Hi, I created a sample project using SAMLExamplesVS2017 with HighLevelAPI
and I manage to do the WebForm ExampleIdentityProvider and ExampleServiceProvider as external project.
now when I run SAMLServiceProvider.InitiateSSO() it’s redirect me to the login page for IDP
I checked the SAML request with Chrome plugin SAML Message Decoder and the XML didn’t contain the signature key.
How do I add Signature key to the XML
here is my SAML configuration
<?xml version="1.0"?>
<ServiceProvider Name=“<a href=“http://localhost:49804/loginSP””>http://localhost:49804/loginSP"
Description=“Example Service Provider”
AssertionConsumerServiceUrl=“~/SAMLSP/AssertionConsumerService.aspx”
LocalCertificateFile=“CertificatesSP\sp.pfx”
LocalCertificatePassword=“password”/>
<IdentityProvider Name=“<a href=“http://localhost:49804/loginIDP””>http://localhost:49804/loginIDP"
Description=“Example Identity Provider”
LocalCertificateFile=“CertificatesIDP\idp.pfx”
LocalCertificatePassword=“password”/>
<PartnerIdentityProvider Name=“<a href=“http://localhost:49804/loginIDP””>http://localhost:49804/loginIDP"
Description=“Example Identity Provider”
SignAuthnRequest=“true”
SingleSignOnServiceUrl=“<a href=“http://localhost:49804/SAMLIDP/SSOService.aspx””>http://localhost:49804/SAMLIDP/SSOService.aspx"
SingleLogoutServiceUrl=“<a href=“http://localhost:49804/SAMLIDP/SLOService.aspx””>http://localhost:49804/SAMLIDP/SLOService.aspx"
PartnerCertificateFile=“CertificatesIDP\idp.cer”/>
<PartnerServiceProvider Name=“<a href=“http://localhost:49804/loginSP””>http://localhost:49804/loginSP"
Description=“Example Service Provider”
WantAuthnRequestSigned=“true”
SignSAMLResponse=“true”
SignAssertion=“false”
EncryptAssertion=“false”
AssertionConsumerServiceUrl=“<a href=“http://localhost:49804/SAMLSP/AssertionConsumerService.aspx””>http://localhost:49804/SAMLSP/AssertionConsumerService.aspx"
SingleLogoutServiceUrl=“<a href=“http://localhost:49804/SAMLSP/SLOService.aspx””>http://localhost:49804/SAMLSP/SLOService.aspx"
PartnerCertificateFile=“CertificatesSP\sp.cer”/>
Setting SignAuthnRequest=“true” will cause the SAML authn request to be signed.
By default we use the HTTP-Redirect binding which means that the signature is not part of the XML.
Instead, it’s a separate Signature query string parameter.
If you were to specify the HTTP-Post binding, you would see the signature as part of the authn request XML.
To do this, add the following to the configuration.
SingleSignOnServiceBinding=“urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST”
[quote][/quote]
Setting SignAuthnRequest="true" will cause the SAML authn request to be signed.
By default we use the HTTP-Redirect binding which means that the signature is not part of the XML.
Instead, it's a separate Signature query string parameter.
If you were to specify the HTTP-Post binding, you would see the signature as part of the authn request XML.
To do this, add the following to the configuration.
SingleSignOnServiceBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
By default we use the HTTP-Redirect binding which means that the signature is not part of the XML.
Instead, it's a separate Signature query string parameter.
If you were to specify the HTTP-Post binding, you would see the signature as part of the authn request XML.
To do this, add the following to the configuration.
SingleSignOnServiceBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
set HTTP-POST binding did the job , thanks.
but I get an exception on SSOService
ComponentSpace.SAML2.Exceptions.SAMLBindingException
HResult=0x80131600
Message=The query string is missing SAMLRequest
Source=ComponentSpace.SAML2
StackTrace:
at ComponentSpace.SAML2.Bindings.HTTPRedirectBinding.ParseQueryString(String redirectURL, String messageQueryName, XmlElement& samlMessage, String& relayState, String& signatureAlgorithm, String& signature)
at ComponentSpace.SAML2.Bindings.HTTPRedirectBinding.ReceiveRequest(HttpRequest httpRequest, XmlElement& samlMessage, String& relayState, String& signatureAlgorithm, String& signature)
at ComponentSpace.SAML2.InternalSAMLIdentityProvider.ReceiveAuthnRequest(HttpRequest httpRequest, XmlElement& authnRequestElement, String& relayState, String& signatureAlgorithm, String& signature, String& binding)
at ComponentSpace.SAML2.InternalSAMLIdentityProvider.ReceiveSSO(HttpRequest httpRequest, String& partnerSP, SSOOptions& ssoOptions)
at ComponentSpace.SAML2.SAMLIdentityProvider.ReceiveSSO(HttpRequest httpRequest, String& partnerSP)
at WebApplication3.SAMLIDP.SSOService.Page_Load(Object sender, EventArgs e) in C:\Users\Ahmad\source\repos\WebApplication3\WebApplication3\SAMLIDP\SSOService.aspx.cs:line 26
Please check that an HTTP Post is being received at the SSO service.
If that appears to be the case, please enable SAML trace and send the generated log file as an email attachment to support@componentspace.com.
https://www.componentspace.com/Forums/17/Enabing-SAML-Trace