DataFlex
DataFlex
Create AuthNRequest with embedded signature (HTTP-POST binding)
See more XML Digital Signatures Examples
Demonstrates how to create a SAML AuthNRequest with embedded signature (HTTP-POST binding).Chilkat DataFlex Downloads
Use ChilkatAx-win32.pkg
Procedure Test
Boolean iSuccess
Handle hoXmlToSign
Handle hoGen
Variant vCert
Handle hoCert
Variant vSbXml
Handle hoSbXml
Handle hoVerifier
Boolean iVerified
String sTemp1
Move False To iSuccess
// This example requires the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.
// This example will sign the following SAML AuthNRequest:
// <samlp:AuthnRequest
// xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
// xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
// ID="pfx41d8ef22-e612-8c50-9960-1b16f15741b3"
// Version="2.0" ProviderName="SP test" IssueInstant="2014-07-16T23:52:45Z"
// Destination="http://idp.example.com/SSOService.php"
// ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
// AssertionConsumerServiceURL="http://sp.example.com/demo1/index.php?acs">
// <saml:Issuer>http://sp.example.com/demo1/metadata.php</saml:Issuer>
// <samlp:NameIDPolicy Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress" AllowCreate="true"/>
// <samlp:RequestedAuthnContext Comparison="exact">
// <saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef>
// </samlp:RequestedAuthnContext>
// </samlp:AuthnRequest>
// First we build the XML to be signed.
//
// Use this online tool to generate the code from sample XML:
// Generate Code to Create XML
Move True To iSuccess
Get Create (RefClass(cComChilkatXml)) To hoXmlToSign
If (Not(IsComObjectCreated(hoXmlToSign))) Begin
Send CreateComObject of hoXmlToSign
End
Set ComTag Of hoXmlToSign To "samlp:AuthnRequest"
Get ComAddAttribute Of hoXmlToSign "xmlns:samlp" "urn:oasis:names:tc:SAML:2.0:protocol" To iSuccess
Get ComAddAttribute Of hoXmlToSign "xmlns:saml" "urn:oasis:names:tc:SAML:2.0:assertion" To iSuccess
Get ComAddAttribute Of hoXmlToSign "ID" "pfx41d8ef22-e612-8c50-9960-1b16f15741b3" To iSuccess
Get ComAddAttribute Of hoXmlToSign "Version" "2.0" To iSuccess
Get ComAddAttribute Of hoXmlToSign "ProviderName" "SP test" To iSuccess
Get ComAddAttribute Of hoXmlToSign "IssueInstant" "2014-07-16T23:52:45Z" To iSuccess
Get ComAddAttribute Of hoXmlToSign "Destination" "http://idp.example.com/SSOService.php" To iSuccess
Get ComAddAttribute Of hoXmlToSign "ProtocolBinding" "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" To iSuccess
Get ComAddAttribute Of hoXmlToSign "AssertionConsumerServiceURL" "http://sp.example.com/demo1/index.php?acs" To iSuccess
Send ComUpdateChildContent To hoXmlToSign "saml:Issuer" "http://sp.example.com/demo1/metadata.php"
Get ComUpdateAttrAt Of hoXmlToSign "samlp:NameIDPolicy" True "Format" "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress" To iSuccess
Get ComUpdateAttrAt Of hoXmlToSign "samlp:NameIDPolicy" True "AllowCreate" "true" To iSuccess
Get ComUpdateAttrAt Of hoXmlToSign "samlp:RequestedAuthnContext" True "Comparison" "exact" To iSuccess
Send ComUpdateChildContent To hoXmlToSign "samlp:RequestedAuthnContext|saml:AuthnContextClassRef" "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport"
// Also see the online tool to generate the code from sample already-signed XML:
// Generate XML Signature Creation Code from an Already-Signed XML Sample
Get Create (RefClass(cComChilkatXmlDSigGen)) To hoGen
If (Not(IsComObjectCreated(hoGen))) Begin
Send CreateComObject of hoGen
End
Set ComSigLocation Of hoGen To "samlp:AuthnRequest"
Set ComSigNamespacePrefix Of hoGen To "ds"
Set ComSigNamespaceUri Of hoGen To "http://www.w3.org/2000/09/xmldsig#"
Set ComSignedInfoCanonAlg Of hoGen To "EXCL_C14N"
Set ComSignedInfoDigestMethod Of hoGen To "sha1"
// -------- Reference 1 --------
Get ComAddSameDocRef Of hoGen "pfx41d8ef22-e612-8c50-9960-1b16f15741b3" "sha1" "EXCL_C14N" "" "" To iSuccess
// Provide a certificate + private key. (PFX password is test123)
Get Create (RefClass(cComChilkatCert)) To hoCert
If (Not(IsComObjectCreated(hoCert))) Begin
Send CreateComObject of hoCert
End
Get ComLoadPfxFile Of hoCert "qa_data/pfx/cert_test123.pfx" "test123" To iSuccess
If (iSuccess <> True) Begin
Get ComLastErrorText Of hoCert To sTemp1
Showln sTemp1
Procedure_Return
End
Get pvComObject of hoCert to vCert
Get ComSetX509Cert Of hoGen vCert True To iSuccess
Set ComKeyInfoType Of hoGen To "X509Data"
Set ComX509Type Of hoGen To "Certificate"
// Load XML to be signed...
Get Create (RefClass(cComChilkatStringBuilder)) To hoSbXml
If (Not(IsComObjectCreated(hoSbXml))) Begin
Send CreateComObject of hoSbXml
End
Get pvComObject of hoSbXml to vSbXml
Get ComGetXmlSb Of hoXmlToSign vSbXml To iSuccess
Set ComBehaviors Of hoGen To "IndentedSignature,ForceAddEnvelopedSignatureTransform"
// Sign the XML...
Get pvComObject of hoSbXml to vSbXml
Get ComCreateXmlDSigSb Of hoGen vSbXml To iSuccess
If (iSuccess <> True) Begin
Get ComLastErrorText Of hoGen To sTemp1
Showln sTemp1
Procedure_Return
End
// Save the signed XMl to a file.
Get ComWriteFile Of hoSbXml "qa_output/signedXml.xml" "utf-8" False To iSuccess
// A sample of the signed XML is shown below..
Get ComGetAsString Of hoSbXml To sTemp1
Showln sTemp1
// ----------------------------------------
// Verify the signature we just produced...
Get Create (RefClass(cComChilkatXmlDSig)) To hoVerifier
If (Not(IsComObjectCreated(hoVerifier))) Begin
Send CreateComObject of hoVerifier
End
Get pvComObject of hoSbXml to vSbXml
Get ComLoadSignatureSb Of hoVerifier vSbXml To iSuccess
If (iSuccess <> True) Begin
Get ComLastErrorText Of hoVerifier To sTemp1
Showln sTemp1
Procedure_Return
End
Get ComVerifySignature Of hoVerifier True To iVerified
If (iVerified <> True) Begin
Get ComLastErrorText Of hoVerifier To sTemp1
Showln sTemp1
Procedure_Return
End
Showln "This signature was successfully verified."
// -----------------------------------------
// Sample output of AuthNRequest signed XML:
// (Line-breaks and some indenting added for readability..)
// <?xml version="1.0" encoding="utf-8"?>
// <samlp:AuthnRequest
// xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
// xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
// ID="pfx41d8ef22-e612-8c50-9960-1b16f15741b3"
// Version="2.0" ProviderName="SP test"
// IssueInstant="2014-07-16T23:52:45Z"
// Destination="http://idp.example.com/SSOService.php"
// ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
// AssertionConsumerServiceURL="http://sp.example.com/demo1/index.php?acs">
// <saml:Issuer>http://sp.example.com/demo1/metadata.php</saml:Issuer>
// <samlp:NameIDPolicy Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress" AllowCreate="true"/>
// <samlp:RequestedAuthnContext Comparison="exact">
// <saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef>
// </samlp:RequestedAuthnContext>
// <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
// <ds:SignedInfo>
// <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
// <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
// <ds:Reference URI="#pfx41d8ef22-e612-8c50-9960-1b16f15741b3">
// <ds:Transforms>
// <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
// <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
// </ds:Transforms>
// <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
// <ds:DigestValue>5d+/YNShy4qnvZcvik8fHHg2SWQ=</ds:DigestValue>
// </ds:Reference>
// </ds:SignedInfo>
// <ds:SignatureValue>QS16H5...U5LQ==</ds:SignatureValue>
// <ds:KeyInfo>
// <ds:X509Data>
// <ds:X509Certificate>MIIF...tjlF4=</ds:X509Certificate>
// </ds:X509Data>
// </ds:KeyInfo>
// </ds:Signature>
// </samlp:AuthnRequest>
//
End_Procedure