Subject: SAML for Healthcare.gov Date: 2015-11-16 15:46:50 From: William Zdarko Source: saml-healthcare-gov ----------------------------------------------------------------------Healthcare.gov uses a 509 cert and SAML to allow agents and customers to log into their site and check their account. Do you have any examples for this in C#.
Thank you for your time.This is example code from healthcare.gov
[code lang='xml']<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> <ds:Reference URI="#SamlAssertion-25171a8736ed098dde8659e5ba250b5f"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> <ds:DigestValue>VLIECSLwNnRpczRvIIUcGuospVk=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue>m3nxFPAcBXJ+EgrI6FrTYGWL9n8o9HtxkG4Dzsp8lNGYNSle/+FmLvkwbvzMgcbhNuJv86GcAGOZfVNEP3acP/Eg9at2jf/HaEn50vVgq4jl40BGWsGWdq97x2IlBzBtMv5aOxWnrx2hZmiDs8uQVK+P5YUpCPZxo3ki3NdxL7et7wTRas27XgZei2oVn8lxHsiNoBkS5DDBdCBxOOOvrxHmpAw38J6+uQ8w9KufOZKJwXpt8EKhi1dqje6t/s3jY3yYPQird9NXRiXU8uKnQEki/11/zOoBrcrlXl9isF7JB6NkgWp+6VaRapjik3JPJ/PLA/PRS48H8xpJnZvthA==</ds:SignatureValue> <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> <X509Data> <X509SubjectName>CN=app1a.imp.healthcare.gov,OU=OIS,O=Centers for Medicare & Medicaid Services,L=Baltimore,S=Maryland,C=US</X509SubjectName> <X509Certificate>MIIFEDCCA/igAwIBAgIQLOyZV0jqtRkazRihouTC4zANBgkqhkiG9w0BAQsFADB+MQswCQYDVQQGEwJVUzEdMBsGA1UEChMUU3ltYW50ZWMgQ29ycG9yYXRpb24xHzAdBgNVBAsTFlN5bWFudGVjIFRydXN0IE5ldHdvcmsxLzAtBgNVBAMTJlN5bWFudGVjIENsYXNzIDMgU2VjdXJlIFNlcnZlciBDQSAtIEc0MB4XDTE1MDYxNjAwMDAwMFoXDTE2MDcwMzIzNTk1OVowgZgxCzAJBgNVBAYTAlVTMREwDwYDVQQIDAhNYXJ5bGFuZDESMBAGA1UEBwwJQmFsdGltb3JlMTEwLwYDVQQKDChDZW50ZXJzIGZvciBNZWRpY2FyZSAmIE1lZGljYWlkIFNlcnZpY2VzMQwwCgYDVQQLDANPSVMxITAfBgNVBAMMGGFwcDFhLmltcC5oZWFsdGhjYXJlLmdvdjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALeFvetoqluCDtIPz2Dc4LPbXmFNGa5L+0uINEVt+d/ZUHuuFYjnlysyaAVEIZBEf3PMb08uR8vjDgsUsIv51Hzz3Ey9mm8zH8AAY3F6bnSU9Ocg9+PEWpVmG/8QmbjSFSkFnPQjRyycyITQfnM9+un86FY6hE//nFPIy5azWFxx8k91DlXcWRInLpxgKNY8Te0svvVpVi+TDLEJVYQok19SBOoyaL/pSTYyi6ShP5GUrLQzDfczVSq0Gr89iZg9NanB+6SNCc131fPe1CkulOzeJBiCNRzcy9179zKDjPiMlYR1//DgKDbUa1jbZ+T+rj3/4yiDCUIKCj+XNjJ+KDkCAwEAAaOCAW0wggFpMCMGA1UdEQQcMBqCGGFwcDFhLmltcC5oZWFsdGhjYXJlLmdvdjAJBgNVHRMEAjAAMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwYQYDVR0gBFowWDBWBgZngQwBAgIwTDAjBggrBgEFBQcCARYXaHR0cHM6Ly9kLnN5bWNiLmNvbS9jcHMwJQYIKwYBBQUHAgIwGRoXaHR0cHM6Ly9kLnN5bWNiLmNvbS9ycGEwHwYDVR0jBBgwFoAUX2DPYZBV34RDFIpgKrL1evRDGO8wKwYDVR0fBCQwIjAgoB6gHIYaaHR0cDovL3NzLnN5bWNiLmNvbS9zcy5jcmwwVwYIKwYBBQUHAQEESzBJMB8GCCsGAQUFBzABhhNodHRwOi8vc3Muc3ltY2QuY29tMCYGCCsGAQUFBzAChhpodHRwOi8vc3Muc3ltY2IuY29tL3NzLmNydDANBgkqhkiG9w0BAQsFAAOCAQEAhH+x7zx782560LMdSaKDeWaJmXPFtdZ4t3JfWK76ORp4i4inF3Hi+B+SlXBE08OH5GAZ1/ea59Uwgz7+zuydLJZ5q9kVl7+Qrf90/82UdM1h2dIlyZ5NPNPy1w7xUXCEiSDtvFv/mU84jfwS2nwEsu3U78TwUTxnOJXmumuyKqkkyY6ZDe3zUdRIrw8X8OY8zpTrA8PahwPO+PYaS/883Jp/4fhp2xUm73o76uVYvj1MIIWVLs6j2tawDcikmq72RyMCpwcxJsWYZiFHZSSe2D+xKVkamPLG9q4cjKo/O0QhASQoIFVsEWP9/EKBjQL3f4wtUCpYK3IQQkN0v6lSCQ==</X509Certificate> </X509Data> </KeyInfo> </ds:Signature> <saml2:Subject> <saml2:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" NameQualifier="">04.TST.MD*.001.002</saml2:NameID> <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:sender-vouches"> <saml2:NameID>CN=app1a.imp.healthcare.gov,OU=OIS,O=Centers for Medicare & Medicaid Services,L=Baltimore,S=Maryland,C=US</saml2:NameID> </saml2:SubjectConfirmation> </saml2:Subject>
<saml2:AttributeStatement> <saml2:Attribute Name="State Exchange Code" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"> <saml2:AttributeValue>MD0</saml2:AttributeValue> </saml2:Attribute> <saml2:Attribute Name="Partner Assigned Consumer ID" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"> <saml2:AttributeValue>1234</saml2:AttributeValue> </saml2:Attribute> <saml2:Attribute Name="FFE Assigned Consumer ID" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"> <saml2:AttributeValue>1002003000</saml2:AttributeValue> </saml2:Attribute> <saml2:Attribute Name="User Type" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"> <saml2:AttributeValue>Agent</saml2:AttributeValue> </saml2:Attribute> <saml2:Attribute Name="FFE User ID" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"> <saml2:AttributeValue>Agent007</saml2:AttributeValue> </saml2:Attribute> <saml2:Attribute Name="Transfer Type" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"> <saml2:AttributeValue>Direct Enrollment</saml2:AttributeValue> </saml2:Attribute> <saml2:Attribute Name="Return URL" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"> <saml2:AttributeValue>https://www.returnbacktome.com/partnersite</saml2:AttributeValue> </saml2:Attribute> </saml2:AttributeStatement>
[/code]
---------------------------------------------------------------------- Note: This question has been asked on the Q&A forum of Thang Dang's fraudulent ComponentPro brand If you purchased anything from ComponentPro, you have been scammed. Contact the payment processor who sold you the license and ask for your money back. Back to ComponentPro Q&A Forum Index