYOXgyMmI2K3ZVb2Y2V2lMR3lBVzZsT1lNQ1ZBRGpUU2w5cFNhVXRJYUFOZHg5bWFFUmNUOWVRYkdTbmppbTBXdXJGUllzOVpFOHR0RXJyTUg5K1N1NDI0NllEcU9QQWt6NkxhNGNISE1QUWRjRlFUNXAvY3VYQmZVMXZsMXRXZEJFZ0FZM3hIWVpFOHU1VFRKL3ZwOVV4eVUxTXdmZU8yZzlWRFJjb2tMUUhyajZ3Rnh0dnVmQStXdFVLWUpHVXUycC9xU3VhdzdlUzZVRmpVbjQ5YVZxZzlPYWNDQXdFQUFhTktNRWd3UmdZRFZSMEJCRDh3UFlBUTEvUzBpYmR2ZmRGa0o5VDlvSVBsdUtFWE1CVXhFekFSQmdOVkJBTVRDbmQzZHk1emNDNWpiMjJDRUFobm9YM0o3K3ErVE12MzU2MjN3M293RFFZSktvWklodmNOQVFFTEJRQURnZ0VCQUFIbG1Wb0FaVXQ2cGFlRnZ0UWJjL2lhSmUvRmhkK0pHMVUwanlqbEZEY0NuOGVyTGloRWJoYjNtRkJCTUYyNW9PNjdnZkExSkpYWnJtSHJ5M05sT1p1b3ZxUnFtOHY3d2c4bjBuUWExSFVXa1VDMlRCZ2ZnMUhFOC8ycm1TRjJQbmdpRWkxOFZPeFJEeHgwV1hNTlpYNkplYkoxa0NPQ3BUL3g3YXVwUzdUMUdySVBtREx4am5DOUJldDdwUnluZm9talAvNmlVMjEveE9JRjZ4QjlZZjFhL2tRYllkQVZ0MmhhWUtJZnZhRjN4c3ExWDV0Q1hjOWlqaEJNZ3lhb3FBK2JRSkQvbDNTOCt5Q21NeEVZWmpBVkxFa3lHbFU0VXdvMDFjS0VZYlhJRy9ZVnErNENhSVJ4SWZNdlYrajhnelRMSFRYSStwSEVNZk1oeVlhMHB6TT08L1g1MDlDZXJ0aWZpY2F0ZT48L1g1MDlEYXRhPjwvS2V5SW5mbz48L1NpZ25hdHVyZT48c2FtbHA6TmFtZUlEUG9saWN5IEZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6MS4xOm5hbWVpZC1mb3JtYXQ6dW5zcGVjaWZpZWQiIEFsbG93Q3JlYXRlPSJ0cnVlIiAvPjwvc2FtbHA6QXV0aG5SZXF1ZXN0Pg%3D%3D&RelayState=%2F
The SAMLRequest=… I included above is using the HTTP-Post binding.
It’s the post data sent by the browser to the IdP.
The log shows the HTML returned in the HTTP response.
What you should look at is the resulting HTTP Post to the IdP.
This definitely is encoded correctly.