Hi All,
I am very new to component space i want to use component space to send ver simple signed saml file to the IDP.
I created samp.config file on my solution as below:
<ServiceProvider Name=“Derayah Financial”
LocalCertificateFile=“C:\Users\dkamal\documents\visual studio 2015\Projects\stackOverFlowWeb\stackOverFlowWeb\my_bank1_signed.p12”/>
<PartnerIdentityProvider Name=“Tawtheeq Online”
SignAuthnRequest=“true”
SingleSignOnServiceUrl=“<a href=“https://tawtheeq.sa:8443/identity-gateway-test/ReceiveSAMLRequest””>https://tawtheeq.sa:8443/identity-gateway-test/ReceiveSAMLRequest"
PartnerCertificateFile=“C:\Users\dkamal\documents\visual studio 2015\Projects\stackOverFlowWeb\stackOverFlowWeb\TawtheeqCert.cer”/>
Then i created sample method to post request to url provided by IDP as below:
private void TestComponentSpaceSaml()
{
string ConsumerServiceName = “Tawtheeq Online”;
Request.ContentType = “application/x-www-form-urlencoded”;
SAMLServiceProvider.InitiateSSO(Response, “10”, ConsumerServiceName);
}
But it is not working notice that the sample request send by IDP to follow is as below:
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest xmlns:samlp=“urn:oasis:names:tc:SAML:2.0:protocol” AssertionConsumerServiceURL=“<a href=“https://tawtheeq.sa/mybank1/ReceiveSAMLResponse””>https://tawtheeq.sa/mybank1/ReceiveSAMLResponse" Destination=“<a href=“https://tawtheeq.sa/identity-gateway/ReceiveSAMLRequest””>https://tawtheeq.sa/identity-gateway/ReceiveSAMLRequest" ForceAuthn=“false” ID=“_964484d741502e19a0b148d478a64050” IsPassive=“false” IssueInstant=“2018-06-04T12:46:07.860Z” ProtocolBinding=“urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect” Version=“2.0”>
<saml:Issuer xmlns:saml=“urn:oasis:names:tc:SAML:2.0:assertion”>MyBank1
</saml:Issuer><ds:Signature xmlns:ds=“”>http://www.w3.org/2000/09/xmldsig#“>
ds:SignedInfo
<ds:CanonicalizationMethod Algorithm=”“>http://www.w3.org/2001/10/xml-exc-c14n#”/>
<ds:SignatureMethod Algorithm=“”>http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI=“#_964484d741502e19a0b148d478a64050”>
ds:Transforms
<ds:Transform Algorithm=“”>http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform Algorithm=“ec:InclusiveNamespaces"http://www.w3.org/2001/10/xml-exc-c14n#”><ec:InclusiveNamespaces xmlns:ec=“<a href=“http://www.w3.org/2001/10/xml-exc-c14n#””>http://www.w3.org/2001/10/xml-exc-c14n#“ PrefixList=“ds saml samlp”/></ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm=”“>http://www.w3.org/2000/09/xmldsig#sha1”/>
ds:DigestValueB99CKUkHBSVelX86anIYMPaktnw=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
ds:SignatureValue
Some Encrypted key
</ds:SignatureValue>
ds:KeyInfo
ds:X509Data
ds:X509Certificate
Some Encrypted key
</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>
<samlp:NameIDPolicy AllowCreate=“true” Format=“urn:oasis:names:tc:SAML:2.0:nameid-format:persistent”/>
<samlp:RequestedAuthnContext Comparison=“exact”>
<saml:AuthnContextClassRef xmlns:saml=“urn:oasis:names:tc:SAML:2.0:assertion”>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef>
</samlp:RequestedAuthnContext>
</samlp:AuthnRequest>
Please note that the following line is not required.
Request.ContentType = “application/x-www-form-urlencoded”;
By default, SAMLServiceProvider.InitiateSSO will send the SAML authn request using a 302 redirect to the configured SingleSignOnServiceUrl.
Try removing the Request.ContentType line as this might be causing problems.
If there’s still an issue, let me know what the URL is in the browser.
This should indicate whether you reached the IdP or not.
[quote][/quote]
Please note that the following line is not required.
Request.ContentType = "application/x-www-form-urlencoded";
By default, SAMLServiceProvider.InitiateSSO will send the SAML authn request using a 302 redirect to the configured SingleSignOnServiceUrl.
Try removing the Request.ContentType line as this might be causing problems.
If there's still an issue, let me know what the URL is in the browser.
This should indicate whether you reached the IdP or not.
Request.ContentType = "application/x-www-form-urlencoded";
By default, SAMLServiceProvider.InitiateSSO will send the SAML authn request using a 302 redirect to the configured SingleSignOnServiceUrl.
Try removing the Request.ContentType line as this might be causing problems.
If there's still an issue, let me know what the URL is in the browser.
This should indicate whether you reached the IdP or not.
Hi,
Thank you for your response, I removed it but still issue exist, I want to make sure that the key algorithm used is: http://www.w3.org/2000/09/xmldsig#rsa-sha1
pls find below my url after posting the data
https://tawtheeq.sa:8443/identity-gateway-test/ReceiveSAMLRequest?SAMLRequest=fZJNT8JAEIb%2FSrP3pS0uKBtKghIjiR%2BNEg9ezLidyiZlW3amIv%2FebSEGD3KdvB8zT2ZKsKkaPW957Z5x2yJxtFxk4l2ZREE5LmVqDEqVJqWEcvIhx%2BXlaDi5KNQElYhe0ZOtXSaGg0RES6IWl44YHIdRkl7JZCLT4SoZ6eFIKzVIx%2BpNRIvQYh1w71wzN6TjmGHHa8TtgEBfKXUR2wIdW97LT2DcwV5ysMXPaNB%2B4cv84f64r4hua2%2BwPyETJVSE3So5EAXh7yT3Ndemrq6tK6z7zETrna6BLGkHGyTNRnepOpyiPw4i0nerVS7zp5eViL43lSPd8zpvbo5NYjbt1LrH4k%2F85%2B1hb%2FQdGzFboIc9rKPbQMsZC9U0Pkk8xDf6MUQsF3ldWbPvWGyA%2F29IB2k%2FsYUse6luHTVobGmxENG8qurdjceAPBPs2wAunh1a%2F37J7Ac%3D&RelayState=10&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=cTe6%2FXr9%2BJm8CtNSTU7VZAWerPCV7R0X99OempovTbhI%2Bo1G%2BJL1%2FFOujri%2FZWtI9lQE4hi5YLietl2%2F1v3s55jIxIWZDwQ1Z8DAS4Dsf2yiNIXrA5tB%2F2UYnUkzQNyJdwDMHVaczyJ69yL424M%2FvbRgWeS48PdRSQ65Mm52io66qfkAhs4S0Xg%2Ff3Pc4KKuGBe9nacSAIhnX8PS4eCj69VyMMfu8AqibvauCQIg1kyjIzi0z8MbfCCYYS4pr5TGNsXgJLwUw4c6jMDx2mzqix3CgBk4ALufwyuS0CK8I6ZaTXWJO%2FyEWcigPAX0sCDTlugmUgy7nLN2TbBxC563Gg%3D%3D
The URL looks fine.
Are you being redirected to this location in the browser?
What does the browser display?
[quote]
[/quote]
I see in the url that the signature used is rsa sha-256 even after configuring the algorithm in saml.config to use rsa-sh1 as below
<PartnerIdentityProvider Name="Tawtheeq Online"
SignAuthnRequest="true"
SignatureMethod="http://www.w3.org/2000/09/xmldsig#rsa-sha1"
SingleSignOnServiceUrl="https://tawtheeq.sa:8443/identity-gateway-test/ReceiveSAMLRequest"
PartnerCertificateFile="cer path on my machine"/>
Please send the full log file as an email attachment.
Hi
Thank you for your support, I've asked the IDP and sent the request details and they told me request should be post instead of redirect binding, Is their any way to send request as a Post request instead?
Yes. Include the following for the in your saml.config.
SingleSignOnServiceBinding=“urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST”
[quote]
[/quote]
Sorry but one more question how can i make sure that my SAML request in a text file (the request generated and set in the SAMLRequest post parameter)? Is their any way throw component space library to send it as a text as it is requested by the IDP!
The best option is to enable SAML trace and take a look at the log file.
This includes the SAML authn request as XML.
You can copy this to a separate XML file.
[quote]
Yes, we sent idp sample of the request created from component space and it is always done just want to ask[/quote]
Is their any way from saml.config to send request across the following steps.
- Deflate & Base64 encode
- URL encode
The encoding is handled automatically by us as per the SAML specification.
You shouldn’t have to worry about these details.
If HTTP-Post is specified as the binding in your saml.config, the message is base-64 and URL encoded.
If HTTP-Redirect is specified as the binding in your saml.config, the message is encoded using Deflate and URL encoded.