Hello All,
I am new to this coding world. So please help with simple stuffs. Came to know that Component-space is excellent tool for SAML use. Here are my questions.
1. I will receive SAML assertion from Idp. Can you please provide sample code to Decrypt the SAML using my private key (this cert is stored in machine). I have already provided them with my public key.
2. After decrypt, how can i verify the Idp signature. I already received signing signature cert from identity provider.
3. I believe, after Decrypt and veification, i will be able to read the XML.
If there is complete solution which can show me how to receive SAML, decrypt, verify and then read values please provide. or just provide sample for above questions.
Please help thanks
[quote][/quote]
Hello All,
I am new to this coding world. So please help with simple stuffs. Came to know that Component-space is excellent tool for SAML use. Here are my questions.
1. I will receive SAML assertion from Idp. Can you please provide sample code to Decrypt the SAML using my private key (this cert is stored in machine). I have already provided them with my public key.
2. After decrypt, how can i verify the Idp signature. I already received signing signature cert from identity provider.
3. I believe, after Decrypt and veification, i will be able to read the XML.
If there is complete solution which can show me how to receive SAML, decrypt, verify and then read values please provide. or just provide sample for above questions.
Please help thanks
I am new to this coding world. So please help with simple stuffs. Came to know that Component-space is excellent tool for SAML use. Here are my questions.
1. I will receive SAML assertion from Idp. Can you please provide sample code to Decrypt the SAML using my private key (this cert is stored in machine). I have already provided them with my public key.
2. After decrypt, how can i verify the Idp signature. I already received signing signature cert from identity provider.
3. I believe, after Decrypt and veification, i will be able to read the XML.
If there is complete solution which can show me how to receive SAML, decrypt, verify and then read values please provide. or just provide sample for above questions.
Please help thanks
Team please help.
The following code will decrypt the SAML assertion, verify XML signatures and perform various other checks.
SAMLServiceProvider.ReceiveSSO(Request, out isInResponseTo, out partnerIdP, out authnContext, out userName, out attributes, out targetUrl);
This one method performs all the required processing of the SAML response and assertion sent by the identity provider.
I recommend taking a look at section 10.1 of our Developer Guide PDF which you’ll find in the documentation folder as well as at:
https://www.componentspace.com/Forums/8231/Developer-Guide
This describes the ExampleServiceProvider project and corresponding ExampleIdentityProvider.
The ExampleServiceProvider’s SAML/AssertionConsumerService.aspx page demonstrates calling SAMLServiceProvider.ReceiveSSO.
The SAML API makes use of SAML configuration which specifies such things as whether the SAML assertion should be encrypted etc.
The ExampleServiceProvider’s configuration is in the saml.config file included with the project.
Your application will need to call SAMLServiceProvider.ReceiveSSO and include a SAML configuration specific to your environment.
[quote][/quote]
The following code will decrypt the SAML assertion, verify XML signatures and perform various other checks.
SAMLServiceProvider.ReceiveSSO(Request, out isInResponseTo, out partnerIdP, out authnContext, out userName, out attributes, out targetUrl);
This one method performs all the required processing of the SAML response and assertion sent by the identity provider.
I recommend taking a look at section 10.1 of our Developer Guide PDF which you'll find in the documentation folder as well as at:
https://www.componentspace.com/Forums/8231/Developer-Guide
This describes the ExampleServiceProvider project and corresponding ExampleIdentityProvider.
The ExampleServiceProvider's SAML/AssertionConsumerService.aspx page demonstrates calling SAMLServiceProvider.ReceiveSSO.
The SAML API makes use of SAML configuration which specifies such things as whether the SAML assertion should be encrypted etc.
The ExampleServiceProvider's configuration is in the saml.config file included with the project.
Your application will need to call SAMLServiceProvider.ReceiveSSO and include a SAML configuration specific to your environment.
SAMLServiceProvider.ReceiveSSO(Request, out isInResponseTo, out partnerIdP, out authnContext, out userName, out attributes, out targetUrl);
This one method performs all the required processing of the SAML response and assertion sent by the identity provider.
I recommend taking a look at section 10.1 of our Developer Guide PDF which you'll find in the documentation folder as well as at:
https://www.componentspace.com/Forums/8231/Developer-Guide
This describes the ExampleServiceProvider project and corresponding ExampleIdentityProvider.
The ExampleServiceProvider's SAML/AssertionConsumerService.aspx page demonstrates calling SAMLServiceProvider.ReceiveSSO.
The SAML API makes use of SAML configuration which specifies such things as whether the SAML assertion should be encrypted etc.
The ExampleServiceProvider's configuration is in the saml.config file included with the project.
Your application will need to call SAMLServiceProvider.ReceiveSSO and include a SAML configuration specific to your environment.
Thanks CS,
This is really helpful. Also want to know, like you said this SAMLServiceProvider.ReceiveSSO(...Parameters...) verify, decrypt and will perform all for SAML.
At what point and where we need to provide the keys to decrypt and verify the SAML. I do not see any code or line where we providing the keys. How the code will decrypt or verify?
Thanks
The certificates and private keys are supplied as part of the SAML configuration.
If SAML configuration is specified using a saml.config file, it might include the following.
<ServiceProvider Name=“<a href=“http://ExampleServiceProvider””>http://ExampleServiceProvider"
Description=“Example Service Provider”
AssertionConsumerServiceUrl=“~/SAML/AssertionConsumerService.aspx”
LocalCertificateFile=“Certificates\sp.pfx”
LocalCertificatePassword=“password”/>
<PartnerIdentityProvider Name=“<a href=“http://ExampleIdentityProvider””>http://ExampleIdentityProvider"
Description=“Example Identity Provider”
SignAuthnRequest=“true”
WantAssertionEncrypted=“true”
SingleSignOnServiceUrl=“<a href=“http://localhost:51801/SAML/SSOService.aspx””>http://localhost:51801/SAML/SSOService.aspx"
SingleLogoutServiceUrl=“<a href=“http://localhost:51801/SAML/SLOService.aspx””>http://localhost:51801/SAML/SLOService.aspx"
PartnerCertificateFile=“Certificates\idp.cer”/>
The LocalCertificateFile is used to decrypt the SAML assertion.
The PartnerCertificateFile is used to verify the signature on the SAML response or assertion.
[quote][/quote]
The certificates and private keys are supplied as part of the SAML configuration.
If SAML configuration is specified using a saml.config file, it might include the following.
http://ExampleServiceProvider"
Description="Example Service Provider"
AssertionConsumerServiceUrl="~/SAML/AssertionConsumerService.aspx"
LocalCertificateFile="Certificates\sp.pfx"
LocalCertificatePassword="password"/>
http://ExampleIdentityProvider"
Description="Example Identity Provider"
SignAuthnRequest="true"
WantAssertionEncrypted="true"
SingleSignOnServiceUrl="http://localhost:51801/SAML/SSOService.aspx"
SingleLogoutServiceUrl="http://localhost:51801/SAML/SLOService.aspx"
PartnerCertificateFile="Certificates\idp.cer"/>
The LocalCertificateFile is used to decrypt the SAML assertion.
The PartnerCertificateFile is used to verify the signature on the SAML response or assertion.
If SAML configuration is specified using a saml.config file, it might include the following.
http://ExampleServiceProvider"
Description="Example Service Provider"
AssertionConsumerServiceUrl="~/SAML/AssertionConsumerService.aspx"
LocalCertificateFile="Certificates\sp.pfx"
LocalCertificatePassword="password"/>
http://ExampleIdentityProvider"
Description="Example Identity Provider"
SignAuthnRequest="true"
WantAssertionEncrypted="true"
SingleSignOnServiceUrl="http://localhost:51801/SAML/SSOService.aspx"
SingleLogoutServiceUrl="http://localhost:51801/SAML/SLOService.aspx"
PartnerCertificateFile="Certificates\idp.cer"/>
The LocalCertificateFile is used to decrypt the SAML assertion.
The PartnerCertificateFile is used to verify the signature on the SAML response or assertion.
Thanks CS
Is it mandatory to have a certificate and pfx stored as a file or i can read them from the store. If it is possible from windows certificate store how config file change will reflect in place of PartnerCertificateFile/LocalCertificateFile?
Thanks
You can store the certificate as a file, in the Windows certificate store, or directly in the SAML configuration as a base-64 encoded string.
For information on retrieving certificates stored in the Windows Certificate Store, please refer to the “Local Provider Certificate Store” section of:
https://www.componentspace.com/Forums/44/X509-Certificate-Management
Instead of LocalCertificateFile/LocalCertificatePassword you can specify the certificate stored in the Windows certificate store by its serial number.
For example:
LocalCertificateSerialNumber=“0867a17dc9efeabe4ccbf7e7adb7c37a”
[quote][/quote]
You can store the certificate as a file, in the Windows certificate store, or directly in the SAML configuration as a base-64 encoded string.
For information on retrieving certificates stored in the Windows Certificate Store, please refer to the "Local Provider Certificate Store" section of:
https://www.componentspace.com/Forums/44/X509-Certificate-Management
Instead of LocalCertificateFile/LocalCertificatePassword you can specify the certificate stored in the Windows certificate store by its serial number.
For example:
LocalCertificateSerialNumber="0867a17dc9efeabe4ccbf7e7adb7c37a"
For information on retrieving certificates stored in the Windows Certificate Store, please refer to the "Local Provider Certificate Store" section of:
https://www.componentspace.com/Forums/44/X509-Certificate-Management
Instead of LocalCertificateFile/LocalCertificatePassword you can specify the certificate stored in the Windows certificate store by its serial number.
For example:
LocalCertificateSerialNumber="0867a17dc9efeabe4ccbf7e7adb7c37a"
I did the code per your suggestion, now when i am testing my code i am passing one sample SAML and i am getting below error message.
An exception of type 'ComponentSpace.SAML2.Exceptions.SAMLBindingException' occurred in ComponentSpace.SAML2.dll but was not handled in user code
Additional information: The form is missing the variable SAMLResponse
Can you please help, what I am missing?
Thanks
That message means that an HTTP Post was received but it didn’t include a SAMLResponse form variable.
Please enable SAML trace and send the generated log file as an email attachment to support@componentspace.com and we’ll take a look.
https://www.componentspace.com/Forums/17/Enabing-SAML-Trace