Subject: Signing error Date: 2013-04-11 18:25:26 From: Paul Basarab Source: signing-error ----------------------------------------------------------------------So here is the relevant code:
[code lang='vb']
Private _verifyX509Certificate As X509Certificate2
Public Sub AssertionTest()
Try
' Create a SAML response object.
If _verifyX509Certificate Is Nothing Then
LoadVerifyCertificate()
End If
Dim targetUrl As String = "http://localhost:59496"
Dim serviceUrl As String = "http://localhost:59496/sso/rflsso.aspx"
Dim samlResponse As New ComponentPro.Saml2.Response()
' Assign the consumer service url.
samlResponse.Destination = serviceUrl
Dim issuer As New Issuer(GetAbsoluteUrl("~/"))
samlResponse.Issuer = issuer
samlResponse.Status = New Status(SamlPrimaryStatusCode.Success, Nothing)
Dim samlAssertion As New Assertion()
samlAssertion.Issuer = issuer
' Use the local user's local identity.
'"urn:test", NameIdentifierFormats.X509SubjectName, "uid=test,ou=People,dc=test,dc=com"
Dim subject As New Subject(New NameId(System.Guid.NewGuid.ToString))
Dim subjectConfirmation As New SubjectConfirmation(SamlSubjectConfirmationMethod.Bearer)
Dim subjectConfirmationData As New SubjectConfirmationData()
subjectConfirmationData.Recipient = serviceUrl
subjectConfirmation.SubjectConfirmationData = subjectConfirmationData
subject.SubjectConfirmations.Add(subjectConfirmation)
samlAssertion.Subject = subject
' Create a new authentication statement.
Dim authnStatement As New AuthnStatement()
authnStatement.AuthnContext = New AuthnContext()
authnStatement.AuthnContext.AuthnContextClassRef = New AuthnContextClassRef(SamlAuthenticateContext.Password)
samlAssertion.Statements.Add(authnStatement)
Dim attributeStatement As New AttributeStatement()
attributeStatement.Attributes.Add(New ComponentPro.Saml2.Attribute("email", SamlAttributeNameFormat.Basic, Nothing, "pb@test.com"))
attributeStatement.Attributes.Add(New ComponentPro.Saml2.Attribute("FirstName", SamlAttributeNameFormat.Basic, Nothing, "John"))
attributeStatement.Attributes.Add(New ComponentPro.Saml2.Attribute("LastName", SamlAttributeNameFormat.Basic, Nothing, "Doe"))
samlAssertion.Statements.Add(attributeStatement)
' Define ENCRYPTEDSAML preprocessor flag if you wish to encrypt the SAML response.
#If ENCRYPTEDSAML Then
' Load the certificate for the encryption.
' Please make sure the file is in the root directory.
Dim encryptingCert As New X509Certificate2(Path.Combine(HttpRuntime.AppDomainAppPath, "EncryptionX509Certificate.cer"), "password")
' Create an encrypted SAML assertion from the SAML assertion we have created.
Dim encryptedSamlAssertion As New EncryptedAssertion(samlAssertion, encryptingCert, New System.Security.Cryptography.Xml.EncryptionMethod(SamlKeyAlgorithm.TripleDesCbc))
' Add encrypted assertion to the SAML response object.
samlResponse.Assertions.Add(encryptedSamlAssertion)
#Else
' Add assertion to the SAML response object.
samlResponse.Assertions.Add(samlAssertion)
#End If
' Sign the SAML response with the certificate.
samlResponse.Sign(_verifyX509Certificate)
' Send the SAML response to the service provider.
samlResponse.SendPostBindingForm(Response.OutputStream, serviceUrl, targetUrl)
Catch exception As Exception
Response.Write("IdentityProvider An Error occurred " & exception.ToString)
End Try
End SubPrivate Sub LoadVerifyCertificate()
Dim sCertPath As String = "C:\cert\NSTKey.cer"
litResponse.Text &= "<br />Loading certificate " & Path.GetFileName(sCertPath)
If (Not File.Exists(sCertPath)) Then
Throw New ArgumentException("The certificate file C:\cert\NSTKey.cer doesn't exist.")
End If
_verifyX509Certificate = New X509Certificate2(sCertPath)
End Sub[/code]
I followed the Saml2IdPInitiated_2008 sample. My main reason is that I want to test what is decoded so I built a test page to create an assertion and send it to the decoding page. The above code should be able to create the assertion and redirect to the decoding page. The problem I get is when it tries to sign it. Every time it tries to sign it, this error appears : An Error occurred ComponentPro.Saml.SamlException: Unable to generate XML signature. What could I be doing that is wrong?
---------------------------------------------------------------------- Note: This question has been asked on the Q&A forum of Thang Dang's fraudulent ComponentPro brand If you purchased anything from ComponentPro, you have been scammed. Contact the payment processor who sold you the license and ask for your money back. Back to ComponentPro Q&A Forum Index