ADFS Signed Assertion not valid

Hello all,
First time setting up ADFS and SAML SSO. Have setup a normal SAML SSO situation many times without problems. But ADFS is a different animal.
So, I receive the SAML response just fine. I load the Idp certificate, get the signed assertion list and attempt to call the SAMLAssertionSignature.Verify();

But it always fails with the following trace:

System.Security.Cryptography.Xml.SignedXml Information: 1 : [SignedAssertion#02a3cd2b, BeginCheckSignatureFormat] Checking signature format using format validator “[System.Security, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a] System.Security.Cryptography.Xml.SignedXml.DefaultSignatureFormatValidator”.
System.Security.Cryptography.Xml.SignedXml Information: 6 : [SignedAssertion#02a3cd2b, FormatValidationResult] Signature format validation was successful.
System.Security.Cryptography.Xml.SignedXml Information: 2 : [SignedAssertion#02a3cd2b, BeginCheckSignedInfo] Checking signature on SignedInfo with id “(null)”.
System.Security.Cryptography.Xml.SignedXml Information: 7 : [SignedAssertion#02a3cd2b, NamespacePropagation] Propagating namespace xmlns=“urn:oasis:names:tc:SAML:2.0:assertion”.
System.Security.Cryptography.Xml.SignedXml Information: 7 : [SignedAssertion#02a3cd2b, NamespacePropagation] Propagating namespace xmlns:samlp=“urn:oasis:names:tc:SAML:2.0:protocol”.
System.Security.Cryptography.Xml.SignedXml Information: 0 : [SignedAssertion#02a3cd2b, BeginCanonicalization] Beginning canonicalization using “http://www.w3.org/2001/10/xml-exc-c14n#” (XmlDsigExcC14NTransform).
System.Security.Cryptography.Xml.SignedXml Verbose: 0 : [SignedAssertion#02a3cd2b, BeginCanonicalization] Canonicalization transform is using resolver System.Xml.XmlSecureResolver and base URI “”.
System.Security.Cryptography.Xml.SignedXml Verbose: 5 : [SignedAssertion#02a3cd2b, CanonicalizedData] Output of canonicalization transform: <ds:SignedInfo xmlns:ds=“ds:CanonicalizationMethod"http://www.w3.org/2000/09/xmldsig#”><ds:CanonicalizationMethod Algorithm=“</ds:CanonicalizationMethod>ds:SignatureMethod"http://www.w3.org/2001/10/xml-exc-c14n#”></ds:CanonicalizationMethod><ds:SignatureMethod Algorithm=“</ds:SignatureMethod>ds:Reference"http://www.w3.org/2000/09/xmldsig#rsa-sha1”></ds:SignatureMethod><ds:Reference URI=“#_0e2301d9-043f-44eb-93a7-79baaa95762a”>ds:Transforms<ds:Transform Algorithm=“</ds:Transform>ds:Transform"http://www.w3.org/2000/09/xmldsig#enveloped-signature”></ds:Transform><ds:Transform Algorithm=“</ds:Transform></ds:Transforms>ds:DigestMethod"http://www.w3.org/2001/10/xml-exc-c14n#”></ds:Transform></ds:Transforms><ds:DigestMethod Algorithm=“</ds:DigestMethod>ds:DigestValue5IWC6rKOMwOlceXtqwhPx6OyeBk=</ds:DigestValue></ds:Reference></ds:SignedInfo”>http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>ds:DigestValue5IWC6rKOMwOlceXtqwhPx6OyeBk=</ds:DigestValue></ds:Reference></ds:SignedInfo>
System.Security.Cryptography.Xml.SignedXml Information: 14 : [SignedAssertion#02a3cd2b, VerifySignedInfo] Verifying SignedInfo using key RSACryptoServiceProvider#01ff0934, signature description RSAPKCS1SHA1SignatureDescription, hash algorithm SHA1CryptoServiceProvider, and asymmetric signature deformatter RSAPKCS1SignatureDeformatter.
System.Security.Cryptography.Xml.SignedXml Verbose: 14 : [SignedAssertion#02a3cd2b, VerifySignedInfo] Actual hash value: 7e6dc9881e5fc80c735abd527535667ec1d8229c
System.Security.Cryptography.Xml.SignedXml Verbose: 14 : [SignedAssertion#02a3cd2b, VerifySignedInfo] Raw signature: 26f056a4b7e278c03a4b0c97356c4a13953f686f98e338e4c7f7abc33badfef3f8498012f24e7ef0d48b7f2c11424328a6c27e58beae0e4cb0115730a0d41ef22d69e6a5e93b3dad75dad139e2087a64e1b448addfd4cc765b2e8e84db40148063656966962eb3fcc7fc23a763a856e4a8325c7ccd937e72cd2e648387e9bf3d86132faabaf4a8400b671daad6c4b3533bc61957127d7e8b507574c10587e41c48c9b56d9ee8a28672dcf1aee60590ecbe232b3bdfcffb32215ad06a1955897533e405f3247179af4bb0571e62a18dbaef1295274e27405e14c438c02feee474365db306ce00477db81b5b29a40fb48b1b17b3934c608e4073637837ee55f49f
System.Security.Cryptography.Xml.SignedXml Information: 12 : [SignedAssertion#02a3cd2b, VerificationFailure] Verification failed checking SignedInfo.

Is this a problem on my side (Service Provider) or is the ADFS server failing to send me the correct information?
Thanks very much in advance!

Please enable SAML trace and send the generated log file as an email attachment to support@componentspace.com.
http://www.componentspace.com/Forums/17/Enabing-SAML-Trace

Also include a section of code showing how you extract the SAML assertion from the SAML response through to the call to verify the signature.
Thanks.

Here is the code that gets the assertions:

// Deserialize the XML.
samlResponse = new SAMLResponse(samlResponseXml);

//Validate the Response Signature or Assertion
List assertionList = new List();
if (SAMLMessageSignature.IsSigned(samlResponseXml))
{
//Verify the response’s signature.
if (!verifySignature(samlResponseXml, false))
{ throw new Exception(“The SAML response signature failed to verify.”); }
}

//get the signed assertions
IList signedAssertions = samlResponse.GetSignedAssertions();

if (signedAssertions.Count > 0)
{
foreach (XmlElement xe in signedAssertions)
{
//Verify the assertion signature.
if (!verifySignedAssertion(xe))
{ throw new Exception(“The SAML response assertion failed to verify.”); }
SAMLAssertion sa = new SAMLAssertion(xe);
assertionList.Add(sa);
}
}


Here is the trace log:

ComponentSpace.SAML2 Verbose: 0 : 1:21:51 PM: ComponentSpace.SAML2, Version=2.4.0.13, Culture=neutral, PublicKeyToken=7c51d97b3a0a8ff9
ComponentSpace.SAML2 Verbose: 0 : 1:21:51 PM: Receiving response over HTTP POST
ComponentSpace.SAML2 Verbose: 0 : 1:21:51 PM: HTTP request:
POST /services/saml/acs.aspx HTTP/1.1
Connection: keep-alive
Content-Length: 5201
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.5
Cookie: __utma=254488144.1244786834.1343853137.1377807478.1377811815.13; __utmv=254488144.|1=user_ip=108.20.64.98=1; imReadForumTopicIds_seouser=5; .ASPXANONYMOUS=qzAz8j8baNkwGBqxVuH2XH19JhtUqLacUVKizDZ35dhGupSY05JDL7RjcKQcAmIoFseUsXQ7fobMK5MSQ3R46XEuOLLy9–PU4MXLIQhm1nm0ldCBIKWt8SQYWI0BHpXnE8zcZhFR1bnwTqhs31DHPg0B481; LOYSAuthCookie=D0A91DA2FA3788901FB97D4F7D6ABBA56B461DCD05326F1EC3A2B4743D041E5F4A1687AF0BC9C4A359D9FF2842D039FA6057EFB858AD700B3E547349A9B49C228EB7C74F66F0F5AFBDE562DC1D0B37582EDA35CD86EB817393A45EA5788882B78AD0291DC463176700AD3E84897E58D8; ASP.NET_SessionId=eqirwqrzoqud4l5lmdozfa4p
Host: test.serviceprovider.com
Referer: https://adfstest.idp.com/adfs/ls/?SAMLRequest=7b0HYBxJliUmL23Ke39K9UrX4HShCIBgEyTYkEAQ7MGIzeaS7B1pRyMpqyqBymVWZV1mFkDM7Z28995777333nvvvfe6O51OJ%2fff%2fz9cZmQBbPbOStrJniGAqsgfP358Hz8iHjfZolw9Ol638%2bWr%2fBet86ZNz55%2b9tHv%2f2n%2bcG93cn5%2fOzuYfrq9v%2fNgf%2ftgMptuHzzM83v3DvLp%2fnT%2fo%2fQn87opquVnH%2b2Ndz5Kz5pmnZ8tmzZbtvTRzu7%2b9s7B9u69NzsHj%2fZ2H%2b3ujff2H%2fzUR%2blT6qVYZi2%2fOW%2fbVfPo7t1sdt609MW4rKq369X2qs6nBYCPp9WCv71bNnc%2fSk%2bqZZMD%2frpePqqypmgeLbNF3jxqp49eH3%2fx%2fBGh8mgqjR6tl82KwJwX%2beyj9N2iXDaPeMCb317VVVtNq%2fKjo8c8pFpe3fxS1jR5jSF9dIQh3W5E9MplMc2bu229btrHd6W7o8c0yFkBYM17dv34eD0r8uU0f0Ud18UUn7oPj9bLt8vqavn4rv3E%2fRq8cddhQH%2f0meTo%2fwE%3d&Signature=jZFmMoe6Heu%2fvTirSGvkFRZj37%2fAUXZXxE0hijPS2GS15e1cxHCPAQQrRoOu39FcKpUKXYHBvfs9s%2bZ9XHiWokB6JNCcr%2f8m7M9751z5L0TKn0DAAmulO%2fCfwPU8bIt8SEmUEGzTT7WEzLD7NfQcRid1WrIt294sGFK95qwqoab3PzVgdhCdnOLIPPOV8CBBixO%2f%2fA67CZKCvNiLrszhewYYvtEW6rfmginIcVrHPLgCxS0gWgE07rm5WC37B%2bnD6SMNSPvPoT3ilxUFjvUCULKneoWm9zSxOerUI%2bGu18xo55w2gWhmhOtbRTtJeVPsmBPV1dVTb71cXRfAxBV4ow%3d%3d&SigAlg=http%3a%2f%2fwww.w3.org%2f2001%2f04%2fxmldsig-more%23rsa-sha256
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Firefox/31.0
DNT: 1

SAMLResponse=PHNhbWxwOlJlc3BvbnNlIElEPSJfNjlhN2U3NzYtZGRiYy00M2FiLThmOTEtYzc3ZGYwOWUwZmJiIiBWZXJzaW9uPSIyLjAiIElzc3VlSW5zdGFudD0iMjAxNC0wOC0xM1QwODoyMToxMi40MzBaIiBEZXN0aW5hdGlvbj0iaHR0cHM6Ly9lbmdkZW1vMDEuaW5tYWdpYy5jb20vcHJlc3RvM18xL3NlcnZpY2VzL3NhbWwvYWNzLmFzcHgiIENvbnNlbnQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpjb25zZW50OnVuc3BlY2lmaWVkIiB4bWxuczpzYW1scD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnByb3RvY29sIj48SXNzdWVyIHhtbG5zPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIj5odHRwOi8vYWRmc3Rlc3QubG9va3VwLXByZWNpc2lvbi5jb20vYWRmcy9zZXJ2aWNlcy90cnVzdDwvSXNzdWVyPjxzYW1scDpTdGF0dXM%2BPHNhbWxwOlN0YXR1c0NvZGUgVmFsdWU9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpzdGF0dXM6U3VjY2VzcyIgLz48L3NhbWxwOlN0YXR1cz48QXNzZXJ0aW9uIElEPSJfMGUyMzAxZDktMDQzZi00NGViLTkzYTctNzliYWFhOTU3NjJhIiBJc3N1ZUluc3RhbnQ9IjIwMTQtMDgtMTNUMDg6MjE6MTIuNDI5WiIgVmVyc2lvbj0iMi4wIiB4bWxucz0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFzc2VydGlvbiI%2BPElzc3Vlcj5odHRwOi8vYWRmc3Rlc3QubG9va3VwLXByZWNpc2lvbi5jb20vYWRmcy9zZXJ2aWNlcy90cnVzdDwvSXNzdWVyPjxkczpTaWduYXR1cmUgeG1sbnM6ZHM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiPjxkczpTaWduZWRJbmZvPjxkczpDYW5vbmljYWxpemF0aW9uTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8xMC94bWwtZXhjLWMxNG4jIiAvPjxkczpTaWduYXR1cmVNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjcnNhLXNoYTEiIC8%2BPGRzOlJlZmVyZW5jZSBVUkk9IiNfMGUyMzAxZDktMDQzZi00NGViLTkzYTctNzliYWFhOTU3NjJhIj48ZHM6VHJhbnNmb3Jtcz48ZHM6VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI2VudmVsb3BlZC1zaWduYXR1cmUiIC8%2BPGRzOlRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIgLz48L2RzOlRyYW5zZm9ybXM%2BPGRzOkRpZ2VzdE1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNzaGExIiAvPjxkczpEaWdlc3RWYWx1ZT41SVdDNnJLT013T2xjZVh0cXdoUHg2T3llQms9PC9kczpEaWdlc3RWYWx1ZT48L2RzOlJlZmVyZW5jZT48L2RzOlNpZ25lZEluZm8%2BPGRzOlNpZ25hdHVyZVZhbHVlPkp2QldwTGZpZU1BNlN3eVhOV3hLRTVVL2FHK1k0empreC9lcnd6dXQvdlA0U1lBUzhrNSs4TlNMZnl3UlFrTW9wc0orV0w2dURreXdFVmN3b05RZThpMXA1cVhwT3oydGRkclJPZUlJZW1UaHRFaXQzOVRNZGxzdWpvVGJRQlNBWTJWcFpwWXVzL3pIL0NPblk2aFc1S2d5WEh6TmszNXl6UzVrZzRmcHZ6MkdFeStxdXZTb1FBdG5IYXJXeExOVE84WVpWeEo5Zm90UWRYVEJCWWZrSEVqSnRXMmU2S0tHY3R6eHJ1WUZrT3krSXlzNzM4LzdNaUZhMEdvWlZZbDFNK1FGOHlSeGVhOUxzRmNlWXFHTnV1OFNsU2RPSjBCZUZNUTR3Qy91NUhRMlhiTUd6Z0JIZmJnYld5bWtEN1NMR3hlemsweGdqa0J6WTNnMzdsWDBudz09PC9kczpTaWduYXR1cmVWYWx1ZT48S2V5SW5mbyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyI%2BPGRzOlg1MDlEYXRhPjxkczpYNTA5Q2VydGlmaWNhdGU%2BTUlJQzlqQ0NBZDZnQXdJQkFnSVFiZlZHalRuTHhMNUtxeURQVVZvemJEQU5CZ2txaGtpRzl3MEJBUXNGQURBM01UVXdNd1lEVlFRREV5eEJSRVpUSUZOcFoyNXBibWNnTFNCaFpHWnpkR1Z6ZEM1c2IyOXJkWEF0Y0hKbFkybHphVzl1TG1OdmJUQWVGdzB4TkRBNE1Ea3hNREU1TVRCYUZ3MHhOVEE0TURreE1ERTVNVEJhTURjeE5UQXpCZ05WQkFNVExFRkVSbE1nVTJsbmJtbHVaeUF0SUdGa1puTjBaWE4wTG14dmIydDFjQzF3Y21WamFYTnBiMjR1WTI5dE1JSUJJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBUThBTUlJQkNnS0NBUUVBbWhPWDZXKzBJbXNEc1JpcndHSUV1eGx2WUs4ZHN5Yi9jUzNkemJ2Q3VXZzVSL3N5YjFUTFpxLzJoSyt2OEVsMm5ZaVQ3WGk2b282NExhUXhmeC9NQldxQVdIQUxtM1BQdTJmOFdrS2ZWNEpZSDdSUjg1WkxoenVzczdyTk1reDNXMGV5UFhvcWFqbU5SUFc3RjIyNkxPNXczekxHdUZJSVdoaElCaCs1ckROWE9HS1phNHptZzZadjBwUGQ5QnYzcDI0TjBudDVUNmRDdVRrcXluY004NmEyOGtia1B4WUlyQWt6Y2Z1MUgvd3pENkJWSkJLN0pXMTNvZDZGdDJCNzFYZXlWNmN0VHJBSkxEelczTXVNZU9FekZNNnRhRzV3NFdDL0RNdndYZWlySHJXRVo1UFArV2FoTXVYMXEvZWF0TmYxQXVkVUtJcFRVVlFLcjBvd1pRSURBUUFCTUEwR0NTcUdTSWIzRFFFQkN3VUFBNElCQVFCa2pZcjZ5SlhKTndUVU1rY1Uvem5UM3Z3RGliY2wxdHFKUUpMNWJZdFRnWjdId3Zwdm5jZXJMblZDMFZuSXc0WW90WU1zc2dLL0hzWEhUMUcveTJ2T1ozeGF4OUF1dUtjbk5taGlycnYwWGhkR0lzOUsxY2hDb2h5azRvbFZNZldYaW9PcnQyT2dBK3NidVM1MTBJZVdOY2o2Mm5ibFNXV25QWkRwdCs3anZ6ZG5kZFlCK0tHaWEvc1Z6OGJvZTAxMFV2bHNUQ2NGd1BybVB5YmRzZ056Y2gySUJsUUdscThSclpTV3pyaGpsK0F2UkVCUWZ5NEJRRmFtSkZ1L1J5bis5TWlDV0ZBeFpOekpYL3lObWF0WEpCQ0JYYkVkc1pMaFRsR2dsSFJJeG1nS0wzRkVES0VFWlV4dUdVZHpLRlFRVVBCTXlVQjM5RTQ2RGFTN1phNU88L2RzOlg1MDlDZXJ0aWZpY2F0ZT48L2RzOlg1MDlEYXRhPjwvS2V5SW5mbz48L2RzOlNpZ25hdHVyZT48U3ViamVjdD48U3ViamVjdENvbmZpcm1hdGlvbiBNZXRob2Q9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpjbTpiZWFyZXIiPjxTdWJqZWN0Q29uZmlybWF0aW9uRGF0YSBOb3RPbk9yQWZ0ZXI9IjIwMTQtMDgtMTNUMDg6MjY6MTIuNDMwWiIgUmVjaXBpZW50PSJodHRwczovL2VuZ2RlbW8wMS5pbm1hZ2ljLmNvbS9wcmVzdG8zXzEvc2VydmljZXMvc2FtbC9hY3MuYXNweCIgLz48L1N1YmplY3RDb25maXJtYXRpb24%2BPC9TdWJqZWN0PjxDb25kaXRpb25zIE5vdEJlZm9yZT0iMjAxNC0wOC0xM1QwODoyMToxMi40MjdaIiBOb3RPbk9yQWZ0ZXI9IjIwMTQtMDgtMTNUMDk6MjE6MTIuNDI3WiI%2BPEF1ZGllbmNlUmVzdHJpY3Rpb24%2BPEF1ZGllbmNlPnVua25vd248L0F1ZGllbmNlPjwvQXVkaWVuY2VSZXN0cmljdGlvbj48L0NvbmRpdGlvbnM%2BPEF0dHJpYnV0ZVN0YXRlbWVudD48QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDUvaWRlbnRpdHkvY2xhaW1zL2dpdmVubmFtZSI%2BPEF0dHJpYnV0ZVZhbHVlPkpvZTwvQXR0cmlidXRlVmFsdWU%2BPC9BdHRyaWJ1dGU%2BPEF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9zdXJuYW1lIj48QXR0cmlidXRlVmFsdWU%2BVXNlcjwvQXR0cmlidXRlVmFsdWU%2BPC9BdHRyaWJ1dGU%2BPC9BdHRyaWJ1dGVTdGF0ZW1lbnQ%2BPEF1dGhuU3RhdGVtZW50IEF1dGhuSW5zdGFudD0iMjAxNC0wOC0xM1QwNTozNTo0Ny45MTlaIj48QXV0aG5Db250ZXh0PjxBdXRobkNvbnRleHRDbGFzc1JlZj51cm46ZmVkZXJhdGlvbjphdXRoZW50aWNhdGlvbjp3aW5kb3dzPC9BdXRobkNvbnRleHRDbGFzc1JlZj48L0F1dGhuQ29udGV4dD48L0F1dGhuU3RhdGVtZW50PjwvQXNzZXJ0aW9uPjwvc2FtbHA6UmVzcG9uc2U%2B
ComponentSpace.SAML2 Verbose: 0 : 1:21:51 PM: Form variable SAMLResponse=PHNhbWxwOlJlc3BvbnNlIElEPSJfNjlhN2U3NzYtZGRiYy00M2FiLThmOTEtYzc3ZGYwOWUwZmJiIiBWZXJzaW9uPSIyLjAiIElzc3VlSW5zdGFudD0iMjAxNC0wOC0xM1QwODoyMToxMi40MzBaIiBEZXN0aW5hdGlvbj0iaHR0cHM6Ly9lbmdkZW1vMDEuaW5tYWdpYy5jb20vcHJlc3RvM18xL3NlcnZpY2VzL3NhbWwvYWNzLmFzcHgiIENvbnNlbnQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpjb25zZW50OnVuc3BlY2lmaWVkIiB4bWxuczpzYW1scD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnByb3RvY29sIj48SXNzdWVyIHhtbG5zPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIj5odHRwOi8vYWRmc3Rlc3QubG9va3VwLXByZWNpc2lvbi5jb20vYWRmcy9zZXJ2aWNlcy90cnVzdDwvSXNzdWVyPjxzYW1scDpTdGF0dXM+PHNhbWxwOlN0YXR1c0NvZGUgVmFsdWU9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpzdGF0dXM6U3VjY2VzcyIgLz48L3NhbWxwOlN0YXR1cz48QXNzZXJ0aW9uIElEPSJfMGUyMzAxZDktMDQzZi00NGViLTkzYTctNzliYWFhOTU3NjJhIiBJc3N1ZUluc3RhbnQ9IjIwMTQtMDgtMTNUMDg6MjE6MTIuNDI5WiIgVmVyc2lvbj0iMi4wIiB4bWxucz0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFzc2VydGlvbiI+PElzc3Vlcj5odHRwOi8vYWRmc3Rlc3QubG9va3VwLXByZWNpc2lvbi5jb20vYWRmcy9zZXJ2aWNlcy90cnVzdDwvSXNzdWVyPjxkczpTaWduYXR1cmUgeG1sbnM6ZHM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiPjxkczpTaWduZWRJbmZvPjxkczpDYW5vbmljYWxpemF0aW9uTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8xMC94bWwtZXhjLWMxNG4jIiAvPjxkczpTaWduYXR1cmVNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjcnNhLXNoYTEiIC8+PGRzOlJlZmVyZW5jZSBVUkk9IiNfMGUyMzAxZDktMDQzZi00NGViLTkzYTctNzliYWFhOTU3NjJhIj48ZHM6VHJhbnNmb3Jtcz48ZHM6VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI2VudmVsb3BlZC1zaWduYXR1cmUiIC8+PGRzOlRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIgLz48L2RzOlRyYW5zZm9ybXM+PGRzOkRpZ2VzdE1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNzaGExIiAvPjxkczpEaWdlc3RWYWx1ZT41SVdDNnJLT013T2xjZVh0cXdoUHg2T3llQms9PC9kczpEaWdlc3RWYWx1ZT48L2RzOlJlZmVyZW5jZT48L2RzOlNpZ25lZEluZm8+PGRzOlNpZ25hdHVyZVZhbHVlPkp2QldwTGZpZU1BNlN3eVhOV3hLRTVVL2FHK1k0empreC9lcnd6dXQvdlA0U1lBUzhrNSs4TlNMZnl3UlFrTW9wc0orV0w2dURreXdFVmN3b05RZThpMXA1cVhwT3oydGRkclJPZUlJZW1UaHRFaXQzOVRNZGxzdWpvVGJRQlNBWTJWcFpwWXVzL3pIL0NPblk2aFc1S2d5WEh6TmszNXl6UzVrZzRmcHZ6MkdFeStxdXZTb1FBdG5IYXJXeExOVE84WVpWeEo5Zm90UWRYVEJCWWZrSEVqSnRXMmU2S0tHY3R6eHJ1WUZrT3krSXlzNzM4LzdNaUZhMEdvWlZZbDFNK1FGOHlSeGVhOUxzRmNlWXFHTnV1OFNsU2RPSjBCZUZNUTR3Qy91NUhRMlhiTUd6Z0JIZmJnYld5bWtEN1NMR3hlemsweGdqa0J6WTNnMzdsWDBudz09PC9kczpTaWduYXR1cmVWYWx1ZT48S2V5SW5mbyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyI+PGRzOlg1MDlEYXRhPjxkczpYNTA5Q2VydGlmaWNhdGU+TUlJQzlqQ0NBZDZnQXdJQkFnSVFiZlZHalRuTHhMNUtxeURQVVZvemJEQU5CZ2txaGtpRzl3MEJBUXNGQURBM01UVXdNd1lEVlFRREV5eEJSRVpUSUZOcFoyNXBibWNnTFNCaFpHWnpkR1Z6ZEM1c2IyOXJkWEF0Y0hKbFkybHphVzl1TG1OdmJUQWVGdzB4TkRBNE1Ea3hNREU1TVRCYUZ3MHhOVEE0TURreE1ERTVNVEJhTURjeE5UQXpCZ05WQkFNVExFRkVSbE1nVTJsbmJtbHVaeUF0SUdGa1puTjBaWE4wTG14dmIydDFjQzF3Y21WamFYTnBiMjR1WTI5dE1JSUJJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBUThBTUlJQkNnS0NBUUVBbWhPWDZXKzBJbXNEc1JpcndHSUV1eGx2WUs4ZHN5Yi9jUzNkemJ2Q3VXZzVSL3N5YjFUTFpxLzJoSyt2OEVsMm5ZaVQ3WGk2b282NExhUXhmeC9NQldxQVdIQUxtM1BQdTJmOFdrS2ZWNEpZSDdSUjg1WkxoenVzczdyTk1reDNXMGV5UFhvcWFqbU5SUFc3RjIyNkxPNXczekxHdUZJSVdoaElCaCs1ckROWE9HS1phNHptZzZadjBwUGQ5QnYzcDI0TjBudDVUNmRDdVRrcXluY004NmEyOGtia1B4WUlyQWt6Y2Z1MUgvd3pENkJWSkJLN0pXMTNvZDZGdDJCNzFYZXlWNmN0VHJBSkxEelczTXVNZU9FekZNNnRhRzV3NFdDL0RNdndYZWlySHJXRVo1UFArV2FoTXVYMXEvZWF0TmYxQXVkVUtJcFRVVlFLcjBvd1pRSURBUUFCTUEwR0NTcUdTSWIzRFFFQkN3VUFBNElCQVFCa2pZcjZ5SlhKTndUVU1rY1Uvem5UM3Z3RGliY2wxdHFKUUpMNWJZdFRnWjdId3Zwdm5jZXJMblZDMFZuSXc0WW90WU1zc2dLL0hzWEhUMUcveTJ2T1ozeGF4OUF1dUtjbk5taGlycnYwWGhkR0lzOUsxY2hDb2h5azRvbFZNZldYaW9PcnQyT2dBK3NidVM1MTBJZVdOY2o2Mm5ibFNXV25QWkRwdCs3anZ6ZG5kZFlCK0tHaWEvc1Z6OGJvZTAxMFV2bHNUQ2NGd1BybVB5YmRzZ056Y2gySUJsUUdscThSclpTV3pyaGpsK0F2UkVCUWZ5NEJRRmFtSkZ1L1J5bis5TWlDV0ZBeFpOekpYL3lObWF0WEpCQ0JYYkVkc1pMaFRsR2dsSFJJeG1nS0wzRkVES0VFWlV4dUdVZHpLRlFRVVBCTXlVQjM5RTQ2RGFTN1phNU88L2RzOlg1MDlDZXJ0aWZpY2F0ZT48L2RzOlg1MDlEYXRhPjwvS2V5SW5mbz48L2RzOlNpZ25hdHVyZT48U3ViamVjdD48U3ViamVjdENvbmZpcm1hdGlvbiBNZXRob2Q9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpjbTpiZWFyZXIiPjxTdWJqZWN0Q29uZmlybWF0aW9uRGF0YSBOb3RPbk9yQWZ0ZXI9IjIwMTQtMDgtMTNUMDg6MjY6MTIuNDMwWiIgUmVjaXBpZW50PSJodHRwczovL2VuZ2RlbW8wMS5pbm1hZ2ljLmNvbS9wcmVzdG8zXzEvc2VydmljZXMvc2FtbC9hY3MuYXNweCIgLz48L1N1YmplY3RDb25maXJtYXRpb24+PC9TdWJqZWN0PjxDb25kaXRpb25zIE5vdEJlZm9yZT0iMjAxNC0wOC0xM1QwODoyMToxMi40MjdaIiBOb3RPbk9yQWZ0ZXI9IjIwMTQtMDgtMTNUMDk6MjE6MTIuNDI3WiI+PEF1ZGllbmNlUmVzdHJpY3Rpb24+PEF1ZGllbmNlPnVua25vd248L0F1ZGllbmNlPjwvQXVkaWVuY2VSZXN0cmljdGlvbj48L0NvbmRpdGlvbnM+PEF0dHJpYnV0ZVN0YXRlbWVudD48QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDUvaWRlbnRpdHkvY2xhaW1zL2dpdmVubmFtZSI+PEF0dHJpYnV0ZVZhbHVlPkpvZTwvQXR0cmlidXRlVmFsdWU+PC9BdHRyaWJ1dGU+PEF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9zdXJuYW1lIj48QXR0cmlidXRlVmFsdWU+VXNlcjwvQXR0cmlidXRlVmFsdWU+PC9BdHRyaWJ1dGU+PC9BdHRyaWJ1dGVTdGF0ZW1lbnQ+PEF1dGhuU3RhdGVtZW50IEF1dGhuSW5zdGFudD0iMjAxNC0wOC0xM1QwNTozNTo0Ny45MTlaIj48QXV0aG5Db250ZXh0PjxBdXRobkNvbnRleHRDbGFzc1JlZj51cm46ZmVkZXJhdGlvbjphdXRoZW50aWNhdGlvbjp3aW5kb3dzPC9BdXRobkNvbnRleHRDbGFzc1JlZj48L0F1dGhuQ29udGV4dD48L0F1dGhuU3RhdGVtZW50PjwvQXNzZXJ0aW9uPjwvc2FtbHA6UmVzcG9uc2U+
ComponentSpace.SAML2 Verbose: 0 : 1:21:51 PM: Received SAML message: <samlp:Response ID=“_69a7e776-ddbc-43ab-8f91-c77df09e0fbb” Version=“2.0” IssueInstant=“2014-08-13T08:21:12.430Z” Destination=“https://test.serviceprovider.com/services/saml/acs.aspx” Consent=“urn:oasis:names:tc:SAML:2.0:consent:unspecified” xmlns:samlp=“urn:oasis:names:tc:SAML:2.0:protocol”>http://adfstest.lookup-precision.com/adfs/services/trustsamlp:Status<samlp:StatusCode Value=“urn:oasis:names:tc:SAML:2.0:status:Success” /></samlp:Status>http://adfstest.lookup-precision.com/adfs/services/trust<ds:Signature xmlns:ds=“ds:SignedInfods:CanonicalizationMethod"http://www.w3.org/2000/09/xmldsig#”>ds:SignedInfo<ds:CanonicalizationMethod Algorithm=“http://www.w3.org/2001/10/xml-exc-c14n#” /><ds:SignatureMethod Algorithm=“http://www.w3.org/2000/09/xmldsig#rsa-sha1” /><ds:Reference URI=“#_0e2301d9-043f-44eb-93a7-79baaa95762a”>ds:Transforms<ds:Transform Algorithm=“http://www.w3.org/2000/09/xmldsig#enveloped-signature” /><ds:Transform Algorithm=“http://www.w3.org/2001/10/xml-exc-c14n#” /></ds:Transforms><ds:DigestMethod Algorithm=“http://www.w3.org/2000/09/xmldsig#sha1” />ds:DigestValue5IWC6rKOMwOlceXtqwhPx6OyeBk=</ds:DigestValue></ds:Reference></ds:SignedInfo>ds:SignatureValueJvBWpLfieMA6SwyXNWxKE5U/aG+Y4zjkx/erwzut/vP4SYAS8k5+8NSLfywRQkMopsJ+WL6uDkywEVcwoNQe8i1p5qXpOz2tddrROeIIemThtEit39TMdlsujoTbQBSAY2VpZpYus/zH/COnY6hW5KgyXHzNk35yzS5kg4fpvz2GEy+quvSoQAtnHarWxLNTO8YZVxJ9fotQdXTBBYfkHEjJtW2e6KKGctzxruYFkOy+Iys738/7MiFa0GoZVYl1M+QF8yRxea9LsFceYqGNuu8SlSdOJ0BeFMQ4wC/u5HQ2XbMGzgBHfbgbWymkD7SLGxezk0xgjkBzY3g37lX0nw==</ds:SignatureValue>ds:X509Datads:X509CertificateMIIC9jCCAd6gAwIBAgIQbfVGjTnLxL5KqyDPUVozbDANBgkqhkiG9w0BAQsFADA3MTUwMwYDVQQDEyxBREZTIFNpZ25pbmcgLSBhZGZzdGVzdC5sb29rdXAtcHJlY2lzaW9uLmNvbTAeFw0xNDA4MDkxMDE5MTBaFw0xNTA4MDkxMDE5MTBaMDcxNTAzBgNVBAMTLEFERlMgU2lnbmluZyAtIGFkZnN0ZXN0Lmxvb2t1cC1wcmVjaXNpb24uY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmhOX6W+0ImsDsRirwGIEuxlvYK8dsyb/cS3dzbvCuWg5R/syb1TLZq/2hK+v8El2nYiT7Xi6oo64LaQxfx/MBWqAWHALm3PPu2f8WkKfV4JYH7RR85ZLhzuss7rNMkx3W0eyPXoqajmNRPW7F226LO5w3zLGuFIIWhhIBh+5rDNXOGKZa4zmg6Zv0pPd9Bv3p24N0nt5T6dCuTkqyncM86a28kbkPxYIrAkzcfu1H/wzD6BVJBK7JW13od6Ft2B71XeyV6ctTrAJLDzW3MuMeOEzFM6taG5w4WC/DMvwXeirHrWEZ5PP+WahMuX1q/eatNf1AudUKIpTUVQKr0owZQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQBkjYr6yJXJNwTUMkcU/znT3vwDibcl1tqJQJL5bYtTgZ7HwvpvncerLnVC0VnIw4YotYMssgK/HsXHT1G/y2vOZ3xax9AuuKcnNmhirrv0XhdGIs9K1chCohyk4olVMfWXioOrt2OgA+sbuS510IeWNcj62nblSWWnPZDpt+7jvzdnddYB+KGia/sVz8boe010UvlsTCcFwPrmPybdsgNzch2IBlQGlq8RrZSWzrhjl+AvREBQfy4BQFamJFu/Ryn+9MiCWFAxZNzJX/yNmatXJBCBXbEdsZLhTlGglHRIxmgKL3FEDKEEZUxuGUdzKFQQUPBMyUB39E46DaS7Za5O</ds:X509Certificate></ds:X509Data></ds:Signature><SubjectConfirmation’>ds:X509Datads:X509CertificateMIIC9jCCAd6gAwIBAgIQbfVGjTnLxL5KqyDPUVozbDANBgkqhkiG9w0BAQsFADA3MTUwMwYDVQQDEyxBREZTIFNpZ25pbmcgLSBhZGZzdGVzdC5sb29rdXAtcHJlY2lzaW9uLmNvbTAeFw0xNDA4MDkxMDE5MTBaFw0xNTA4MDkxMDE5MTBaMDcxNTAzBgNVBAMTLEFERlMgU2lnbmluZyAtIGFkZnN0ZXN0Lmxvb2t1cC1wcmVjaXNpb24uY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmhOX6W+0ImsDsRirwGIEuxlvYK8dsyb/cS3dzbvCuWg5R/syb1TLZq/2hK+v8El2nYiT7Xi6oo64LaQxfx/MBWqAWHALm3PPu2f8WkKfV4JYH7RR85ZLhzuss7rNMkx3W0eyPXoqajmNRPW7F226LO5w3zLGuFIIWhhIBh+5rDNXOGKZa4zmg6Zv0pPd9Bv3p24N0nt5T6dCuTkqyncM86a28kbkPxYIrAkzcfu1H/wzD6BVJBK7JW13od6Ft2B71XeyV6ctTrAJLDzW3MuMeOEzFM6taG5w4WC/DMvwXeirHrWEZ5PP+WahMuX1q/eatNf1AudUKIpTUVQKr0owZQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQBkjYr6yJXJNwTUMkcU/znT3vwDibcl1tqJQJL5bYtTgZ7HwvpvncerLnVC0VnIw4YotYMssgK/HsXHT1G/y2vOZ3xax9AuuKcnNmhirrv0XhdGIs9K1chCohyk4olVMfWXioOrt2OgA+sbuS510IeWNcj62nblSWWnPZDpt+7jvzdnddYB+KGia/sVz8boe010UvlsTCcFwPrmPybdsgNzch2IBlQGlq8RrZSWzrhjl+AvREBQfy4BQFamJFu/Ryn+9MiCWFAxZNzJX/yNmatXJBCBXbEdsZLhTlGglHRIxmgKL3FEDKEEZUxuGUdzKFQQUPBMyUB39E46DaS7Za5O</ds:X509Certificate></ds:X509Data></ds:Signature><SubjectConfirmation">http://www.w3.org/2000/09/xmldsig#“>ds:X509Datads:X509CertificateMIIC9jCCAd6gAwIBAgIQbfVGjTnLxL5KqyDPUVozbDANBgkqhkiG9w0BAQsFADA3MTUwMwYDVQQDEyxBREZTIFNpZ25pbmcgLSBhZGZzdGVzdC5sb29rdXAtcHJlY2lzaW9uLmNvbTAeFw0xNDA4MDkxMDE5MTBaFw0xNTA4MDkxMDE5MTBaMDcxNTAzBgNVBAMTLEFERlMgU2lnbmluZyAtIGFkZnN0ZXN0Lmxvb2t1cC1wcmVjaXNpb24uY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmhOX6W+0ImsDsRirwGIEuxlvYK8dsyb/cS3dzbvCuWg5R/syb1TLZq/2hK+v8El2nYiT7Xi6oo64LaQxfx/MBWqAWHALm3PPu2f8WkKfV4JYH7RR85ZLhzuss7rNMkx3W0eyPXoqajmNRPW7F226LO5w3zLGuFIIWhhIBh+5rDNXOGKZa4zmg6Zv0pPd9Bv3p24N0nt5T6dCuTkqyncM86a28kbkPxYIrAkzcfu1H/wzD6BVJBK7JW13od6Ft2B71XeyV6ctTrAJLDzW3MuMeOEzFM6taG5w4WC/DMvwXeirHrWEZ5PP+WahMuX1q/eatNf1AudUKIpTUVQKr0owZQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQBkjYr6yJXJNwTUMkcU/znT3vwDibcl1tqJQJL5bYtTgZ7HwvpvncerLnVC0VnIw4YotYMssgK/HsXHT1G/y2vOZ3xax9AuuKcnNmhirrv0XhdGIs9K1chCohyk4olVMfWXioOrt2OgA+sbuS510IeWNcj62nblSWWnPZDpt+7jvzdnddYB+KGia/sVz8boe010UvlsTCcFwPrmPybdsgNzch2IBlQGlq8RrZSWzrhjl+AvREBQfy4BQFamJFu/Ryn+9MiCWFAxZNzJX/yNmatXJBCBXbEdsZLhTlGglHRIxmgKL3FEDKEEZUxuGUdzKFQQUPBMyUB39E46DaS7Za5O</ds:X509Certificate></ds:X509Data></ds:Signature><SubjectConfirmation Method=“urn:oasis:names:tc:SAML:2.0:cm:bearer”><SubjectConfirmationData NotOnOrAfter=“2014-08-13T08:26:12.430Z” Recipient=”https://test.serviceprovider.com/services/saml/acs.aspx" />unknownJoe<attribute’>Joe<Attribute">http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname">Joe<Attribute Name=“User<AuthnStatement”>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname">User<AuthnStatement AuthnInstant=“2014-08-13T05:35:47.919Z”>urn:federation:authentication:windows</samlp:Response>
ComponentSpace.SAML2 Verbose: 0 : 1:21:51 PM: Missing form variable RelayState
ComponentSpace.SAML2 Verbose: 0 : 1:21:51 PM: Received response over HTTP POST, samlMessage=<samlp:Response ID=“_69a7e776-ddbc-43ab-8f91-c77df09e0fbb” Version=“2.0” IssueInstant=“2014-08-13T08:21:12.430Z” Destination=“https://test.serviceprovider.com/services/saml/acs.aspx” Consent=“urn:oasis:names:tc:SAML:2.0:consent:unspecified” xmlns:samlp=“urn:oasis:names:tc:SAML:2.0:protocol”>http://adfstest.lookup-precision.com/adfs/services/trustsamlp:Status<samlp:StatusCode Value=“urn:oasis:names:tc:SAML:2.0:status:Success” /></samlp:Status>http://adfstest.lookup-precision.com/adfs/services/trust<ds:Signature xmlns:ds=“ds:SignedInfods:CanonicalizationMethod"http://www.w3.org/2000/09/xmldsig#”>ds:SignedInfo<ds:CanonicalizationMethod Algorithm=“http://www.w3.org/2001/10/xml-exc-c14n#” /><ds:SignatureMethod Algorithm=“http://www.w3.org/2000/09/xmldsig#rsa-sha1” /><ds:Reference URI=“#_0e2301d9-043f-44eb-93a7-79baaa95762a”>ds:Transforms<ds:Transform Algorithm=“http://www.w3.org/2000/09/xmldsig#enveloped-signature” /><ds:Transform Algorithm=“http://www.w3.org/2001/10/xml-exc-c14n#” /></ds:Transforms><ds:DigestMethod Algorithm=“http://www.w3.org/2000/09/xmldsig#sha1” />ds:DigestValue5IWC6rKOMwOlceXtqwhPx6OyeBk=</ds:DigestValue></ds:Reference></ds:SignedInfo>ds:SignatureValueJvBWpLfieMA6SwyXNWxKE5U/aG+Y4zjkx/erwzut/vP4SYAS8k5+8NSLfywRQkMopsJ+WL6uDkywEVcwoNQe8i1p5qXpOz2tddrROeIIemThtEit39TMdlsujoTbQBSAY2VpZpYus/zH/COnY6hW5KgyXHzNk35yzS5kg4fpvz2GEy+quvSoQAtnHarWxLNTO8YZVxJ9fotQdXTBBYfkHEjJtW2e6KKGctzxruYFkOy+Iys738/7MiFa0GoZVYl1M+QF8yRxea9LsFceYqGNuu8SlSdOJ0BeFMQ4wC/u5HQ2XbMGzgBHfbgbWymkD7SLGxezk0xgjkBzY3g37lX0nw==</ds:SignatureValue>ds:X509Datads:X509CertificateMIIC9jCCAd6gAwIBAgIQbfVGjTnLxL5KqyDPUVozbDANBgkqhkiG9w0BAQsFADA3MTUwMwYDVQQDEyxBREZTIFNpZ25pbmcgLSBhZGZzdGVzdC5sb29rdXAtcHJlY2lzaW9uLmNvbTAeFw0xNDA4MDkxMDE5MTBaFw0xNTA4MDkxMDE5MTBaMDcxNTAzBgNVBAMTLEFERlMgU2lnbmluZyAtIGFkZnN0ZXN0Lmxvb2t1cC1wcmVjaXNpb24uY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmhOX6W+0ImsDsRirwGIEuxlvYK8dsyb/cS3dzbvCuWg5R/syb1TLZq/2hK+v8El2nYiT7Xi6oo64LaQxfx/MBWqAWHALm3PPu2f8WkKfV4JYH7RR85ZLhzuss7rNMkx3W0eyPXoqajmNRPW7F226LO5w3zLGuFIIWhhIBh+5rDNXOGKZa4zmg6Zv0pPd9Bv3p24N0nt5T6dCuTkqyncM86a28kbkPxYIrAkzcfu1H/wzD6BVJBK7JW13od6Ft2B71XeyV6ctTrAJLDzW3MuMeOEzFM6taG5w4WC/DMvwXeirHrWEZ5PP+WahMuX1q/eatNf1AudUKIpTUVQKr0owZQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQBkjYr6yJXJNwTUMkcU/znT3vwDibcl1tqJQJL5bYtTgZ7HwvpvncerLnVC0VnIw4YotYMssgK/HsXHT1G/y2vOZ3xax9AuuKcnNmhirrv0XhdGIs9K1chCohyk4olVMfWXioOrt2OgA+sbuS510IeWNcj62nblSWWnPZDpt+7jvzdnddYB+KGia/sVz8boe010UvlsTCcFwPrmPybdsgNzch2IBlQGlq8RrZSWzrhjl+AvREBQfy4BQFamJFu/Ryn+9MiCWFAxZNzJX/yNmatXJBCBXbEdsZLhTlGglHRIxmgKL3FEDKEEZUxuGUdzKFQQUPBMyUB39E46DaS7Za5O</ds:X509Certificate></ds:X509Data></ds:Signature><SubjectConfirmation’>ds:X509Datads:X509CertificateMIIC9jCCAd6gAwIBAgIQbfVGjTnLxL5KqyDPUVozbDANBgkqhkiG9w0BAQsFADA3MTUwMwYDVQQDEyxBREZTIFNpZ25pbmcgLSBhZGZzdGVzdC5sb29rdXAtcHJlY2lzaW9uLmNvbTAeFw0xNDA4MDkxMDE5MTBaFw0xNTA4MDkxMDE5MTBaMDcxNTAzBgNVBAMTLEFERlMgU2lnbmluZyAtIGFkZnN0ZXN0Lmxvb2t1cC1wcmVjaXNpb24uY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmhOX6W+0ImsDsRirwGIEuxlvYK8dsyb/cS3dzbvCuWg5R/syb1TLZq/2hK+v8El2nYiT7Xi6oo64LaQxfx/MBWqAWHALm3PPu2f8WkKfV4JYH7RR85ZLhzuss7rNMkx3W0eyPXoqajmNRPW7F226LO5w3zLGuFIIWhhIBh+5rDNXOGKZa4zmg6Zv0pPd9Bv3p24N0nt5T6dCuTkqyncM86a28kbkPxYIrAkzcfu1H/wzD6BVJBK7JW13od6Ft2B71XeyV6ctTrAJLDzW3MuMeOEzFM6taG5w4WC/DMvwXeirHrWEZ5PP+WahMuX1q/eatNf1AudUKIpTUVQKr0owZQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQBkjYr6yJXJNwTUMkcU/znT3vwDibcl1tqJQJL5bYtTgZ7HwvpvncerLnVC0VnIw4YotYMssgK/HsXHT1G/y2vOZ3xax9AuuKcnNmhirrv0XhdGIs9K1chCohyk4olVMfWXioOrt2OgA+sbuS510IeWNcj62nblSWWnPZDpt+7jvzdnddYB+KGia/sVz8boe010UvlsTCcFwPrmPybdsgNzch2IBlQGlq8RrZSWzrhjl+AvREBQfy4BQFamJFu/Ryn+9MiCWFAxZNzJX/yNmatXJBCBXbEdsZLhTlGglHRIxmgKL3FEDKEEZUxuGUdzKFQQUPBMyUB39E46DaS7Za5O</ds:X509Certificate></ds:X509Data></ds:Signature><SubjectConfirmation">http://www.w3.org/2000/09/xmldsig#“>ds:X509Datads:X509CertificateMIIC9jCCAd6gAwIBAgIQbfVGjTnLxL5KqyDPUVozbDANBgkqhkiG9w0BAQsFADA3MTUwMwYDVQQDEyxBREZTIFNpZ25pbmcgLSBhZGZzdGVzdC5sb29rdXAtcHJlY2lzaW9uLmNvbTAeFw0xNDA4MDkxMDE5MTBaFw0xNTA4MDkxMDE5MTBaMDcxNTAzBgNVBAMTLEFERlMgU2lnbmluZyAtIGFkZnN0ZXN0Lmxvb2t1cC1wcmVjaXNpb24uY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmhOX6W+0ImsDsRirwGIEuxlvYK8dsyb/cS3dzbvCuWg5R/syb1TLZq/2hK+v8El2nYiT7Xi6oo64LaQxfx/MBWqAWHALm3PPu2f8WkKfV4JYH7RR85ZLhzuss7rNMkx3W0eyPXoqajmNRPW7F226LO5w3zLGuFIIWhhIBh+5rDNXOGKZa4zmg6Zv0pPd9Bv3p24N0nt5T6dCuTkqyncM86a28kbkPxYIrAkzcfu1H/wzD6BVJBK7JW13od6Ft2B71XeyV6ctTrAJLDzW3MuMeOEzFM6taG5w4WC/DMvwXeirHrWEZ5PP+WahMuX1q/eatNf1AudUKIpTUVQKr0owZQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQBkjYr6yJXJNwTUMkcU/znT3vwDibcl1tqJQJL5bYtTgZ7HwvpvncerLnVC0VnIw4YotYMssgK/HsXHT1G/y2vOZ3xax9AuuKcnNmhirrv0XhdGIs9K1chCohyk4olVMfWXioOrt2OgA+sbuS510IeWNcj62nblSWWnPZDpt+7jvzdnddYB+KGia/sVz8boe010UvlsTCcFwPrmPybdsgNzch2IBlQGlq8RrZSWzrhjl+AvREBQfy4BQFamJFu/Ryn+9MiCWFAxZNzJX/yNmatXJBCBXbEdsZLhTlGglHRIxmgKL3FEDKEEZUxuGUdzKFQQUPBMyUB39E46DaS7Za5O</ds:X509Certificate></ds:X509Data></ds:Signature><SubjectConfirmation Method=“urn:oasis:names:tc:SAML:2.0:cm:bearer”><SubjectConfirmationData NotOnOrAfter=“2014-08-13T08:26:12.430Z” Recipient=”https://test.serviceprovider.com/services/saml/acs.aspx" />unknownJoe<attribute’>Joe<Attribute">http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname">Joe<Attribute Name=“User<AuthnStatement”>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname">User<AuthnStatement AuthnInstant=“2014-08-13T05:35:47.919Z”>urn:federation:authentication:windows</samlp:Response>, relayState=
System.Security.Cryptography.Xml.SignedXml Information: 1 : [SignedAssertion#02a3cd2b, BeginCheckSignatureFormat] Checking signature format using format validator “[System.Security, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a] System.Security.Cryptography.Xml.SignedXml.DefaultSignatureFormatValidator”.
System.Security.Cryptography.Xml.SignedXml Information: 6 : [SignedAssertion#02a3cd2b, FormatValidationResult] Signature format validation was successful.
System.Security.Cryptography.Xml.SignedXml Information: 2 : [SignedAssertion#02a3cd2b, BeginCheckSignedInfo] Checking signature on SignedInfo with id “(null)”.
System.Security.Cryptography.Xml.SignedXml Information: 7 : [SignedAssertion#02a3cd2b, NamespacePropagation] Propagating namespace xmlns=“urn:oasis:names:tc:SAML:2.0:assertion”.
System.Security.Cryptography.Xml.SignedXml Information: 7 : [SignedAssertion#02a3cd2b, NamespacePropagation] Propagating namespace xmlns:samlp=“urn:oasis:names:tc:SAML:2.0:protocol”.
System.Security.Cryptography.Xml.SignedXml Information: 0 : [SignedAssertion#02a3cd2b, BeginCanonicalization] Beginning canonicalization using “http://www.w3.org/2001/10/xml-exc-c14n#” (XmlDsigExcC14NTransform).
System.Security.Cryptography.Xml.SignedXml Verbose: 0 : [SignedAssertion#02a3cd2b, BeginCanonicalization] Canonicalization transform is using resolver System.Xml.XmlSecureResolver and base URI “”.
System.Security.Cryptography.Xml.SignedXml Verbose: 5 : [SignedAssertion#02a3cd2b, CanonicalizedData] Output of canonicalization transform: <ds:SignedInfo xmlns:ds=“ds:CanonicalizationMethod"http://www.w3.org/2000/09/xmldsig#”><ds:CanonicalizationMethod Algorithm=“</ds:CanonicalizationMethod>ds:SignatureMethod"http://www.w3.org/2001/10/xml-exc-c14n#”></ds:CanonicalizationMethod><ds:SignatureMethod Algorithm=“</ds:SignatureMethod>ds:Reference"http://www.w3.org/2000/09/xmldsig#rsa-sha1”></ds:SignatureMethod><ds:Reference URI=“#_0e2301d9-043f-44eb-93a7-79baaa95762a”>ds:Transforms<ds:Transform Algorithm=“</ds:Transform>ds:Transform"http://www.w3.org/2000/09/xmldsig#enveloped-signature”></ds:Transform><ds:Transform Algorithm=“</ds:Transform></ds:Transforms>ds:DigestMethod"http://www.w3.org/2001/10/xml-exc-c14n#”></ds:Transform></ds:Transforms><ds:DigestMethod Algorithm=“</ds:DigestMethod>ds:DigestValue5IWC6rKOMwOlceXtqwhPx6OyeBk=</ds:DigestValue></ds:Reference></ds:SignedInfo”>http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>ds:DigestValue5IWC6rKOMwOlceXtqwhPx6OyeBk=</ds:DigestValue></ds:Reference></ds:SignedInfo>
System.Security.Cryptography.Xml.SignedXml Information: 14 : [SignedAssertion#02a3cd2b, VerifySignedInfo] Verifying SignedInfo using key RSACryptoServiceProvider#01ff0934, signature description RSAPKCS1SHA1SignatureDescription, hash algorithm SHA1CryptoServiceProvider, and asymmetric signature deformatter RSAPKCS1SignatureDeformatter.
System.Security.Cryptography.Xml.SignedXml Verbose: 14 : [SignedAssertion#02a3cd2b, VerifySignedInfo] Actual hash value: 7e6dc9881e5fc80c735abd527535667ec1d8229c
System.Security.Cryptography.Xml.SignedXml Verbose: 14 : [SignedAssertion#02a3cd2b, VerifySignedInfo] Raw signature: 26f056a4b7e278c03a4b0c97356c4a13953f686f98e338e4c7f7abc33badfef3f8498012f24e7ef0d48b7f2c11424328a6c27e58beae0e4cb0115730a0d41ef22d69e6a5e93b3dad75dad139e2087a64e1b448addfd4cc765b2e8e84db40148063656966962eb3fcc7fc23a763a856e4a8325c7ccd937e72cd2e648387e9bf3d86132faabaf4a8400b671daad6c4b3533bc61957127d7e8b507574c10587e41c48c9b56d9ee8a28672dcf1aee60590ecbe232b3bdfcffb32215ad06a1955897533e405f3247179af4bb0571e62a18dbaef1295274e27405e14c438c02feee474365db306ce00477db81b5b29a40fb48b1b17b3934c608e4073637837ee55f49f
System.Security.Cryptography.Xml.SignedXml Information: 12 : [SignedAssertion#02a3cd2b, VerificationFailure] Verification failed checking SignedInfo.

Could you also include the code for the verifySignedAssertion? Thanks.
I decoded the SAML response from the trace (see attached file).
I then ran our VerifySAML utility and was able to verify the signature.

VerifySAML.exe c:\temp\samlresponse.xml
Loading c:\temp\samlresponse.xml
Verifying SAML message
The SAML message isn’t signed
Verifying SAML assertion
Verified: True

So, the SAML response and signed assertion are ok and you should be able to verify the signature.
Also, have you considered using the SAML high-level API?
The high-level API handles verify signatures etc for you.
The high-level API ExampleServiceProvider demonstrates using the high-level API and successfully interoperates with ADFS etc.

Not sure where the "high level" api is?
As for the verify code...
all I am doing is
SAMLAssertionMessage.verify(assertionXML, cert);

Every time it comes out that the xml cannot be verified. I tried using the VerifySAML tool that is included and still fails.
How did you verify the assertion without the certificate to load?

It looks like you are using an earlier version of the component prior to the high-level API.
The XML signature includes the X.509 certificate. I ran VerifySAML.exe without specifying a certificate so it used the certificate embedded in the XML signature.
I suggest, as an experiment, trying:
SAMLAssertionSignature.Verify(assertionXML)
Make sure to use the SAMLAssertionSignature class and not SAMLMessageSignature.
If that works then it means the certificate you are specifying is not the correct certificate.
The serial number of the embedded certificate is:
‎6d f5 46 8d 39 cb c4 be 4a ab 20 cf 51 5a 33 6c

Thanks for the info.
Sorry, I mis-type the verify code…I do use SAMLAssertionSignature.Verify(), not SAMLAssertionMessage…
I will try to verify without loading the certificate.
So if the assertion is signed and the signature is already included, is there a point of loading the certificate on the service provider side? Or is that just overkill?
Thanks again!
Thanks

Generally it’s better to load the certificate independently rather than rely on the embedded certificate.
If you did use the embedded certificate you would have to check that the subject DN matches the expected value as well as it being issued by a trusted issuer etc.
That’s all possible but usually it’s simpler and safer to load the certificate independently.
The embedded certificate is useful for debugging signature verification issues.
Let me know how you go. Thanks.

Thanks again! Yeah the certificate supplied by the IdP was the wrong one…I am now getting through the verify.

Besides using the “samlResponse.GetSignedAssertions();” and then check the count, is there any other way to check if the assertion is signed? I tried using the SAMLAssertionSignature.IsSigned(samlResponseXml); method but it is always false.

That’s the best way.
The SAMLAssertionSignature.IsSigned(samlAssertionXml) method takes the SAML assertion XML rather than the SAML response XML.

Ok but if I get the “Signed Assertion XML” using the “GetSignedAssertions()” method, if the count is greater than 0 then I already know that it is signed so there isn’t a need to call the isSIgned method.
Unless I am missing something?

That’s correct. The GetSignedAssertions() method returns signed assertions only. If the count is greater than zero then you have a signed assertion and there is no need to call the IsSigned() method.