CODEWITHSUNDEEP
xmlwifsaml-2.0
Redeemed1
Redeemed1

Reputation: 4030

Getting XML Namespace error while reading a SAML2 token

I have a valid SAML 2 token from my application IdP:

When I try to read it using WIF code as below I get the following error:

Cannot read the token from the 'Response' element with the 'urn:oasis:names:tc:SAML:2.0:protocol' namespace for BinarySecretSecurityToken, with a '' ValueType. If this element is expected to be valid, ensure that security is configured to consume tokens with the name, namespace and value type specified.

Here is the code I am using with a comment showing where it fails

        string certPath = @"G:\Projects\myAPp\SAMLHandlingTests\bin\Debug\SSO.cer";
        X509Certificate2 cert = new X509Certificate2(certPath);
        //X509Certificate2 cert = new X509Certificate2(certPath, "LetMeIn!");


        // Open the SAML
        string samlPath = @"G:\Projects\myAPp\SAMLHandlingTests\bin\Debug\SAML.xml";

        string samlRaw = File.OpenText(samlPath).ReadToEnd();

        XmlReader rdr = XmlReader.Create(samlPath);

        List<System.IdentityModel.Tokens.SecurityToken> tokens = new List<System.IdentityModel.Tokens.SecurityToken>();

        var token = new X509SecurityToken(cert);
        tokens.Add(token);

        SecurityTokenResolver resolver = 
            SecurityTokenResolver.CreateDefaultSecurityTokenResolver(
            new System.Collections.ObjectModel.ReadOnlyCollection<SecurityToken>(tokens), true);

        //Fails on next line!
        SecurityToken securityToken = System.ServiceModel.Security.WSSecurityTokenSerializer.DefaultInstance.ReadToken(rdr, resolver);

        SamlSecurityToken deserializedSaml = securityToken as SamlSecurityToken;

The problem is an XML namespace exception but I don't know how to 'ensure that security is configured to consume tokens with the name, namespace and value type specified'

Can someone point me in the right direction please?

Upvotes: 1

Views: 2514

Answers (1)

Redeemed1
Redeemed1

Reputation: 4030

Well I found the issue, it was a SAML Response with Encrypted Assertion which had no type definition as follows:

The SAML received was as follows:

<saml:EncryptedAssertion>

when it should have been 

<saml:EncryptedAssertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">

It would be possible of course to fix this in my code but the underlying issue was that System.Xml and WIF were not going to let me pass without fully valid xml.

I hope this helps someone along the way.

Upvotes: 2

Related Questions