Screenshot Preview

ComponentSpace SAML v2.0 Component - Support

by ComponentSpace - Product Type: Component / .NET Class / 100% Managed Code

ComponentSpace SAML v2.0 Component (for SAML v2.0 specification only) can also be bought as part of ComponentSpace SAML Suite that includes components for both v1.1 and v2.0 SAML specifications.

ComponentSpace SAML v1.1 specification component can be found here: ComponentSpace for SAML 1.1 Component .

If you require information about ComponentSpace SAML Components, please visit the pages above or Contact Us for pricing and availability.

Support Forum

Customizing the Response prefix (saml2p) John Jay [NJ, USA] 11-Dec-2014 20:17:26

Hello, I'm new to SAML and is currently in the process of evaluating the CS SAML v2.0 Component. Our requirement is to construct and POST (HTTP-Redirect) a SAML response to a 3rd party payment gateway that has the following format (abbreviated):

<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" ID="Response-_xxxx" IssueInstant="2014-08-21T15:49:24.977Z" Version="2.0">
<saml2p:Status>
<saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
</saml2p:Status>
<saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" ID="SAMLAssertion-_xxxx" IssueInstant="2014-08-21T15:49:24.977Z" Version="2.0">
.....
</saml2:Assertion>
</saml2p:Response>

Note that the Respnse is prefixed with a "saml2p" instead of the regular "samlp". How do I do this using ComponentSource SAML 2.0?

Thanks!
-John Jay
Reply


ComponentSpace SAML v2.0 Component dhutz [VA, USA] 09-Jun-2014 21:15:30

I have SSO working ok as far as I can tell, but SLO gives this error every time.
It seems like it happens even before the request is made to the IdP.
I'm assuming I need to do something at sign on to make this work, but I can't figure out what.
Any tips?

Thanks,
Dave


ComponentSpace.SAML2.Exceptions.SAMLProtocolException: There is no SSO session to partner <idp id> to logout.
at ComponentSpace.SAML2.AbstractSAMLProvider.CreateLogoutRequest(String logoutReason) in c:\Sandboxes\ComponentSpace\SAMLv20\Library\AbstractSAMLProvider.cs:line 171
at ComponentSpace.SAML2.InternalSAMLServiceProvider.InitiateSLO(HttpResponse httpResponse, String logoutReason, String partnerIdP) in c:\Sandboxes\ComponentSpace\SAMLv20\Library\InternalSAMLServiceProvider.cs:line 626
at AlarmBusinessObjects.Authentication.AuthenticationManager.InitiateSeamlessLogout(HttpRequest Request, HttpResponse Response) in s:\Falcor\Software\DotNetShared\AlarmBusinessObjects\Authentication\AuthenticationManager.cs:line 73
Reply


ComponentSpace SAML v2.0 Component schakraborty [India] 16-Dec-2013 15:04:29

Hi,
While implementing IDP using HTTPRedirect vinding protocol sometimes we are receiving relaystate as blank. Please help.

case SAMLIdentifiers.BindingURIs.HTTPRedirect:
bool signed = false;

// Load the IdP certificate.
string fileName = Path.Combine(HttpRuntime.AppDomainAppPath, SpCertificateFileName);
// Sign the SAML response.
X509Certificate2 x509Certificate = LoadCertificate(fileName, SpCertificatePassword);

IdentityProvider.ReceiveAuthnRequestByHTTPRedirect(Request, out authnRequestXml, out relayState, out signed, x509Certificate.PublicKey.Key);
Reply


ComponentSpace SAML v2.0 Component jariwbh [India] 03-Dec-2013 13:27:25

Hi,

I am using SAML 2.0 Library in one of my SSO project. We are Service provider and trying to integrate IdP initated SAML response. We getting this error:

System.Security.Cryptography.Xml.SignedXml Information: 2 : [SignedMessage#01b6d401, BeginCheckSignedInfo] Checking signature on SignedInfo with id "(null)".
ComponentSpace.SAML2 Verbose: 0 : 2:42:25 PM: Exception: ComponentSpace.SAML2.Exceptions.SAMLSignatureException: Failed to verify the XML signature. ---> System.Security.Cryptography.CryptographicException: SignatureDescription could not be created for the signature algorithm supplied.
at System.Security.Cryptography.Xml.SignedXml.CheckSignedInfo(AsymmetricAlgorithm key)
at System.Security.Cryptography.Xml.SignedXml.CheckSignature(AsymmetricAlgorithm key)
at System.Security.Cryptography.Xml.SignedXml.CheckSignatureReturningKey(AsymmetricAlgorithm& signingKey)
at ComponentSpace.SAML2.Utility.XmlSignature.Verify(XmlElement xmlElement, AsymmetricAlgorithm signingKey, SignedXml signedXml) in c:\Sandboxes\ComponentSpace\SAMLv20\Library\Utility\XmlSignature.cs:line 527
--- End of inner exception stack trace ---
SP: Error in assertion consumer service -- Failed to verify the XML signature.: at ComponentSpace.SAML2.Utility.XmlSignature.Verify(XmlElement xmlElement, AsymmetricAlgorithm signingKey, SignedXml signedXml) in c:\Sandboxes\ComponentSpace\SAMLv20\Library\Utility\XmlSignature.cs:line 534
at ComponentSpace.SAML2.Utility.XmlSignature.Verify(XmlElement xmlElement, X509Certificate2 x509Certificate, SignedXml signedXml) in c:\Sandboxes\ComponentSpace\SAMLv20\Library\Utility\XmlSignature.cs:line 490


Any help ? It seems our system not able to intecept SHA256 signature.

Regards,
Bharat
Reply


ComponentSpace SAML v2.0 Component deepesh.mahule [India] 13-Nov-2013 14:03:35

Greetings .
We are in the process of evaluating your “SAML v2.0 Single Sign-On (SSO) Component for .NET” component for our application . during this process we have hit a road block .
Details are

My code is running smoothly without any error. but below code is not giving me any output. it simply whiteout my aspx page.

IdentityProvider.SendSAMLResponseByHTTPPost(Response, Configuration.AssertionConsumerServiceURL, samlResponseXml, targetURL);

I compare it with my old code which used the old dll of smal 1.1 and in the old code they have written custom function in the below manner

strHTML = sp.CreateBrowserPostForm(SAML.ToBase64String(samlResponseXml), targetURL);
StreamWriter swHTML = new StreamWriter(Response.OutputStream);
swHTML.Write(strHTML);
swHTML.Close();

My queries are blow
1. Do we have any alternate function in SAML 2.0 like in SAML 1.1 SAML.ToBase64String() which take XMLElement as param? IF not can i just convert in byte arrey using convert.ToBase64() method of .Net Framework. like below
//byte[] byt = System.Text.Encoding.UTF8.GetBytes(samlResponseXml.OuterXml.ToString()); and pass the byt to the SendSAMLResponseByHTTPPost function

2.Why my after executing SendSAMLResponseByHTTPPost() my page is getting blank out, instead of it should redirect to resource Page.
Reply


ComponentSpace SAML v2.0 Component erwin.cuppens [Belgium] 17-Oct-2013 09:04:53

Hi,

We are implementing SSO using the SAML 2.5.0.6 library.
The implementation was very easy but there is 1 issue.

Sometimes when we get the answer from the IDP an exception occurs with the following message:

Exception occurred while receiving SAML_Login request. [Exception: ComponentSpace.SAML2.Exceptions.SAMLException: The SAML assertion is outside the valid time period.
at ComponentSpace.SAML2.SAMLServiceProvider.CheckConditions(SAMLAssertion samlAssertion)
at ComponentSpace.SAML2.SAMLServiceProvider.ProcessSAMLAssertion(SAMLAssertion samlAssertion, String& userName, SAMLAttribute[]& attributes)
at ComponentSpace.SAML2.SAMLServiceProvider.ProcessSAMLResponse(XmlElement samlResponseElement, Boolean& isInResponseTo, String& userName, SAMLAttribute[]& attributes)
at ComponentSpace.SAML2.SAMLServiceProvider.ReceiveSSO(HttpRequest httpRequest, Boolean& isInResponseTo, String& partnerIdP, String& userName, SAMLAttribute[]& attributes, String& relayState)
at SIM.Web.login_saml.Page_Load(Object sender, EventArgs e)]

The clock at the SP and the IdP are in sync so that is not the issue is guess.

Someone has any ideas?

Regards,

Erwin
Reply


ComponentSpace SAML v2.0 Component muralid [India] 14-Aug-2013 07:17:55

Greetings .

We are in the process of evaluating your “SAML v2.0 Single Sign-On (SSO) Component for .NET” component for our application . during this process we have hit a road block .
Details are

// Verify the SAML assertion signature
if (!SAMLMessageSignature.Verify(samlAssertionElement, x509Certificate))
throw new ArgumentException("The SAML response signature failed to verify.");

The above operation fails with this error –

ComponentSpace.SAML2 Verbose: 0 : 10:37:12 AM: Exception: ComponentSpace.SAML2.SAMLSignatureException: Failed to verify the XML signature. ---> System.Security.Cryptography.CryptographicException: SignatureDescription could not be created for the signature algorithm supplied.
at System.Security.Cryptography.Xml.SignedXml.CheckSignedInfo(AsymmetricAlgorithm key)
at System.Security.Cryptography.Xml.SignedXml.CheckSignature(AsymmetricAlgorithm key)
at ComponentSpace.SAML2.XmlSignature.Verify(XmlElement xmlElement, AsymmetricAlgorithm signingKey, SignedXml signedXml)
--- End of inner exception stack trace ---

The SAML response from our ADFS STS uses –
<ds:SignatureMethod Algorithm="...xmldsig-more#rsa-sha256" />
Reply

RE: ComponentSpace SAML v2.0 Component dcumings [MI, USA] 26-Aug-2013 17:04:38

We recently switched to a new server and started receiving this error. We added the Security.Cryptography.dll to the gac which has Security.Cryptography.RSAPKCS1SHA256SignatureDescription.

We also added the changed to the machine.config in both the framework64 and 32 bit version of the .net 4.0 folder.

I have cleared the temp files from both .net version and I have restarted the machine. When I am debugging in visual stuido I get this error when I run this line of code:

SAMLMessageSignature.Generate(samlResponseXml, x509Certificate.PrivateKey, x509Certificate,null,"<can''t post url sha256 url>","<can't post url>");
Reply


ComponentSpace SAML v2.0 Component musonawane [CA, USA] 05-Jul-2013 16:58:08

I am successfully able to build my PoC to perform SSO using our Portal (which acts as IDP) with sample third party system website (which acts as SP). Now, our requirement is, we have to integrate with multiple third party sites (SPs) and I could not figure out from the documentation of component space, how to achieve this. I am using IDP-Initiated approach, and now I have only option to include single entry for following in web.config:
- AssertionConsumerServiceURL
- SPTargetURL
Need help to achieve integration with multiple third party systems for SSO. Also I want to keep impact minimal in production in case I have to keep adding more third party systems, simply changing web.config I should be able to complete the integration.
One approach I have in mind is, based on specific query parameter (third party system name) in SSOHandler (of IDP), determine the AssertionConsumerServiceURL and SPTargetURL from config.
Reply


ComponentSpace SAML v2.0 Component awang [CT, USA] 30-May-2013 20:49:16

How to keep the IdP session alive from the SP? As long as the SP's session is not expired, we would like to keep the IdP's session active. So a second (and third, etc.) SP can log in without being re-authenticated again.

Thanks,
Reply


ComponentSpace SAML v2.0 Component raveen.san [India] 02-May-2013 13:27:42

Hi
I Have Encrypted SamlAssertion successfully but when i try to decrypt iam getting " Failed to decrypt SAML assertion " Error what is the reason please help me.

Thanks & Regards
Raveendra Sanikommu
Reply


ComponentSpace SAML v2.0 Component fredbutters [CA, USA] 23-Apr-2013 20:55:19

I tried posting this earlier but I don't think it worked for some reason.

Do I have to include the KeyInfo node in the EncryptedAssertion when creating a new EncryptedAssertion for a SAML Response? If not, how can I remove it? This is my code right now


XmlElement xmlSamlAssertion = samlAssertion.ToXml();
SAMLAssertionSignature.Generate(xmlSamlAssertion, ourCert.PrivateKey, ourCert);
EncryptedAssertion encryptedAssertion = new EncryptedAssertion(xmlSamlAssertion, vendorCert, new EncryptionMethod(EncryptedXml.XmlEncAES128Url));
samlResponse.Assertions.Add(encryptedAssertion);


Thanks
Reply


ComponentSpace SAML v2.0 Component raveen.san [India] 08-Mar-2013 13:31:13

Hi
we have sp and idp , and a third party website first i will log in into third party website without using idp ,durin login only the login to my sp should happen using idp and then when i clicked a link in that site it should directly goto sp website hoew to do it
Reply


ComponentSpace SAML v2.0 Component priyanka.padwal [India] 05-Mar-2013 15:23:47

I want to Implement SAML2.0 Single Sign on. But I did not understand how to do that, I checked with SAML they said,

We only have the service provider (SP) part implemented, and I assume you'd implement the identity part (IdP) part.

Basically, we'll need from you:

IdP URL
SingleSignOnService URL
SingleLogoutService URL
an SSL certificate
a certificate fingerprint
The last two only need to be exchanged once and can be shared with every client. The first three are usually specific to the school.

Can you please suggest me, How I can provide Idp URL , SingleSignOnService URL and SingleLogoutService URL.
Or please let me know, what can I provide him

Please Help !!!!! I am in trouble
Reply


ComponentSpace SAML v2.0 Component raveen.san [India] 01-Mar-2013 08:24:40

which type of data can we send through saml assertio or authen requests, i mean can we send any type of data like xml document ,complex data,and large amount of data
please give me reply .


Raveendra Sanikommu
Reply


ComponentSpace SAML v2.0 Component raveen.san [India] 01-Mar-2013 07:24:42

HI,
I am planing imolement saml with my website as Service Provider .and ihave a link to another ServiceProvider in my web site ,when i click on it ,it should go to new Service Provider witout login .how to implement it with SP-Inotiated SSO .Please Describe me how to do it.its urgent



Thanks and regards
Raveendra Reddy sanikommu
Reply


ComponentSpace SAML v2.0 Component mukesh.patel [CA, USA] 26-Jan-2013 02:33:39

Please provide information regarding what is being checked with this call: SAMLMessageSignature.IsSigned

Detailed explanation of what is being checked would really help us resolve an issue that is blocking us in testing with a client where this call is consistently failing. Have also seen instances where this call intermittently fails in our production.
Reply


ComponentSpace SAML v2.0 Component jackson.p23 [India] 15-Jan-2013 08:50:24

Hi I have configured the SAML in my application we are acting as service providers. im able to successfully generate the request but when i try to resolve the Artifact im getting the below error.
Failed to receive artifact resolve request


Code snippet:

Trace.Write("SP", "Processing artifact resolve request");

// Receive the artifact resolve request.
XmlElement artifactResolveXml = ArtifactResolver.ReceiveArtifactResolve(Request);
Reply

RE: ComponentSpace SAML v2.0 Component ComponentSpace Support 15-Jan-2013 09:13:53

I just want to confirm that you are using the Http/Artifact binding. In other words, you are receiving a message not via the browser using Http/Redirect or Http/Post but instead using SOAP over a back channel.

Assuming this is the case, there must be some issue attempting to receive the artifact resolve request.

Could you capture the entire exception being thrown, including the stack trace, using Exception.ToString()?

Also, could you capture a trace as per the instructions in section 7.1 of our User Guide and send the log file to our support email address?

I suspect a valid SOAP message is not being received but the trace will confirm this.

Thanks.
Reply

RE: RE: ComponentSpace SAML v2.0 Comp... jackson.p23 [India] 15-Jan-2013 09:16:50

yes im using artifact binding.

will send u the details.
Reply

RE: RE: RE: ComponentSpace SAML ... jackson.p23 [India] 15-Jan-2013 09:39:35

Hi I have mailed it to:support@componentsource.com, all the details which u have asked for please have it reviewed.
Reply

RE: RE: RE: RE: ComponentSp... ComponentSpace Support 15-Jan-2013 10:23:52

Could you please email directly to support@componentspace.com? Thanks.
Reply

RE: RE: RE: RE: RE: Co... jackson.p23 [India] 15-Jan-2013 10:52:03

I have sent please review the same.
Reply

RE: RE: RE: RE: RE: RE... jackson.p23 [India] 15-Jan-2013 11:06:18

Below is the log which we have got.

ComponentSpace.SAML2 Verbose: 0 : 2:57:35 PM: Received SOAP request:
ComponentSpace.SAML2 Verbose: 0 : 2:57:35 PM: Exception: ComponentSpace.SAML2.SAMLBindingException: Failed to receive request over SOAP. ---> System.Xml.XmlException: Root element is missing.
at System.Xml.XmlTextReaderImpl.Throw(Exception e)
at System.Xml.XmlTextReaderImpl.ParseDocumentContent()
at System.Xml.XmlTextReaderImpl.Read()
at System.Xml.XmlLoader.Load(XmlDocument doc, XmlReader reader, Boolean preserveWhitespace)
at System.Xml.XmlDocument.Load(XmlReader reader)
at ComponentSpace.SAML2.XmlHelper.LoadDocument(String xmlText)
at ComponentSpace.SAML2.Bindings.SOAPBinding.ReceiveRequest(HttpRequest httpRequest)
--- End of inner exception stack trace ---
ComponentSpace.SAML2 Verbose: 0 : 2:57:35 PM: Exception: ComponentSpace.SAML2.SAMLProfileException: Failed to receive artifact resolve request ---> ComponentSpace.SAML2.SAMLBindingException: Failed to receive request over SOAP. ---> System.Xml.XmlException: Root element is missing.
at System.Xml.XmlTextReaderImpl.Throw(Exception e)
at System.Xml.XmlTextReaderImpl.ParseDocumentContent()
at System.Xml.XmlTextReaderImpl.Read()
at System.Xml.XmlLoader.Load(XmlDocument doc, XmlReader reader, Boolean preserveWhitespace)
at System.Xml.XmlDocument.Load(XmlReader reader)
at ComponentSpace.SAML2.XmlHelper.LoadDocument(String xmlText)
at ComponentSpace.SAML2.Bindings.SOAPBinding.ReceiveRequest(HttpRequest httpRequest)
--- End of inner exception stack trace ---
at ComponentSpace.SAML2.Bindings.SOAPBinding.ReceiveRequest(HttpRequest httpRequest)
at ComponentSpace.SAML2.Profiles.ArtifactResolution.ArtifactResolver.ReceiveArtifactResolve(HttpRequest httpRequest)
--- End of inner exception stack trace ---
Reply

RE: RE: RE: RE: RE: RE... ComponentSpace Support 16-Jan-2013 09:50:18

I've replied to your email.
Reply


ComponentSpace SAML v2.0 Component jackson.p23 [India] 10-Jan-2013 13:54:49

Hi,

I am planning to buy the ComponentSpace SAML v2.0 Component but before that i have to give a demo with my application. when i tested with a stand alone application it works well but when i referenced the dll to my application and built the solution i had build errors due to below code.

samlResponse.GetEncryptedAssertions()[0].Decrypt(x509Certificate.PrivateKey, null, null);

Error 7 Argument 3: cannot convert from '<null>' to 'System.Security.Cryptography.Xml.EncryptionMethod'.
Please help me i have already suggested it to my client.
Reply

RE: ComponentSpace SAML v2.0 Component ComponentSpace Support 11-Jan-2013 23:24:34

Which version of Visual Studio are you using?

Are you using the .NET 2.0 or .NET 4.0 version of our DLL?
Reply


ComponentSpace SAML v2.0 Component V2.4.0.11 richard.cairns [United Kingdom] 12-Dec-2012 15:44:29

When I compile my ComponentSpace SAML v2.0 source code (V2.4.0.11 - for .NET v2) and try and use the compiled DLL to create a SAMLResponse object I am getting the following error:

{"Inheritance security rules violated while overriding member: 'ComponentSpace.SAML2.Assertions.SAMLAssertion.GetObjectData(System.Runtime.Serialization.SerializationInfo, System.Runtime.Serialization.StreamingContext)'. Security accessibility of the overriding method must match the security accessibility of the method being overriden.":"ComponentSpace.SAML2.Assertions.SAMLAssertion.GetObjectData(System.Runtime.Serialization.SerializationInfo, System.Runtime.Serialization.StreamingContext)"}
System.TypeLoadException: {"Inheritance security rules violated while overriding member: 'ComponentSpace.SAML2.Assertions.SAMLAssertion.GetObjectData(System.Runtime.Serialization.SerializationInfo, System.Runtime.Serialization.StreamingContext)'. Security accessibility of the overriding method must match the security accessibility of the method being overriden.":"ComponentSpace.SAML2.Assertions.SAMLAssertion.GetObjectData(System.Runtime.Serialization.SerializationInfo, System.Runtime.Serialization.StreamingContext)"}

The line of code that generates this error is:

mySAMLResponse = CreateSAMLResponse2(strUserID)

The code does not even get into my CreateSAMLResponse2 method, it just throws the exception above.

However I have a ComponentSpaceSAML2.dll that I downloaded back in August (30/8/2012) with a version number of 2.4.0.11 which works perfectly?????
Why doesn't my compiled source code version work?
Reply

RE: ComponentSpace SAML v2.0 Component V2.... ComponentSpace Support 11-Jan-2013 23:22:09

We ship a .NET 2.0 version of the DLL and a .NET 4.0 version of the DLL. The .NET 2.0 version may be used with .NET 2.0 or later applications. The .NET 4.0 version is for .NET 4.0 or later applications including MVC applications. This error occurs if you try to use the .NET 4 version of the DLL with a .NET 2 application. Make sure to use the .NET 2 DLL in this case.
Reply


SSO and Fiddler Som [TX, USA] 09-Nov-2012 20:56:47

Can the tool Fiddler be used for tracking the SSO requests and responses? I tried to install and am able to view HTTP traffic but not HTTPS. Could you please point me to waht could be the reason behind this? I greatly appreciate any suggestions.

Thanks in advance.
Reply

RE: SSO and Fiddler ComponentSpace Support 11-Jan-2013 23:18:10

Please take a look at the Fiddler web site which describes support for SSL.
Reply


Sign the authentication request for SLO kaushal.kumar [India] 22-Aug-2012 07:40:53

Hi,

During login, we are checking this if (SAMLConfiguration.AuthnRequestsSigned) is true:

// Sign the authentication request.
X509Certificate2 x509Certificate2 = SAMLConfiguration.ServiceProviderCertificate;
SAMLMessageSignature.Generate(authnRequestXml, x509Certificate2.PrivateKey, x509Certificate2);


Now when we do logout for SLO, we are not sending any such type of call to sign the authentication request for logout. Is it required?

Thank you,
Regards,
Kaushal Kumar
Reply

RE: Sign the authentication request for SLO ComponentSpace Support 22-Aug-2012 08:01:23

Signing the logout request is not required but it is advisable. Generally this is something that is agreed to between the identity provider and service provider based on the specific security requirements.
Reply


Q: POST the SAMLP Response directly to SP -> SSO? adam_j_bradley [Australia] 23-Jul-2012 03:57:22

I realise its counter-intuitive, but I was wondering if its possible (in simple situations) to skip the SP initiated flow and simply POST a well formed SAMLP response to the SP?

Sincerely,
//Adam
Reply

RE: Q: POST the SAMLP Response directly to... ComponentSpace Support 23-Jul-2012 09:33:01

This is called IdP-initiated SSO. Take a look at the SSO/IdP-initiated SSO examples that we ship.
Reply


ComponentSpace SAML v2.0 Component adam_j_bradley [Australia] 21-Jul-2012 01:46:46

I'm evaluating this component and I'm trying to create the following NameID format fragment in a Response/Assertion/AttributeStatement/Attribute without success.

<saml2:Attribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.10" FriendlyName="eduPersonTargetedID">
<saml2:AttributeValue>
<saml2:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" SPNameQualifier="urn:federation:MicrosoftOnline" NameQualifier="https://idp1.adambradleyconsulting.com/idp/shibboleth">7eGHFjYgVMUTAqyF+p5cVoKr9g9=
</saml2:NameID>
</saml2:AttributeValue>
</saml2:Attribute>

Any advice warmly received!

Sincerely,
//Adam
Reply

RE: ComponentSpace SAML v2.0 Component ComponentSpace Support 21-Jul-2012 04:05:02

Hi Adam

The <AttributeValue> content can be anything you like including XML. However, it does seem a little unusual to include a NameID as the content of an AttributeValue.

Nevertheless, the following code will generated the XML you supplied.

Please note the use of the SAMLAttribute.RegisterAttributeValueSerializer. This tells our component to serialize the supplied attribute value as XML rather than as a string etc.

Also, the generated XML uses the saml: prefix rather than the saml2: prefix in your XML. Either is fine and should present no issues to the receiver of the XML.

SAMLAttribute.RegisterAttributeValueSerializer("urn:oid:1.3.6.1.4.1.5923.1.1.1.10", SAMLIdentifiers.AttributeNameFormats.URI, new XmlAttributeValueSerializer());
SAMLAttribute samlAttribute = new SAMLAttribute("urn:oid:1.3.6.1.4.1.5923.1.1.1.10", SAMLIdentifiers.AttributeNameFormats.URI, "eduPersonTargetedID");

NameID nameID = new NameID(
"7eGHFjYgVMUTAqyF+p5cVoKr9g9=",
"https://idp1.adambradleyconsulting.com/idp/shibboleth",
"urn:federation:MicrosoftOnline",
SAMLIdentifiers.NameIdentifierFormats.Persistent,
null);

samlAttribute.Values.Add(new AttributeValue(nameID.ToXml(new System.Xml.XmlDocument())));
Reply


ComponentSpace SAML v2.0 Component kumar.v [India] 12-Jul-2012 13:14:28

Hi,

We are evaluating ComponentSpace SAML v2.0.
I am getting the below error.

SAML2: 7:03:57 PM: Exception: ComponentSpace.SAML2.SAMLSignatureException: The XML does not contain a signature.
SAML2: 7:03:57 PM: Exception: ComponentSpace.SAML2.SAMLSignatureException: Failed to verify the XML signature. ---> ComponentSpace.SAML2.SAMLSignatureException: The XML does not contain a signature.
at ComponentSpace.SAML2.XmlSignature.Verify(XmlElement xmlElement, AsymmetricAlgorithm signingKey, SignedXml signedXml

I am calling ADFS sever to get identity info. The server is returning the response. When i try to verify the certificate , i am getting the above error.
Kindly help me in solving this issue. Quick reply is really appreciated.

Regards,
Kumar V.
Reply

RE: ComponentSpace SAML v2.0 Component ComponentSpace Support 12-Jul-2012 13:29:31

ADFS typically doesn't sign the SAML response but instead signs the SAML assertion contained in the SAML response. Make sure you are attempting to verify the SAML assertion signature. If there's still an issue, please post a section of your code showing how you are verifying the signature. The AssertionExample project demonstrates how to verify a SAML assertion signature.
Reply

RE: RE: ComponentSpace SAML v2.0 Comp... kumar.v [India] 13-Jul-2012 05:56:58

Hi,
Thanks for your quick reply.

I have skipped the certificate verification part. I am getting casting error now,when i use the below line of code.

Dim samlAssertion As SAMLAssertion = samlResponse.Assertions(0)

Unable to cast object of type 'System.Xml.XmlElement' to type 'ComponentSpace.SAML2.Assertions.SAMLAssertion'.
at SAML_AssertionConsumerService.ProcessSuccessSAMLResponse(SAMLResponse samlResponse, String relayState)
at SAML_AssertionConsumerService.ProcessSAMLResponse()
at SAML_AssertionConsumerService.Page_Load(Object sender, EventArgs e)

Kindly help in resolving this.

Thanks,
Kumar V
Reply

RE: RE: RE: ComponentSpace SAML ... ComponentSpace Support 13-Jul-2012 08:44:05

If the SAML assertion is signed then we return it as an XmlElement so its signature may be verified. Section 9 of our User Guide describes the various ways to extract SAML assertions from a SAML response.

The Assertions property returns all assertions whether they're signed, encrypted or otherwise. The GetAssertions() method will return all unsigned, unencrypted assertions. The GetSignedAssertions() method will return all signed assertions. The following code demonstrates getting the signed assertion, verifying its signature and constructing a SAMLAssertion object from the XML. You would need to do something similar.

// The SAML response contains a signed SAML assertion
XmlElement samlAssertionElement = samlResponse.GetSignedAssertions()[0];

// Verify the SAML assertion signature
if (!SAMLAssertionSignature.Verify(samlAssertionElement, x509Certificate)) {
// Handle error – not shown here
}

// Parse the SAML assertion XML
SAMLAssertion samlAssertion = new SAMLAssertion(samlAssertionElement);
Reply


ComponentSpace SAML v2.0 Component Alejandro.Suarez [MD, USA] 06-Jul-2012 16:37:00

We bought ComponentSpace SAML v2.0 for .NET and we're having some issues on the receiving end of the SSO calls.

The service provider is a .NET MVC 3 application. When receiving the SsoResponse the application hangs until timeout. Once the browser has timed out, the processing of the HttpRequest continues (although by now it's too late since the browser has closed the connection) and the encrypted payload in the FormCollection is truncated. Using Fiddler we verified that the request coming through the wire is complete, the truncation definitely happens on the serving application.

This happens on all development machines, which are Windows Vista. When running the application on a Windows Server machine everything works fine. Are there any limitations when running ComponentSpace SAML v2.0 on Windows Vista?

Thanks.
Reply

RE: ComponentSpace SAML v2.0 Component ComponentSpace Support 06-Jul-2012 22:36:02

There aren't any restrictions running on Vista or any of the current Windows platforms.

When the SAML response is sent to your service provider's assertion consumer service page, are you actually receiving an HTTP request at this page?

From your Fiddler trace, it sounds like the SAML response is being sent from the browser to your application. I'm just not sure if what you are saying is that you never receive the SAML response at your web page or that you do and then there's a problem when you call ServiceProvider.ReceiveSAMLResponseByHTTPPost.

If the HTTP request containing the SAML response is not being received at your app's page then it must be something to do with the environment rather than a call to our API.

Let me know what you find.

Thanks.
Reply

RE: RE: ComponentSpace SAML v2.0 Comp... Alejandro.Suarez [MD, USA] 10-Jul-2012 14:04:24

The application receives the HttpRequest. The request process is executed up until ServiceProvider.ReceiveSAMLResponseByHTTPPost is called, which hangs until the request times out. Digging deeper I found that the hang occurs when the component attempts to read the posted data (httpRequest.Form[variableName]). To confirm this I tried to access the form data from my code before calling ServiceProvider.ReceiveSAMLResponseByHTTPPost and the same behavior was experienced: processing hangs whenever I try to use the Form object even before any ComponentSpace.SAML2 .Net code is executed on the server. This only happens when the request is a SAML response, which is generated by the ComponentSpace SAML2 code on the client.
Reply

RE: RE: RE: ComponentSpace SAML ... ComponentSpace Support 10-Jul-2012 23:08:40

Thanks for the extra information. I'm not sure why reading the form variable would cause the hang. Would you be able to enable trace as per the instructions in section 7.1 of our User Guide and send me the generated SAML log file? Also, are you able to capture the HTTP traffic using Fiddler and send me the Fiddle file? Please email these to support@componentspace.com. Thanks.
Reply


ComponentSpace SAML v2.0 Component jibarra [TX, USA] 29-Jun-2012 22:26:05

I am signing my assesrtion using this call :
------------ SAMLAssertionSignature.Generate(samlAssertionElement, x509Certificate.PrivateKey, x509Certificate);
when I inspect my saml there is no node with the signature on it... what am I doing wrong>>>>>

thanks...
Reply

RE: ComponentSpace SAML v2.0 Component ComponentSpace Support 02-Jul-2012 10:32:10

The signature will be included under the SAML assertion element. Please take a look at the AssertionExample project that demonstrates how to call SAMLAssertionSignature.Generate etc.

If you're stilll having problems, please contact us by email including a section of your code where you are generating the signature and where you are not seeing the signature.
Reply


ComponentSpace SAML v2.0 Component jibarra [TX, USA] 29-Jun-2012 14:43:02

When Encrypting an assertion does it have to be done befor signing it or after? Also whose key do I use I am the IDP, do I user the IDP or the SP's ??
thanks.
Reply

RE: ComponentSpace SAML v2.0 Component ComponentSpace Support 29-Jun-2012 22:20:09

Signing occurs before encryption so you must firstly sign the SAML assertion and then encrypt it.

The SAML assertion is signed using the IdP's private key.

The SAML assertion is encrypted using the SP's public key.

When received at the SP, the SAML assertion is decrypted using the SP's private key and then the signature verified using the IdP's public key.

Please take a look at the AssertionExample project which demonstrates this.
Reply


ComponentSpace SAML v2.0 Component (dotNet 4) jame.mackson [MN, USA] 12-Jun-2012 20:13:46

Error Message: Value of type 'System.Web.HttpResponse' cannot be converted to 'System.Web.HttpResponseBase'

I am working on the trial version of the v2.0 SAML components in dotNet4. I notice that the method parameters for IdentityProvider.SendSAMLResponseByHTTPPost are different for the dotNet 2 vs the dotNet 4 version of the DLL. The dotNet4 version is calling for an HttpResponseBase object and will not accept the HttpResponse object that we have access to - thus the above error message. Has anyone else seen this error and/or know how to work around this error?

Any help is appreciated.
Reply

RE: ComponentSpace SAML v2.0 Component (do... jame.mackson [MN, USA] 12-Jun-2012 20:39:46

Ok figured out that this will allow converting the HttpResponse to the HttpResponseBase:

Dim r As New HttpResponseWrapper(Response)
IdentityProvider.SendSAMLResponseByHTTPPost(r, assertionServiceURL, samlResponseXml, relayState)

Hope this helps others encountering this issue.
Reply

RE: RE: ComponentSpace SAML v2.0 Comp... ComponentSpace Support 13-Jun-2012 10:13:39

Thanks Jame for replying with this information.

The .NET 2.0 version of the component uses the .NET HttpRequest and HttpResponse classes. The .NET 4 framework includes HttpRequestBase and HttpResponseBase classes. We use these classes in the .NET 4.0 version of the component as it provides better support for MVC apps etc as well as test frameworks with mock objects based off these two classes.

The .NET HttpRequestWrapper and HttpResponseWrapper classes may be used to convert from HttpRequest and HttpResponse to HttpRequestBase and HttpResponseBase respectively.

For example, using the .NET 4 version of the IdentityProvider.SendSAMLResponseByHTTPPost method,

IdentityProvider.SendSAMLResponseByHTTPPost(new HttpResponseBase(Response), ...
Reply


ComponentSpace SAML v2.0 Component praveen.patel.17 [India] 06-May-2012 22:33:19

I have posted the saml response through "SendSAMLResponseByHTTPPost" and i want to display the webpage in my iframe of current page. How to proceed, please help me
Reply

RE: ComponentSpace SAML v2.0 Component ComponentSpace Support 07-May-2012 00:10:37

I'm not sure what you mean by displaying the web page.

SendSAMLResponseByHTTPPost creates a form containing the SAML response in the HTTP response that's returned to the browser . The browser then posts this form to the target service provider.

Could you provide some more detail as to what you wish to achieve, what web page you wish to display etc?

You're also welcome to contact us directly if you prefer.
Reply

RE: RE: ComponentSpace SAML v2.0 Comp... praveen.patel.17 [India] 07-May-2012 16:53:44

Actually i am acting here as an identity provider, user will login at my side(identity initiated) then i will generate the SAML response then i will try to fetch the target url and post the SAML response. Service provider will decrypt the saml response and return back to browser. i am able to achive this but after posting the SAML response to target url my web page is redirected to service provider side. I want to display the service provider web page at identity provider side in iframe.
Reply

RE: RE: RE: ComponentSpace SAML ... ComponentSpace Support 09-May-2012 11:48:04

This is more of an HTML/web app issue rather than a SAML SSO issue. I'll try to get you some sample code asap. Please contact us directly at support@componentspace.com. Thanks.
Reply


ComponentSpace SAML v2.0 Component wellclicks [MN, USA] 25-Apr-2012 18:32:20

Hi,

We're trying to use the ComponentSpace SAML v2.0 Component in an application we have deployed to a number of different locations on the same server, customized for each client. In our primary application, everything works properly. However, in all of the other applications, we get the following error when trying to generate the signature to sign the SAML Response:

ComponentSpace.SAML2.SAMLSignatureException: Failed to generate XML signature. ---> System.Security.SecurityException: XmlResolver can be set only by fully trusted code. ---> System.Security.SecurityException: Request failed. at System.Security.CodeAccessSecurityEngine.Check(Object demand, StackCrawlMark& stackMark, Boolean isPermSet) at System.Security.PermissionSet.Demand() at System.Xml.XmlDocument.set_XmlResolver(XmlResolver value) The action that failed was: Demand The type of the first permission that failed was: System.Security.PermissionSet The demand was for: The assembly or AppDomain that failed was: Anonymously Hosted DynamicMethods Assembly, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null The Zone of the assembly that failed was: MyComputer The Url of the assembly that failed was: file:///C:/Windows/assembly/GAC_64/mscorlib/2.0.0.0__b77a5c561934e089/mscorlib.dll
...

There is no difference in the code or assemblies between the application that works and the application that doesn't, all assemblies/certificate files have the same permissions, and all applications have full trust. Do you have any pointers or ideas about why this isn't working?

Thanks...
Reply

RE: ComponentSpace SAML v2.0 Component ComponentSpace Support 26-Apr-2012 10:01:36

It sounds like a trust configuration issue but you said all apps are configured for full trust.

Could you please compare the configuration of the app that's failing with one of the apps that works?

Let me know what you find.

Thanks.
Reply

RE: ComponentSpace SAML v2.0 Component jibarra [TX, USA] 28-Jun-2012 23:08:47

I am getting the Same error. Do I need the password for the certificate >??
thanks.
Reply

RE: RE: ComponentSpace SAML v2.0 Comp... ComponentSpace Support 28-Jun-2012 23:37:08

The "XmlResolver can be set only by fully trusted code" is a trust/permissions configuration issue. Are you running with full trust?
Reply


ComponentSpace SAML v2.0 Component derek.doyle [IL, USA] 20-Mar-2012 15:36:00

We are using ComponentSpace SAML v2.0 for SSO and we are trying to call IdentityProvider.SendSAMLResponseByHTTPPost from a VB.NET object (not a code-behind) and can't get the post and redirect to happen. Since this is not a code behind, we do not have access to System.Web.UI.Page.Response so we are trying to use System.Web.HttpContext.Current.Response (the object already inherits from a base class, so we can't inherit System.Web.UI.Page either). When we call this method, it does not throw an exception, but the post does not happen and the browser is not redirected. Do you have any suggestions as to how else we can call this method?

Below is an example of how we are trying to call this method:
IdentityProvider.SendSAMLResponseByHTTPPost(System.Web.HttpContext.Current.Response, strURL, samlResponseXml, strRelayState)
Reply

RE: ComponentSpace SAML v2.0 Component ComponentSpace Support 26-Apr-2012 09:56:14

I'm not sure what the issue is but I suggest using code-behind.
Reply


ComponentSpace SAML v2.0 Component gregg.gilbert [NH, USA] 06-Jan-2012 18:55:30

Hello, I am in the process of evaluating the saml 2.0 class libraries. I installed the IDP initiated SSO example (4.3 & 4.4 in the User Guide). The service provider app is fine. But I receive and error on the idp app. Details below. Can you advise on what the issue is?

Server Error in '/SAML2IdP' Application.
--------------------------------------------------------------------------------

Compilation Error
Description: An error occurred during the compilation of a resource required to service this request. Please review the following specific error details and modify your source code appropriately.

Compiler Error Message: CS0246: The type or namespace name 'ComponentSpace' could not be found (are you missing a using directive or an assembly reference?)

Source Error:
[No relevant source lines]
Source File: Line: 0

c:\Program Files (x86)\ComponentSpace\SAML v2.0 for .NET\Examples\SSO\IdP-Initiated\SAML2IdP\App_Code\Configuration.cs(12,7): error CS0246: The type or namespace name 'ComponentSpace' could not be found (are you missing a using directive or an assembly reference?)
Reply

RE: ComponentSpace SAML v2.0 Component ComponentSpace Support 29-Feb-2012 23:25:28

Make sure you build and publish the app to IIS. There are a number of ways to do this but one way is to:

1. From Visual Studio, build and publish the SAML2IdP to some file system directory.
2. Using the IIS management console, create an application called SAML2IdP and browse to the directory from step #1.

The steps for building and publishing the SAML2IdP and SAML2SP apps are basically the same.
Reply


ComponentSpace SAML v2.0 Component nnalapareddy [India] 07-Sep-2011 11:51:58

We have bought ComponentSource SAML 2.0 for .Net.
While signing the SAML assertion the Service provider is expecting a prefix "ds:" before the signature and signedinfo

So instead of:

<Signature xmlns="">...</Signature>

I need the following:

<ds:Signature xmlns:ds="">...</ds:Signature>

Could you please help on how to generate this signature with a prefix 'ds:'

Thanks.
Reply

RE: ComponentSpace SAML v2.0 Component ComponentSpace Support 29-Feb-2012 23:33:07

We use the .NET class SignedXml for XML signature support and, unfortunately, it doesn’t permit setting the prefix.

Most Java implementations set the prefix to “ds” and sometimes people incorrectly believe that the prefix must be “ds”.

However, the only things that matter are the element names and namespace. The prefix value can be anything you like.

From our experience, when a signature fails to verify people sometimes assume it's because of the missing prefix. Invariably this is not the case and the issue lies elsewhere.

Our SAML components successfully interoperate with all the major SAML offerings including Java, PHP etc based offerings.

If you're having issues with XML signatures it's because either the XML has been modified after signing or the wrong certificate is being used for the signature validation.

Please contact us at support@componentspace.com for assistance with any signatures issues.
Reply


ComponentSpace SAML v2.0 Component nnalapareddy [India] 22-Jul-2011 07:41:21

Hi,
I am using componentSpace SAML v2.0 component for SSO (single sign on).

I am facing an issue while adding the signature to the SAML Assertion. The application fails while loading the x509 self-signed client certificate. The error message is "Access is denied".
I have given the full permissions to the "Network Service" account for the .pfx file.
The only way, the certificate loads fine is if I change the identity to "LocalSystem", which is risky to use, as it has full administrator permissions.

Is there any other way to load the certificate file, with the "Networkservice" account?
Please share if you have faced this kind of issue.

Thanks.
NRN.
Reply

RE: ComponentSpace SAML v2.0 Component ComponentSpace Support 29-Feb-2012 23:37:05

For IIS 7 you should set read permission to the file for the IIS_IUSRS group, assuming you are using one of the default application pools.
Reply


ComponentSpace SAMLv2.0Component.Loggin supported? srin760 01-Jul-2010 06:27:14

Hi Everyone,

Hope you guys are doing good.

We're purchasing the Component Space SAML2.0 Component for our company to use it as a Service Provider. We are already exploring the Evaluation version of the same, but we'd never come across the logging of activities (say verifying signature etc). So please can anyone let us know if the SAML2.0 Comlponent provides the logging capabilities, if yes will it be only Error logging or Audit logging.. Any further info is very well appreciated and helpful.. Awaiting reply.

Thanks,
Srin760
Reply

RE: ComponentSpace SAMLv2.0Component.Loggi... support@componentsource.com 02-Jul-2010 13:15:15

Hello there,

We have received the below information from one of the authors of the product with regards to your query:

===

I presume the customer is referring to XML signature support. We provide XML signature support as specified by the SAML v2.0 specification.

I can send you an example signature generated by our component showing the standard transforms as required by the SAML specification.

Also, our component successfully interoperates with all the major SAML v2.0 offerings, including signature generation and verification.

If the customer has any follow up questions I’m happy for them to contact me directly if they like.

===

I hope it helps.

Regards,

Enrique Perez
ComponentSource
Reply

RE: RE: ComponentSpace SAMLv2.0Compon... krishna.kartik [CA, USA] 01-Mar-2012 19:08:51

Hello,

Can anyone help me creating a digital certificate(.cer) and a metadata(pfx) certificate for my .net website hosted in IIS 7.0 so that I can give those to the IDP (who is going to send an assertion to us)?


Regards,
krishna
Reply

RE: RE: RE: ComponentSpace SAMLv... ComponentSpace Support 01-Mar-2012 20:23:58

Please take a look at section 6 of our User Guide for options for creating test certs.

The MetadataExample project shows how to programmatically create SAML metadata with the certificate included.

We can also supply example metadata files. Contact us at support@componentspace.com for details.
Reply

RE: ComponentSpace SAMLv2.0Component.Loggi... support@componentsource.com 02-Jul-2010 13:47:00

Hello there,

We have received this information from one of the authors of the ComponentSpace SAML with regards to your query:

===
Our component contains internal debug logging but we don’t provide any other logging or auditing. You would need to do this from your application. For example, you would call our component to help process the request including verifying signatures etc. Our component would return errors if there are any problems such as a signature not verifying. Your application code could then log this as is appropriate for your application.
===

I hope it helps.

Regards,

Enrique Perez
ComponentSource
Reply


ComponentSpace SAML v2.0 Component Support ronaldo1001 [USA] 16-Jun-2010 13:48:48

Hello experts,

We require your expertize to help us know on the following query

We want to know whether the ComponentSpace library SAML v2.0 supports Transform Algorithms with comments ?.

we know that this feature is supported during the creation of the Assertion and we would like to know if the consumption of SAML response is supported

TIA,
Reply

RE: ComponentSpace SAML v2.0 Component Sup... ComponentSpace Support 29-Feb-2012 23:53:28

We support the exclusive C14N XML canonicalization transform with and without comments as listed in the SAML specification.
Reply


ComponentSpace SAML v1.1 Component sunilk [India] 14-Apr-2010 16:16:21

Hi,

We are evaluating componentspace singlesignon saml 1.1 version
Our client (Identity provider) are sending saml response to our site which is a service provider they are using opensaml.SAMLBrowserProfile to generate SAML response
We are trying consume the saml response and authenticate and we are getting following error message
“Unable to cast object of type 'System.Xml.XmlElement' to type ComponentSpace.SAML.Assertions.Assertion'”
verified = ResponseSignature.Verify(xmlElement)
objReader.Write(System.Environment.NewLine & "stage5")
objReader.Write(System.Environment.NewLine & "x509Certificate:Certificate Not verifiied")
End If
If Not verified Then
objReader.Write(System.Environment.NewLine & "The SAML response signature failed to verify.")
objReader.Close()
Throw New ArgumentException("The SAML response signature failed to verify.")
End If
objReader.Write(System.Environment.NewLine & "stage6")
' Reconstruct the SAML response message.
Dim samlResponse As New Response(xmlElement)
objReader.Write(System.Environment.NewLine & "stage7")
'objReader.Write(System.Environment.NewLine & samlResponse.ToXml().ToString())
' Get the assertion from the response
If Not samlResponse.Status.IsSuccess() Then
objReader.Write(System.Environment.NewLine & samlResponse.Status.IsSuccess().ToString())
objReader.Close()
Exit Sub
End If
objReader.Write(System.Environment.NewLine & "stage8")
objReader.Write(System.Environment.NewLine & samlResponse.Assertions.Count)
-----problem is occuring here
Dim assertion As Assertion = samlResponse.Assertions(0) '.Item(0)--- this statement is yielding error
Reply

RE: ComponentSpace SAML v1.1 Component ComponentSpace Support 01-Mar-2012 00:02:44

The SAML assertion is signed and therefore is being returned as an XmlElement so its signature can be verified. You should use the SAMLResponse.GetSignedAssertions() method rather than the Assertions property or, if you use the Assertions property, be mindful that it returns a list of objects, not necessarily a list of Assertion objects.

SAML responses may contain one or more of the following:
Encrypted SAML assertions
Signed SAML assertions
SAML assertions that are neither encrypted nor signed

The ComponentSpace.SAML2.Protocols.SAMLResponse class encapsulates a SAML response message. To access the various types of SAML assertions contained within it use of the following properties or methods from this class:
Assertions
GetEncryptedAssertions
GetSignedAssertions
GetAssertions

The Assertions property returns all assertions including encrypted and signed assertions. Encrypted assertions are returned as EncryptedAssertion objects. Signed assertions are returned as XmlElement objects. Unencrypted, unsigned assertions are returned as SAMLAssertion objects.

The GetEncryptedAssertions method only returns the encrypted assertions as EncryptedAssertion objects. Section 10 of the User Guide describes how to process encrypted assertions.

The GetSignedAssertions method only returns the signed assertions as XmlElement objects. Signed assertions are returned as XmlElement objects as this is the format required for signature verification. Section 8 of the User Guide describes how to verify a signature. Once the signature is verified a SAMLAssertion object may be constructed from the XmlElement.

The GetAssertions method only returns the unencrypted and unsigned assertions as SAMLAssertion objects.

The list of objects returned by the Assertions property is equivalent to combining the three lists returned by the GetEncryptedAssertions, GetSignedAssertions and GetAssertions methods.
Reply

RE: ComponentSpace SAML v1.1 Component ComponentSpace Support 01-Mar-2012 00:03:25

The following code outlines how to receive and verify a signed SAML assertion:

// The SAML response contains a signed SAML assertion
XmlElement samlAssertionElement = samlResponse.GetSignedAssertions()[0];

// Verify the SAML assertion signature - using the X.509 cert embedded in the signature
if (!SAMLAssertionSignature.Verify(samlAssertionElement)) {
// Handle error – not shown here
}

// Parse the SAML assertion XML
SAMLAssertion samlAssertion = new SAMLAssertion(samlAssertionElement);

Also, take a look at the AssertionExample which shows how to sign and verify SAML assertion signatures.
Reply


ComponentSpace SAML v2.0 Component richard.cairns [United Kingdom] 30-Jun-2009 12:07:06

Someone in my compnay has downloaded version 2.1.0.3 of the SAML v2.0 component and it this has a breaking change from the original version we were using last year (v2.0.0.9).

The breaking change is with Assertion.Subject.EncryptedID.Decrypt where this method now requires an additional parameter - System.Security.Cryptography.Xml.EncryptionMethod

What should be put in this value?
Reply

RE: ComponentSpace SAML v2.0 Component Mark 07-Sep-2009 15:37:23

Hi Richard.
I am considering purchasing this component for assertion generation and signing. There are no reviews on here so I wondered what your experience of the component was like and if you would recommend it?

Regards,
Mark.
Reply

RE: RE: ComponentSpace SAML v2.0 Comp... skpbas-movie [USA] 10-Feb-2010 15:50:27

Mark,

Did you purchase it? How is it? We are also considering it for my company. Please let me know.

Thanks,
Sam
Reply

RE: ComponentSpace SAML v2.0 Component ComponentSpace Support 01-Mar-2012 00:05:08

We support specifying both the key encryption method and the data encryption method. For example, to encrypt an assertion:

EncryptAssertion encryptedAssertion= new EncryptedAssertion(
xmlSAMLAssertion,
x509Certificate,
new EncryptionMethod(EncryptedXml.XmlEncRSA15Url),
new EncryptionMethod(EncryptedXml.XmlEncTripleDESUrl));

We also have overloads that take the data encryption method only and default to using new EncryptionMethod(EncryptedXml.XmlEncRSA15Url) as the key encryption method.

This applies to encrypted assertions, IDs and attributes.

The AssertionExample project demonstrates how to encrypt and decrypt assertions and attributes.

If assistance is required with XML encryption, please contact us at support@componentspace.com.
Reply

RE: ComponentSpace SAML v2.0 Comp... raja 20-Oct-2012 00:31:28

I am novice to componentSpace SAML v2.0 component and attempt to implement SP initiated SSO (So I am at the IdP end) -

I have the following questions and need clarification -
1. SAMLMessageSignature.Verify() - (a) In this method, to verfiy the request's signature the 2nd parameter "x509Certificate2" should be a certificate created and shared by SP end implementer to the IdP end implementor Or its a certificate created and used by the IdP end implementer itself.
(b) This certificate should be a private or public or both.

2. SAMLAssertionSignature.Generate() - (a) In this method, to Sign the SAML Assertion, the 2nd parameter "x509Certificate2.PrivateKey" should be a certificate created and shared by SP end implementer to the IdP end implementor Or its a certificate created and used by the IdP end implementer itself.

3. SAMLMessageSignature.Generate() - (a) In this method, to Sign the SAML response, the 2nd parameter x509Certificate2.PrivateKey should be a certificate created and shared by SP end implementer to the IdP end implementor Or its a certificate created and used by the IdP end implementer itself.

4. Should it be 3 different certificates for the above 3 methods verification/signing. Or for pt.1 - one certificate and for pt.2 & 3 - another one.

5. Is it possible to store the above certificates to the machine certificate store and access.

Thanks in advance.
Reply


Product Search

Enter search words:

The Software Superstore for IT Professionals

As Official Distributors, ComponentSource offers convenient, one-stop shopping from 250+ Software Publishers specializing in Application Development & Operations.

More Info | About Us

Award Award