Hello,
I have a legacy app that I have updated to ASP.NET Core that used low-level calls to build assertions and SAML responses that I (unfortunately) cannot update to use the high-level API due to the dynamic nature of the configuration. (We are using the high-level API in all of our other new development.) I have everything working to build the assertions and I can get the XmlSignature without a problem, but I cannot figure out how to add that signature to the SamlResponse before I post to the SP. Below is a snippet after the assertion is created and all looks good except the signature is not added to the SamlResponse:
// AssertionListItem has been created and is correct here…
samlResponse.Assertions.Add(assertionListItem);
XmlElement samlResponseElement = samlResponse.ToXml();
XmlSignature xmlSignature = new XmlSignature(new LoggerFactory());
var signature = xmlSignature.Generate(samlResponseElement, certificate.PrivateKey, SamlConstants.DigestAlgorithms.SHA1, SamlConstants.SignatureAlgorithms.RSA_SHA1, null, certificate);
var samlResponseBytes = Encoding.ASCII.GetBytes(samlResponse.ToString());
var samlResponseBase64 = Convert.ToBase64String(samlResponseBytes);
At this point, signature contains the XML signature element for samlResponse and it looks correct… How do I apply that signature element to the samlResponse?
The signature needs to be added immediately after the Issuer element.
You need to locate the Issuer element (ie “Issuer” in namespace “urn:oasis:names:tc:SAML:2.0:assertion”).
Then add it as follows:
issuerElement.ParentNode.InsertAfter(signatureElement, issuerElement);
[quote]
[/quote]
That worked well. Thank you
You’re welcome.