Hi Team,
I’m using ComponentSpace SAML 2.0 for .NET 4.0 for my custom IDP to connect different service provider applications. The SAML Response generates with sha256 algorithm since its using .NET 4.0.
But couple of my Service Provider applications accepting Sha1 algorithm, how to send SAML Response with Sha1 algorithm with ComponentSpace SAML 2.0 for .NET 4.0.
Regards,
Vasanth.
Hi Vasanth
In keeping with the industry move to SHA-256, we now default to SHA-256 XML signatures rather than SHA-1.
However, we still support SHA-1.
I’m assuming you’re using the configuration-driven SAML high-level API.
In your saml.config, for the specific partner service providers that still require SHA-1, update each as follows.
<PartnerServiceProvider
Name=“xxxx”
SignatureMethod=“<a href=“http://www.w3.org/2000/09/xmldsig#rsa-sha1"”>http://www.w3.org/2000/09/xmldsig#rsa-sha1”
The default signature method is "<a href=“http://www.w3.org/2001/04/xmldsig-more#rsa-sha256".">http://www.w3.org/2001/04/xmldsig-more#rsa-sha256”.
[quote][/quote]
Hi Vasanth
In keeping with the industry move to SHA-256, we now default to SHA-256 XML signatures rather than SHA-1.
However, we still support SHA-1.
I'm assuming you're using the configuration-driven SAML high-level API.
In your saml.config, for the specific partner service providers that still require SHA-1, update each as follows.
<PartnerServiceProvider
Name="xxxx"
SignatureMethod="http://www.w3.org/2000/09/xmldsig#rsa-sha1"
The default signature method is "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256".
In keeping with the industry move to SHA-256, we now default to SHA-256 XML signatures rather than SHA-1.
However, we still support SHA-1.
I'm assuming you're using the configuration-driven SAML high-level API.
In your saml.config, for the specific partner service providers that still require SHA-1, update each as follows.
<PartnerServiceProvider
Name="xxxx"
SignatureMethod="http://www.w3.org/2000/09/xmldsig#rsa-sha1"
The default signature method is "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256".
Thanks.
Can we use it for Low-Level app also? Please provide me some example.
-Vasanth
The low-level API supports both SHA-1 and SHA-256. It defaults to SHA-256.
Here’s how to sign a SAML response using SHA-256.
// Sign the SAML response - SHA-256.
X509Certificate2 x509Certificate = new X509Certificate2(“idp.pfx”, “password”);
SAMLMessageSignature.Generate(xmlElement, x509Certificate.PrivateKey, x509Certificate);
Here’s how to signed a SAML response using SHA-1.
// Sign the SAML response - SHA-1.
X509Certificate2 x509Certificate = new X509Certificate2(“idp.pfx”, “password”);
SAMLMessageSignature.Generate(xmlElement, x509Certificate.PrivateKey, x509Certificate, null,
“<a href=“http://www.w3.org/2000/09/xmldsig#sha1” ,”=“”><a href=“http://www.w3.org/2000/09/xmldsig#sha1",">http://www.w3.org/2000/09/xmldsig#sha1”, “<a href=“http://www.w3.org/2000/09/xmldsig#rsa-sha1” );”=“”><a href=“http://www.w3.org/2000/09/xmldsig#rsa-sha1");">http://www.w3.org/2000/09/xmldsig#rsa-sha1”);
Similarly, here’s how to sign a SAML assertion using SHA-256.
// Sign the SAML assertion - SHA-256.
X509Certificate2 x509Certificate = new X509Certificate2(“idp.pfx”, “password”);
SAMLAssertionSignature.Generate(xmlElement, x509Certificate.PrivateKey, x509Certificate);
Here’s how to signed a SAML assertion using SHA-1.
// Sign the SAML response - SHA-1.
X509Certificate2 x509Certificate = new X509Certificate2(“idp.pfx”, “password”);
SAMLAssertionSignature.Generate(xmlElement, x509Certificate.PrivateKey, x509Certificate, null,
“<a href=“http://www.w3.org/2000/09/xmldsig#sha1” ,”=“” style=“font-family: arial, tahoma; font-size: 13.3333px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px;”><a href=“http://www.w3.org/2000/09/xmldsig#sha1",">http://www.w3.org/2000/09/xmldsig#sha1”, “<a href=“http://www.w3.org/2000/09/xmldsig#rsa-sha1” );”=“” style=“font-family: arial, tahoma; font-size: 13.3333px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px;”><a href=“http://www.w3.org/2000/09/xmldsig#rsa-sha1");">http://www.w3.org/2000/09/xmldsig#rsa-sha1”);