Question
· Jul 26, 2018

Implementing a <Signature> in SOAP Body for outbound samlp messages

I am doing an implementation of a SAML 2.0 SingleSignOn protocol integration which requires a signed message with the signature element in the body of the SOAP message, not the header as is default SOAP security handling. Any suggestions for how to do this would be greatly appreciated. When it is passed in the header, it is not processed by our partner and we just get a "Signature Required" response. Presumably I will have to go through the steps outlined in Signing XML Documents but I am not sure the best place within the outbound web-client flow in which to do this. Any suggestions would be greatly appreciated.

The specification for the particular message I am trying to send is very simple (below), but note the signature element is the same xmlns the %XML.Security.Signature is a projection of.


<samlp:ArtifactResolve xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
ID="identifier_2"
Version="2.0"
IssueInstant="2004-12-05T09:22:04Z"
Destination="https://idp.example.org/SAML2/ArtifactResolution">
<saml:Issuer>https://sp.example.com/SAML2</saml:Issuer>
<!-- an ArtifactResolve message SHOULD be signed -->
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">...</ds:Signature>
<samlp:Artifact>artifact</samlp:Artifact>
</samlp:ArtifactResolve>

Discussion (1)0
Log in or sign up to continue