Sample code for 30+ languages & platforms
C#

SAML Signature Validation

See more XML Digital Signatures Examples

A SAML Signature is an XML Digital Signature (XMLDSig) just like any other XML digital signature. It can be verified by using Chilkat' XmlDSig class, as shown in this example.

Chilkat C# Downloads

C#
bool success = false;

// This example requires the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.

Chilkat.XmlDSig dsig = new Chilkat.XmlDSig();
success = dsig.LoadSignature("XML xml signature goes here...");

// A sample SAML signature is shown below..

int numSignatures = dsig.NumSignatures;
int i = 0;
while (i < numSignatures) {
    dsig.Selector = i;

    bool bVerifyRefDigests = false;
    bool bSignatureVerified = dsig.VerifySignature(bVerifyRefDigests);
    if (bSignatureVerified == true) {
        Debug.WriteLine("Signature " + Convert.ToString(i + 1) + " verified");
    }
    else {
        Debug.WriteLine("Signature " + Convert.ToString(i + 1) + " invalid");
    }

    // Check each of the reference digests separately..
    int numRefDigests = dsig.NumReferences;
    int j = 0;
    while (j < numRefDigests) {
        bool bDigestVerified = dsig.VerifyReferenceDigest(j);
        Debug.WriteLine("reference digest " + Convert.ToString(j + 1) + " verified = " + Convert.ToString(bDigestVerified));
        if (bDigestVerified == false) {
            Debug.WriteLine("    reference digest fail reason: " + Convert.ToString(dsig.RefFailReason));
        }

        j = j + 1;
    }

    i = i + 1;
}

// --------------------------------------
// Here is a sample SAML XML Signature
// 
// 
// <?xml version="1.0" encoding="UTF-8"?>
// <saml2p:Response xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" ID="abc123" Version="2.0" IssueInstant="2022-04-01T12:34:56Z" Destination="https://sp.example.com/sso">
//   <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://idp.example.com</saml2:Issuer>
//   <saml2p:Status>
//     <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
//   </saml2p:Status>
//   <saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" ID="def456" IssueInstant="2022-04-01T12:34:56Z" Version="2.0">
//     <saml2:Issuer>https://idp.example.com</saml2:Issuer>
//     <saml2:Subject>
//       <saml2:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">user@example.com</saml2:NameID>
//     </saml2:Subject>
//     <saml2:Conditions NotBefore="2022-04-01T12:34:56Z" NotOnOrAfter="2022-04-01T13:34:56Z"/>
//     <saml2:AuthnStatement AuthnInstant="2022-04-01T12:34:56Z">
//       <saml2:AuthnContext>
//         <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</saml2:AuthnContextClassRef>
//       </saml2:AuthnContext>
//     </saml2:AuthnStatement>
//     <!-- Additional assertion content -->
//   </saml2:Assertion>
//   <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
//     <ds:SignedInfo>
//       <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
//       <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
//       <ds:Reference URI="#abc123">
//         <ds:Transforms>
//           <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
//           <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
//         </ds:Transforms>
//         <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
//         <ds:DigestValue>q7Zj1w+...+pCsjw=</ds:DigestValue>
//       </ds:Reference>
//       <!-- Additional references if present -->
//     </ds:SignedInfo>
//     <ds:SignatureValue>
//       NjIzOWE5ZjA2M2M1...NzUwNzUwNzUwNzUwNzU=
//     </ds:SignatureValue>
//     <ds:KeyInfo>
//       <ds:X509Data>
//         <ds:X509Certificate>
//           MIIDgzCCAmugAwIBAg...AgADAA==
//         </ds:X509Certificate>
//       </ds:X509Data>
//     </ds:KeyInfo>
//   </ds:Signature>
// </saml2p:Response>