C#
C#
SAML Signature Validation
See more XML Digital Signatures Examples
A SAML Signature is an XML Digital Signature (XMLDSig) just like any other XML digital signature. It can be verified by using Chilkat' XmlDSig class, as shown in this example.Chilkat C# Downloads
bool success = false;
// This example requires the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.
Chilkat.XmlDSig dsig = new Chilkat.XmlDSig();
success = dsig.LoadSignature("XML xml signature goes here...");
// A sample SAML signature is shown below..
int numSignatures = dsig.NumSignatures;
int i = 0;
while (i < numSignatures) {
dsig.Selector = i;
bool bVerifyRefDigests = false;
bool bSignatureVerified = dsig.VerifySignature(bVerifyRefDigests);
if (bSignatureVerified == true) {
Debug.WriteLine("Signature " + Convert.ToString(i + 1) + " verified");
}
else {
Debug.WriteLine("Signature " + Convert.ToString(i + 1) + " invalid");
}
// Check each of the reference digests separately..
int numRefDigests = dsig.NumReferences;
int j = 0;
while (j < numRefDigests) {
bool bDigestVerified = dsig.VerifyReferenceDigest(j);
Debug.WriteLine("reference digest " + Convert.ToString(j + 1) + " verified = " + Convert.ToString(bDigestVerified));
if (bDigestVerified == false) {
Debug.WriteLine(" reference digest fail reason: " + Convert.ToString(dsig.RefFailReason));
}
j = j + 1;
}
i = i + 1;
}
// --------------------------------------
// Here is a sample SAML XML Signature
//
//
// <?xml version="1.0" encoding="UTF-8"?>
// <saml2p:Response xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" ID="abc123" Version="2.0" IssueInstant="2022-04-01T12:34:56Z" Destination="https://sp.example.com/sso">
// <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://idp.example.com</saml2:Issuer>
// <saml2p:Status>
// <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
// </saml2p:Status>
// <saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" ID="def456" IssueInstant="2022-04-01T12:34:56Z" Version="2.0">
// <saml2:Issuer>https://idp.example.com</saml2:Issuer>
// <saml2:Subject>
// <saml2:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">user@example.com</saml2:NameID>
// </saml2:Subject>
// <saml2:Conditions NotBefore="2022-04-01T12:34:56Z" NotOnOrAfter="2022-04-01T13:34:56Z"/>
// <saml2:AuthnStatement AuthnInstant="2022-04-01T12:34:56Z">
// <saml2:AuthnContext>
// <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</saml2:AuthnContextClassRef>
// </saml2:AuthnContext>
// </saml2:AuthnStatement>
// <!-- Additional assertion content -->
// </saml2:Assertion>
// <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
// <ds:SignedInfo>
// <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
// <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
// <ds:Reference URI="#abc123">
// <ds:Transforms>
// <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
// <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
// </ds:Transforms>
// <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
// <ds:DigestValue>q7Zj1w+...+pCsjw=</ds:DigestValue>
// </ds:Reference>
// <!-- Additional references if present -->
// </ds:SignedInfo>
// <ds:SignatureValue>
// NjIzOWE5ZjA2M2M1...NzUwNzUwNzUwNzUwNzU=
// </ds:SignatureValue>
// <ds:KeyInfo>
// <ds:X509Data>
// <ds:X509Certificate>
// MIIDgzCCAmugAwIBAg...AgADAA==
// </ds:X509Certificate>
// </ds:X509Data>
// </ds:KeyInfo>
// </ds:Signature>
// </saml2p:Response>