Home/ Questions/Q 8109233
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-06T01:21:18+00:00

I have to validate two SAML 2.0 assertion signatures. I can parse out all

  • 0

I have to validate two SAML 2.0 assertion signatures. I can parse out all the key and token parameters and now want to use the .NET CryptoUtils.VerifySignature() or some other function to validate the signatures. I have the text that was signed and the signature as a byte[] array as well as the hash OID. I have the RSA and SAML token parameters such as the Signature Value, modulus, exponent, etc. What I’m missing is the x509 cert to send into the .NET VerifySignature() routine. I can’t see how to create the cert programmatically from the parameters.

I’d also appreciate any suggestions on a library, c# and Java, that will handle creating, parsing, validating SAML 2.0 tokens (requests and responses).

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    In C#, you can use…

    System.Security.Cryptography.Xml.SignedXml.CheckSignature(System.Security.Cryptography.X509Certificates.X509Certificate2 certificate, bool verifySignatureOnly)

    …to validate the signature. Basically, it would work like this:

     using System.Xml;
 using System.Security.Cryptography.X509Certificates;
 using System.Security.Cryptography.Xml;
 using System.Text;

 namespace MySamlDocumentExample
 {
     public class Saml20Transaction : SignedXml
     {
         public Saml20Transaction(XmlDocument doc) 
             : base (doc)
         {

         }
     }

     public class SamlVerifier
     {
         readonly XmlDocument _mySamlDocument = new XmlDocument();

         public SamlVerifier(string saml)
         {
             _mySamlDocument.LoadXml(saml);
         }

         public X509Certificate2 X509Certificate
         {
             get
             {
                 return new X509Certificate2(
                     Encoding.ASCII.GetBytes(X509CertificateString));
             }
         }

         public string X509CertificateString
         {
             get
             {
                 XmlNodeList xmlNodeList = _mySamlDocument.GetElementsByTagName("X509Certificate");
                 return xmlNodeList[0].InnerText;
             }
         }

         public bool ValidateSignature()
         {
             Saml20Transaction saml20Transaction = new Saml20Transaction(_mySamlDocument);
             XmlNodeList xmlNodeList = _mySamlDocument.GetElementsByTagName("Signature");
             saml20Transaction.LoadXml((XmlElement)xmlNodeList[0]);
             return saml20Transaction.CheckSignature(X509Certificate, true);
         }
     }
 }
    • 0