Subject: Including Vendor Certificate with Assertion Date: 2013-07-12 13:43:06 From: Daniel H. Source: including-vendor-certificate-assertion ----------------------------------------------------------------------Hello,
I have a vendor that request that thier cert be included in the saml assertion like I have posted below. The closest thing I can see when using the component is the SignatureElement of the saml assertion. My cert will be included later atfer I sin the assertion, I am just trying to figure out how to lnclude tier cert with the assertion as well.
I bolded the part in question, this is where the vendor would like thier cert included.
Any guidance on this would be greatly appreciated.
-------------------------------------------------------------------------
<?xml version="1.0" encoding="UTF-8"?>
<samlp2:Response xmlns:samlp2="urn:oasis:names:tc:SAML:2.0:protocol"xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"ID="ResponseId_77ddddb8623f2edddf960c4e4e9bc6" IssueInstant="2011 -06-13T22:18:11.540Z"Version="2.0"><saml2:Issuer>Issuer Here</saml2:Issuer><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ds:Reference URI="#ResponseId_77dddd2b8623f2e2sdasda4e9bc6"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ds:DigestValue>adsasdsdsdasdasasdsda=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>SIGNATURE VALUE HERE</ds:SignatureValue><ds:KeyInfo><ds:X509Data><ds:X509Certificate>VENDOR CERT WOULD GO HERE</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature>....Rest of the assertion after this....---------------------------------------------------------------------- Note: This question has been asked on the Q&A forum of Thang Dang's fraudulent ComponentPro brand If you purchased anything from ComponentPro, you have been scammed. Contact the payment processor who sold you the license and ask for your money back. Back to ComponentPro Q&A Forum Index