Signed Assertion issue

SAML for ASP.NET
1

Hi,

We are using ComponentSpace DLL for doing SAML SSO for our application.
we are getting error saying “The SAML assertion isn’t signed.” if we turn on “WantSAMLResponseSigned” settings –

<PartnerIdentityProvider Name=“xxxxxxxxxxx”
WantSAMLResponseSigned=“true” />

Please find below screenshot for SAML payload. In this payload you can see we have “Signature” node along with all other required nodes but still “VerifySAMLAssertionSignature” method throwing an above error.

Please help out to identify the exact reason for this error.


2

It looks like the SAML response is signed rather than the SAML assertion. The signature element is a child of the response rather than the assertion element.
The WantSAMLResponseSigned configuration will cause the SAML response signature to be verified if possible.
The message “The SAML assertion isn’t signed” indicates you have set WantAssertionSigned to true.
As the SAML response is signed rather than the SAML assertion, you should set WantAssertionSigned to false.

3
[quote]
ComponentSpace - Tuesday, June 14, 2016
It looks like the SAML response is signed rather than the SAML assertion. The signature element is a child of the response rather than the assertion element.
The WantSAMLResponseSigned configuration will cause the SAML response signature to be verified if possible.
The message “The SAML assertion isn’t signed” indicates you have set WantAssertionSigned to true.
As the SAML response is signed rather than the SAML assertion, you should set WantAssertionSigned to false.
[/quote]

Hi,
But already we are setting “WantAssertionSigned” value as false, you can see in below saml.config screenshot.



Thanks,
Ravindra

4

The only time you will see the error message “The SAML assertion isn’t signed” is if WantAssertionSigned is true and the SAML assertion doesn’t include an XML signature.
Could you include the entire stack trace of the exception you are seeing ie Exception.ToString()?