cdie
Reputation: 4544
Saml2Assertion to XML is empty
I try to make an HttpWebRequest with a SOAP data, and in the SOAP header, I will have to add a SAML 2 Assertion, that contains a certificate from Windows Certificate Store.
So I made my assertion this way :
Saml2Assertion oSAMLAssertion =
new Saml2Assertion (
new Saml2NameIdentifier (oPSCertificate.Subject)
);
oSAMLAssertion.Id = new Saml2Id ();
oSAMLAssertion.IssueInstant = DateTime.Now;
oSAMLAssertion.Subject =
new Saml2Subject (new Saml2NameIdentifier ("CPS") { Value = sPSID });
oSAMLAssertion.Statements
.Add (
new Saml2AttributeStatement (
new Saml2Attribute ("identifiantFacturation", sIDFact)
));
oSAMLAssertion.Statements
.Add (
new Saml2AttributeStatement (
new Saml2Attribute ("codeSpecialiteAMO", sCodeSpec)
));
oSAMLAssertion.SigningCredentials =
new X509SigningCredentials (oPSCertificate);
No problem. But when I want the XML of this assertion to add to my SOAP request, I proceed like that :
StringBuilder oXML = new StringBuilder ();
XmlWriter oXMLSerializer = XmlWriter.Create (
oXML,
new XmlWriterSettings () { ConformanceLevel = ConformanceLevel.Fragment }
);
Saml2SecurityToken o = new Saml2SecurityToken (oSAMLAssertion);
o2.WriteToken (oXMLSerializer, o);
But my oXML.ToString return empty, I don't have the XML... I checked the .NET sources references to see if I miss something and it seems not, I should have my XML ...
What am I doing wrong ?
Upvotes: 2
Views: 2495
Answers (2)
Sekhar V Alluri
Reputation: 56
To Get the XML output the Saml2Assertion needs to have signedcredenitials otherwise xml will be blank.
X509Certificate2 cert =null;
var store = new X509Store(StoreName.My, StoreLocation.LocalMachine);
store.Open(OpenFlags.ReadOnly);
X509Certificate2 cert =null;
foreach (var certificate in store.Certificates)
{
if (certificate.Thumbprint=="ffffff")
{ cert = certificate; }
}
store.Close();
var assertion = new Saml2Assertion(new Saml2NameIdentifier("Name"))
.SigningCredentials = new X509SigningCredentials(cert);
StringBuilder sb = new StringBuilder();
var settings = new XmlWriterSettings();
settings.OmitXmlDeclaration = true;
settings.Indent = false;
settings.Encoding = Encoding.UTF8;
var stringWriter = new StringWriter(sb);
var responseWriter = XmlWriter.Create(stringWriter, settings);
new Saml2Serializer().WriteSaml2Assertion(responseWriter, assertion);
public class Saml2Serializer : Saml2SecurityTokenHandler
{
public Saml2Serializer()
{
Configuration = new SecurityTokenHandlerConfiguration()
{};
}
public void WriteSaml2Assertion(XmlWriter writer, Saml2Assertion data)
{
try
{ base.WriteAssertion(writer, data); }
catch (Exception e)
{ System.Console.Write(e.StackTrace); }
}
public void WriteSaml2Token(XmlWriter writer, Saml2SecurityToken data)
{
try
{ base.WriteToken(writer, data); }
catch (Exception e)
{ System.Console.Write(e.StackTrace); }
}
}
Upvotes: 4
d89761
Reputation: 1434
Try adding a stringwriter wrapper between the xml writer. Change this:
XmlWriter oXMLSerializer = XmlWriter.Create(oXML, new XmlWriterSettings() { ConformanceLevel = ConformanceLevel.Fragment });
to:
using (StringWriter stringWriter = new StringWriter(oXML))
using (XmlWriter oXMLSerializer = XmlWriter.Create(stringWriter, new XmlWriterSettings() { OmitXmlDeclaration = true, Encoding = Encoding.UTF8 }))
{
Saml2SecurityToken o = new Saml2SecurityToken(oSAMLAssertion);
o2.WriteToken(oXMLSerializer, o);
}
Upvotes: 0
Related Questions
- Cannot create SustainSys CertificateElement from X509Certificate2 object to update SAML2 configuration in code
- Invalid SAML AuthN Request
- Signing a SAML response generates CryptographicException: An XmlDocument context is required for enveloped transforms
- How can I sign XML SAML Assertions in ASP.NET CORE
- SAML Assertion in a XML using C#
- SAML Response xml not valid
- How to manually validate a SAMLResponse signature?
- SignedXml.CheckSignature throws exception: Value cannot be null. Parameter name: name
- Encrypt SAML 2.0 assertion with SP public certificate - Component Space
- SignedXml.CheckSignature() is true, but SignedXml.CheckSignature(certificate) is false