Home/ Questions/Q 8159265
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-06T17:51:08+00:00

I have a valid SAML 2 token from my application IdP: When I try

  • 0

I have a valid SAML 2 token from my application IdP:

When I try to read it using WIF code as below I get the following error:

Cannot read the token from the ‘Response’ element with the ‘urn:oasis:names:tc:SAML:2.0:protocol’ namespace for BinarySecretSecurityToken, with a ” ValueType. If this element is expected to be valid, ensure that security is configured to consume tokens with the name, namespace and value type specified.

Here is the code I am using with a comment showing where it fails

        string certPath = @"G:\Projects\myAPp\SAMLHandlingTests\bin\Debug\SSO.cer";
        X509Certificate2 cert = new X509Certificate2(certPath);
        //X509Certificate2 cert = new X509Certificate2(certPath, "LetMeIn!");


        // Open the SAML
        string samlPath = @"G:\Projects\myAPp\SAMLHandlingTests\bin\Debug\SAML.xml";

        string samlRaw = File.OpenText(samlPath).ReadToEnd();

        XmlReader rdr = XmlReader.Create(samlPath);

        List<System.IdentityModel.Tokens.SecurityToken> tokens = new List<System.IdentityModel.Tokens.SecurityToken>();

        var token = new X509SecurityToken(cert);
        tokens.Add(token);

        SecurityTokenResolver resolver = 
            SecurityTokenResolver.CreateDefaultSecurityTokenResolver(
            new System.Collections.ObjectModel.ReadOnlyCollection<SecurityToken>(tokens), true);

        //Fails on next line!
        SecurityToken securityToken = System.ServiceModel.Security.WSSecurityTokenSerializer.DefaultInstance.ReadToken(rdr, resolver);

        SamlSecurityToken deserializedSaml = securityToken as SamlSecurityToken;

The problem is an XML namespace exception but I don’t know how to ‘ensure that security is configured to consume tokens with the name, namespace and value type specified’

Can someone point me in the right direction please?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Well I found the issue, it was a SAML Response with Encrypted Assertion which had no type definition as follows:

    The SAML received was as follows:

    <saml:EncryptedAssertion>

    when it should have been 

    <saml:EncryptedAssertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">

    It would be possible of course to fix this in my code but the underlying issue was that System.Xml and WIF were not going to let me pass without fully valid xml.

    I hope this helps someone along the way.

    • 0