Home/ Questions/Q 7193717
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-28T20:13:35+00:00

I am new to this Claims and SAML concept. I am using WIF from

  • 0

I am new to this Claims and SAML concept. I am using WIF from ASP.NET and recieve the request below from my IDP. I sent a username/password via a http request and recieved this SAML response. What exactly do I do now? I heard I need to validate the signature and key, and if so, how (.NET) and why?

<EncryptedAssertion xmlns="urn:oasis:names:tc:SAML:2.0:assertion">
- <xenc:EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc" /> 
- <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
- <e:EncryptedKey xmlns:e="http://www.w3.org/2001/04/xmlenc#">
- <e:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p">
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> 
</e:EncryptionMethod>
- <KeyInfo>
- <o:SecurityTokenReference xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
- <X509Data>
- <X509IssuerSerial>
<X509IssuerName>CN=LeastPrivilegeCA</X509IssuerName> 
<X509SerialNumber>458206499362374248562711</X509SerialNumber> 
</X509IssuerSerial>
</X509Data>
</o:SecurityTokenReference>
</KeyInfo>
- <e:CipherData>
<e:CipherValue>SOME DATA</e:CipherValue> 
</e:CipherData>
</e:EncryptedKey>
</KeyInfo>
- <xenc:CipherData>
<xenc:CipherValue>SOME DATA</xenc:CipherValue> 
</xenc:CipherData>
</xenc:EncryptedData>
</EncryptedAssertion>
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    To use SAML 2.0 with Windows Identity Foundation (WIF), you’ll need the WIF Extension for the SAML 2.0 Protocol. Once you download it, you’ll find some good examples on how to use the SAML token for authentication.

    You really shouldn’t need to do anything manually to parse this token since WIF should manage all of this for you. You’ll just need to make sure you have the right certificate installed and configured to decrypt the message. If you’re using the SAML 2.0 extension, this will be setup in the service provider configuration which is referenced in the web.config:

    <microsoft.identityModel.saml metadata="bin\App_Data\serviceprovider.xml">
    <!-- The location of the configuration files of all the partners this service trusts. -->
    <identityProviders>
        <metadata file="bin\App_Data\identityprovider.xml"/>
    </identityProviders>
</microsoft.identityModel.saml>

    Hopefully this helps.

    • 0