Unable to load SAML.config file

Hi,

I tried to load the SAML.config with the following code, but getting validation errors. Can you see what’s wrong with SAML.config definition?

SAMLConfigurations samlConfigs = SAMLConfigurationFile.Load(Server.MapPath(“~/SAML.config”));

<?xml version="1.0"?>
<SAMLConfiguration xmlns="urn:componentspace:SAML:2.0:configuration">
  <IdentityProvider 
	Name="TestIdentityProvider"
	Description="Local Test Identity Provider">
    <LocalCertificates>
      <Certificate FileName="Certificate\idp.pfx" Password="****"/>
    </LocalCertificates>
  <SingleSignOnServiceUrl>http://localhost/IDPInitiatedSSOTest/SAML/ReceiveAuthnRequest</SingleSignOnServiceUrl>
  <SingleLogoutServiceUrl>http://localhost/IDPInitiatedSSOTest/SAML/Logout</SingleLogoutServiceUrl>
  </IdentityProvider>
  
  <PartnerServiceProviders>
    <PartnerServiceProvider Name="MSSSOTEST"
                      AssertionConsumerServiceUrl="http://billpay.local/backoffice/sso/msssotest/account/logon"
                      SingleLogoutServiceUrl="http://billpay.local/backoffice/sso/msssotest/account/logout"
                      SignAuthnRequest="true"
                      EncryptAssertion="true"
                      SignSAMLResponse="true"
                      SignAssertion="true">
		  <PartnerCertificates>
			  <Certificate FileName="Certificate\sp.cer"/>
		  </PartnerCertificates>
	  </PartnerServiceProvider>
  </PartnerServiceProviders>
</SAMLConfiguration>

ComponentSpace.SAML2.Configuration.SchemaValidator.ValidateConfiguration(XmlDocument xmlDocument) in C:\Sandboxes\ComponentSpace\SAMLv20\Library\Configuration\SchemaValidator.cs:87
ComponentSpace.SAML2.Configuration.SAMLConfigurationFile.Load(String fileName) in C:\Sandboxes\ComponentSpace\SAMLv20\Library\Configuration\SAMLConfigurationFile.cs:191

The Configuration Guide in the documentation folder describes the syntax of the SAML configuration. There’s a saml-config-schema-v1.0.xsd file in the same folder which is the XML schema for the SAML configuration.

We also include a ValidateConfig project under the Examples\Configuration folder which validates the supplied SAML configuration file against the XML schema.

Here’s the result of running this against your SAML configuration:

ValidateConfig.exe saml.config
Validating saml.config.
One or more configuration XML schema validation errors occurred.
Line 0, Column 0: The element 'IdentityProvider' in namespace 'urn:componentspace:SAML:2.0:configuration' has invalid child element 'SingleSignOnServiceUrl' in namespace 'urn:componentspace:SAML:2.0:configuration'.
Line 0, Column 0: The 'SignAuthnRequest' attribute is not declared.

SingleSignOnServiceUrl and SingleLogoutServiceUrl are child attributes rather than elements.

SignAuthnRequest applies to <PartnerIdentityProvider> not <PartnerServiceProvider>.

The correct SAML configuration is:

<?xml version="1.0"?>
<SAMLConfiguration xmlns="urn:componentspace:SAML:2.0:configuration">
  <IdentityProvider 
	Name="TestIdentityProvider"
	Description="Local Test Identity Provider"
        SingleSignOnServiceUrl="http://localhost/IDPInitiatedSSOTest/SAML/ReceiveAuthnRequest"
        SingleLogoutServiceUrl="http://localhost/IDPInitiatedSSOTest/SAML/Logout">
    <LocalCertificates>
      <Certificate FileName="Certificate\idp.pfx" Password="****"/>
    </LocalCertificates>
  </IdentityProvider>
  
  <PartnerServiceProviders>
    <PartnerServiceProvider Name="MSSSOTEST"
                      AssertionConsumerServiceUrl="http://billpay.local/backoffice/sso/msssotest/account/logon"
                      SingleLogoutServiceUrl="http://billpay.local/backoffice/sso/msssotest/account/logout"
                      EncryptAssertion="true"
                      SignSAMLResponse="true"
                      SignAssertion="true">
		  <PartnerCertificates>
			  <Certificate FileName="Certificate\sp.cer"/>
		  </PartnerCertificates>
	  </PartnerServiceProvider>
  </PartnerServiceProviders>
</SAMLConfiguration>

If the saml.config is in the application’s root folder, we automatically load it from there unless it’s been supplied already. You shouldn’t have to call SAMLConfigurationFile.Load explicitly.

The SAML library makes use of a cookie to maintain SAML session state. This cookie must be set as secure. Therefore, all URLs must be https rather than http even in a development environment.