Hi,
I am experimenting with the trial version and noticed that when using the examples C:\Program Files (x86)\ComponentSpace SAML v2.0 for .NET\Examples\SSO\HighLevelAPI\MVC\MvcExampleIdentityProvider and C:\Program Files (x86)\ComponentSpace SAML v2.0 for .NET\Examples\SSO\HighLevelAPI\MVC\MvcExampleServiceProvider, the samlp:AuthnRequest sent from the SP to the IDP is not signed, but the samlp:Response that comes back is? The SignAuthnRequest is set to true in the PartnerIdentityProvider element of the SP's saml.config, so why is it not being signed?
I would appreciate any help on this as I am using the examples as is and have not changed anything so I am expecting them to work?
Regards,
Mike
Hi Mike
By default the SAML authn request is sent using the HTTP-Redirect binding.
AN XML signature is not included with this binding as there’s the potential of ending up with a URL that’s too long for some browsers.
Instead, the HTTP-Binding includes its own mechanism for signing the message.
This is as per the SAML v2.0 binding specification.
You should see a Signature query string parameter included in the URL along with the encoded authn request.
You also have the option of sending the authn request by HTTP-Post if required.
[quote]ComponentSpace - 7/3/2017
Hi Mike
By default the SAML authn request is sent using the HTTP-Redirect binding.
AN XML signature is not included with this binding as there's the potential of ending up with a URL that's too long for some browsers.
Instead, the HTTP-Binding includes its own mechanism for signing the message.
This is as per the SAML v2.0 binding specification.
You should see a Signature query string parameter included in the URL along with the encoded authn request.
You also have the option of sending the authn request by HTTP-Post if required.
Many thanks for you quick reply. Following your instructions, I looked at the URL and can see the signature query string parameter included in it.