Skip to Content.
Sympa Menu

mace-opensaml-users - SAML SSO from .NET App to OpenSAML

Subject: OpenSAML user discussion

List archive

SAML SSO from .NET App to OpenSAML


Chronological Thread 
  • From: "Chen, James" <>
  • To:
  • Subject: SAML SSO from .NET App to OpenSAML
  • Date: Tue, 18 Dec 2007 11:37:44 -0600

Hi

 

I am trying to build a sample .NET App to generate a SAML (signed by X509Certificate) to be accepted by OpenSAML.

The recipient code is built using OpenSAML 1.0 (C++ version).

 

I got this error: “SAMLSignedObject::verify() failed to validate signature value”

 

I have noticed that the CanonicalizationMethod (generated by .NET Framework 1.1) is different from that of OpenSAML.

Is this the problem? (If it is, I will have to use .NET 2.0)

 

I wonder if anyone has done the similar thing successfully.

 

Thanks in advance for any pointers,

 

-James

 

---- attached is a sample of SAML string I have generated ----

<Response xmlns="urn:oasis:names:tc:SAML:1.0:protocol" IssueInstant="2007-12-14T07:34:45Z" MajorVersion="1" MinorVersion="1" Recipient="https://dev10-bna-pat.emdeon.com/secure/scripts/inq.dll" ResponseID="f043c4cc327df440e9653245f5bdf774" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">

<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">

<SignedInfo>

<CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />

<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />

<Reference URI="#f043c4cc327df440e9653245f5bdf774">

<Transforms>

<Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />

<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />

</Transforms>

<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />

<DigestValue>XBmVoAPknvTEik2ax3UG5Urczho=</DigestValue>

</Reference>

</SignedInfo>

<SignatureValue>NV3ze47P8wuBECGa6mo9ysQHmdZ/Dpjiz/NxEwbWi33JRYaOyQeopW0i6MEp8+Dgcaj2kyj5p+ImBKfkf3ahqn0ZwsUnEGgwX5D+uHoxcNluOFbD2Z+aalL3cHPqCG5ueykCIA7GJUEqX4n33bGKq5UHkc4fCyM358PKpIUo93U=</SignatureValue>

<KeyInfo>

<KeyValue xmlns="http://www.w3.org/2000/09/xmldsig#">

<RSAKeyValue>

<Modulus>qcPLwx2QKBg7HeW7rnKcSNLdhbc5CUzhgPZLetx3gcj3ic81iOtoO7Za0mUqo6iVXKv6CeagNf9CanntcSA4m7ZQUv455wj4tOPMG3ahoGtWJ/VsQEBepvETRq+o26f5Uqe2UHKrgy/iQny45EVAODSXbInImX/ECgA5vt/QqD0=</Modulus>

<Exponent>AQAB</Exponent>

</RSAKeyValue>

</KeyValue>

<X509Data xmlns="http://www.w3.org/2000/09/xmldsig#">

<X509Certificate>MIICbzCCAdigAwIBAgIBAjANBgkqhkiG9w0BAQQFADBtMQswCQYDVQQGEwJ1czELM

AkGA1UECBMCY28xETAPBgNVBAcTCExha2V3b29kMREwDwYDVQQKEwhUaHVkIEluYz

EQMA4GA1UEAxMHdGh1ZC51czEZMBcGCSqGSIb3DQEJARYKbWVAdGh1ZC51czAeFw0

wNTAzMjIwNzU5MTBaFw0zMjA4MDcwNzU5MTBaMIGNMQswCQYDVQQGEwJ1czELMAkG

A1UECBMCY2ExETAPBgNVBAcTCFNhbiBGcmFuMRIwEAYDVQQKEwlvdXQgdGhlcmUxE

DAOBgNVBAsTB25vd2hlcmUxFjAUBgNVBAMTDWJsYWgudGh1ZC5jb20xIDAeBgkqhk

iG9w0BCQEWEXNvbWVvbmVAc29tZXdoZXJlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADC

BiQKBgQCpw8vDHZAoGDsd5buucpxI0t2FtzkJTOGA9kt63HeByPeJzzWI62g7tlrS

ZSqjqJVcq/oJ5qA1/0Jqee1xIDibtlBS/jnnCPi048wbdqGga1Yn9WxAQF6m8RNGr

6jbp/lSp7ZQcquDL+JCfLjkRUA4NJdsiciZf8QKADm+39CoPQIDAQABMA0GCSqGSI

b3DQEBBAUAA4GBAGnH/vflieLobEw0oLGn+OBdgV/4E4lXj99qJ/hcXmdyqUCOT0k

kd4AFlGuimzvCIY7ubPXvgl62boUv6LJ+tYSz8AxvpQ7g5GeqUBgow/TNquj+7RbN

nRIZP/pxPiH9zSnqUmi9RNiRaSt8ACt80GouSZXnTJG44WjdtLI2HPiM

</X509Certificate>

</X509Data>

</KeyInfo>

</Signature>

<Status>

<StatusCode Value="Success" />

</Status>

<Assertion xmlns="urn:oasis:names:tc:SAML:1.0:assertion" AssertionID="fea9c416cc354c23a49a3962d8523fa4" IssueInstant="2007-12-14T07:34:45Z" Issuer="TESTX509" MajorVersion="1" MinorVersion="1" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">

<Conditions NotBefore="2007-12-14T07:34:45Z" NotOnOrAfter="2007-12-14T07:34:45Z" />

<AuthenticationStatement AuthenticationInstant="2007-12-14T07:34:45Z" AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:password">

<Subject xmlns="urn:oasis:names:tc:SAML:1.0:assertion">

<NameIdentifier>na</NameIdentifier>

<SubjectConfirmation>

<ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:bearer</ConfirmationMethod>

</SubjectConfirmation>

</Subject>

</AuthenticationStatement>

<AttributeStatement>

<Subject>

<NameIdentifier>na</NameIdentifier>

</Subject>

<Attribute AttributeName="VendorUserKey" AttributeNamespace="http://www.w3.org/XML/1998/namespace" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">

<AttributeValue>&lt;LoginID&gt;2007A&lt;/LoginID&gt;</AttributeValue>

</Attribute>

<Attribute AttributeName="VendorUserExtras" AttributeNamespace="http://www.w3.org/XML/1998/namespace" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">

<AttributeValue>NA</AttributeValue>

</Attribute>

</AttributeStatement>

</Assertion>

</Response>


Archive powered by MHonArc 2.6.16.

Top of Page