Saml Response with Signature - AzuHello I am building an API on top of Component space. My api should return Complete SAML Response. I am using SamlIdentityProvider OnSamlResponseCreated event to capture response. I am able to see the response, but it is missing signature tag in the rere functions

sap_vr · March 16, 2022, 7:42pm

Hello, I am building an API on top of Component space. My api should return Complete SAML Response. I am using SamlIdentityProvider OnSamlResponseCreated event to capture response. I am able to see the response, but it is missing a signature tag in the response. Could anyone guide me on how to get a complete response including a signature?

ComponentSpace · March 17, 2022, 12:47am

OnSamlResponseCreated provides access to the SAML response object prior to any signing.

The OnSendMessage event provides access to the SAML response XML including any XML signature.

_samlIdentityProvider.Events.OnSendMessage += (httpContext, xmlElement) =>
{
// Access the SAML response XML.
return xmlElement;
};

sap_vr · March 17, 2022, 3:48am

Thank you for your quick response. One more question, I am using ComponentSpace inside an API to generate SAML Response. I used SamlIdentityProvider.InitiateSsoAsync(userID: , relayState: ); to generate SAML Response. The first error I got with the session store. Since my API is stateless, it doesn’t have any cookie or session To store. for a quick dirty fix is I override the session store and injected it into my dependency injection. Is there any inbuild store that I can use for API’s that are state less?

public class IdentityDistributedSsoSessionStore : DistributedSsoSessionStore
{
private readonly IOptionsSnapshot _distributedSsoSessionStoreOptions;

public IdentityDistributedSsoSessionStore(IOptionsSnapshot distributedSsoSessionStoreOptions,
IDistributedCache distributedCache, IHttpRequest request, IHttpResponse response, ILoggerFactory loggerFactory)
: base(distributedSsoSessionStoreOptions, distributedCache, request, response, loggerFactory)
{
_distributedSsoSessionStoreOptions = distributedSsoSessionStoreOptions;
}

public override string SessionID
{
get
{

string cookieValue = Guid.NewGuid().ToString();
//commented lines
//AddCookie(_distributedSsoSessionStoreOptions.CookieName, cookieValue, _distributedSsoSessionStoreOptions.CookieOptions);
// sessionID = cookieValue;
return cookieValue;
}
}
}

Dependency injection

services.AddScoped<ISsoSessionStore, IdentityDistributedSsoSessionStore>();

ComponentSpace · March 17, 2022, 1:17pm

We don’t include a stateless store.

We use a saml-session cookie and store state in the ISsoSessionStore in support of the SAML protocol.

If acting as the identity provider and supporting IdP-initiated SSO only, state information isn’t required.

However, if you were to support SP-initiated SSO or SAML logout, state information is required.