Is there a way to change saml:signature nesting to saml:Assertion instead of saml:Issuer?

I am using LowLevelAPI (I know HighLevel is recommended but this is a older app and the code is there).

Using the following code -
XmlElement samlResponseXml = samlResponse.ToXml();

SAMLMessageSignature.Generate(samlResponseXml, x509CertificateIdp.PrivateKey, x509CertificateIdp);
IdentityProvider.SendSAMLResponseByHTTPPost(Response, ssoState.assertionConsumerServiceURL, samlResponseXml, ssoState.relayState);

The saml:signature is nested inside saml:Issuer and not the saml:Assertion tag. One of the Service Provider is saying that saml:Signature should be inside saml:Assertion. All the samples I can find on google also have saml:Signature nested in saml:Assertion. Is there a way to change this?

The code you have is signing the SAML response rather than the SAML assertion.
The following code outlines how to sign the SAML assertion and add it to the SAML response.

// Construct a SAML assertion – details not shown.
SAMLAssertion samlAssertion = new SAMLAssertion();
samlAssertion.Issuer = new Issuer(“”);

// Serialize to XML for XML signature generation.
XmlElement samlAssertionElement = samlAssertion.ToXml();

// Sign the SAML assertion using your private key.
X509Certificate2 x509Certificate = new X509Certificate2(“idp.pfx”, “password”, X509KeyStorageFlags.MachineKeySet);
SAMLAssertionSignature.Generate(samlAssertionElement, x509Certificate.PrivateKey, x509Certificate);

// Add the signed SAML assertion to the SAML response.
SAMLResponse samlReponse = new SAMLResponse();

// Serialize to XML.
XmlElement samlResponseElement = samlResponse.ToXml();

Got it. Thank you so much. I now see that there are “Sign Message”, “Sign Assertion” and “Sign Message and Assertion” options in SAML.

You’re welcome.