SAML Response Signature

Hello everyone,

Is “SignSamlResponse”: true enough to include Signature in the SAML response?
When I set “SignAssertion”: true I’m able to see the Signature within the assertion message part.

Why I cannot see the Signature in the SAML Response?
I expect the Signature to be included in the SAML Response when “SignSamlResponse” is set to true.

I’m using the example code SAMLv20.Core-licensed that comes with the full license of .NET Core product version.
No changes are made in the configuration.
I’ve tried in some other testing applications but without success.

Many thanks

Yes, that’s all that’s required. Here’s a signed SAML response generated with SignSamlResponse specified.

If there’s still an issue, please contact including your SAML configuration with any passwords removed.

Also, enable SAML trace and include the generated log file as an email attachment.

Thank you for the response!

I looked at the logs and it really works as excepted:
→ Signing XML (Signature is missing from the samlp:Response message)
→ Signed XML (Signature is added to the samlp:Response message)

But I still a bit confused why Signature is not presented in the samlp:Response from the code point of view.
There are two places I have been used to debug and explore the response message:
→ IdP - using OnSamlResponseCreated event
→ SP - using OnSamlResponseReceived event
In both of them, the Signature has not been presented in the saml response, but it is in the assertion (“SignAssertion”: true)

It’s not a big deal because the things work correctly, I’m just wondering why it behaves like that.

These two events work with the SamlResponse object rather than the serialized XML. This means they don’t include the XML signature.

If you wish to see the SAML response including the XML signature, use the OnSendMessage and OnReceiveMessage events which work with the serialized XML (ie XmlElement).