How to generate signature for ArtifactResolve - HTTP-Artifact request binding for IdP

pramod · May 21, 2018, 12:22am

Hi Team,

I am sending SAML request to IdP server using HTTP-Artifact bindings with low level API… but i am not sure how to add signature in the SAML. Is it automatic add signature ?
How it will pick the require cert file and add in xml because the return type is void for method SAMLAssertionSignature.Generate

My code is below :-

ArtifactResolve artifactResolve = new ArtifactResolve();
artifactResolve.Destination = samlEndpoint;
artifactResolve.Issuer = new Issuer(samlResolveIssuer);
artifactResolve.Artifact = new Artifact(httpArtifact);
XmlElement samlAssertionXml = samlResolve.ToXml();
SAMLAssertionSignature.Generate(samlAssertionXml, x509CertificatePassionCard.PrivateKey, x509CertificatePassionCard);
ArtifactResolver.SendRequestReceiveResponse(spArtifactResponderURL, samlAssertionXml );

I am not getting signature value

ComponentSpace · May 21, 2018, 12:33am

You need to call SAMLMessageSignature.Generate instead of SAMLAssertionSignature.Generate.
It will add the XML signature to the supplied XML.

XmlElement artifactResolveElement = artifactResolve.ToXml();
SAMLMessageSignature.Generate(artifactResolveElement, x509Certificate.PrivateKey, x509Certificate);

pramod · May 21, 2018, 2:00am

[quote]

ComponentSpace - 5/21/2018

You need to call SAMLMessageSignature.Generate instead of SAMLAssertionSignature.Generate.
It will add the XML signature to the supplied XML.

XmlElement artifactResolveElement = artifactResolve.ToXml();
SAMLMessageSignature.Generate(artifactResolveElement, x509Certificate.PrivateKey, x509Certificate);

[/quote]

Thanks for reply, i was checking my log and found that it is creating ArtifactResolve Xml values without any body tag while in IdP sample examples, all are under body tag like below given xml . Will componentspace will add tag inside body before sending the request or i need to add it explicitly. If yes then how and also if i want to change any xml tag xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" value how i can change. Ex :- here i want "urn:oasis:names:tc:SAML:2.0:assertion" instead of "urn:oasis:names:tc:SAML:2.0:protocol" .

Also while sending it will comonentspace will encode all details or will send as xml only. Or i need to encode before send.

<?xml version="1.0" encoding="UTF-8"?>
">http://schemas.xmlsoap.org/soap/envelope/">

ArtifactResolve tags

ComponentSpace · May 21, 2018, 5:57pm

The artifact resolve message is sent using the SOAP binding.
This means that when you call ArtifactResolver.SendRequestReceiveResponse, the ArtifactResolve message is wrapped in a SOAP envelope as per the SAML specification and as you’ve shown above.
We use the correct namespace declarations. You don’t need to and shouldn’t change these. As per the SAML specification, the ArtifactResolve is under the “urn:oasis:names:tc:SAML:2.0:protocol” namespace not “urn:oasis:names:tc:SAML:2.0:assertion”.
We handle all the required encoding. If you call our API as demonstrated by the example project, everything will be encoded and sent correctly.