Hey guys,
I’m new to ComponentSpace and fairly new to SAML. Looking through the API and examples I saw this feature. Looking through the help document, it says:
SamlValidator.Validate(XmlDocument)
Validates the SAML assertion, protocol or metadata XML against the SAML, XML signature and XML encryption schemas.
When I run this through my code, it always returns true. I can pass an XmlDocument that looks like this, and it will still return true. NotSaml as the Xmldocument.
Also I haven’t configured ComponentSpace with any config files yet either. I would have hoped that this would error out or complain.
What I’m really trying to do is validate a SAML assertion that’s passed to me. I’m not acting as an IDP, User Agent or Service provider exactly. I will have the identity providers public key to decrypt the SAML, but I’m just acting as a SAML validator to double check that the SAML passed to me is a valid SAML assertion and basically return true or false.
Is there another method or class from component space I should be using?
Thanks
Thanks for pointing this out.
The code as it stands detects errors within SAML assertions, protocol messages and metadata. If you supply completely unrelated XML then no validation is performed and true is returned.
We've updated the validation to return false if the XML is not a SAML assertion, protocol message or metadata.
Contact support@componentspace.com mentioning this topic if you'd like the update.