Reputation: 1325
Signature Attribute Values in SAML 2.0
I am in process of creating an SAML 2.0 response from IDP to SP. What I need is to get the values of the SAML 2.0 attributes from the certificate I got. Following are the SAML 2.0 attributes:
`<ds:SignatureValue> value from certificate </ds:SignatureValue>
<ds:DigestValue> value from certificate </ds:DigestValue>
`
And also can anybody guide me that what exactly are the steps I need to perform on SP side to successfully validate the generated SignatureValue form the given certificate.
Thanks!
Upvotes: 0
Views: 1057
Answers (1)
Reputation: 3424
There is an Oracle tutorial for how to validate XML digital signatures using the java.xml.crypto.dsig APIs:
http://docs.oracle.com/javase/7/docs/technotes/guides/security/xmldsig/XMLDigitalSignature.html
Unfortunately I did not have an easy time actually locating the code samples to download. I did find one bit of the sample validation code here.
Another good article is here.
At some point you'll need to obtain your SP's public key from the certificate and provide it to your validation code - that's covered in the tutorial under using KeySelectors section. You can use the keytool command to extract from the certificate and add it to a keystore. Sometimes this comes from key/certificate exchange offline; sometimes the key itself comes within the SAML document as X.509 data within<KeyInfo>.
Upvotes: 1
Related Questions
- Verify Signature of SAML Response
- How to add KeyInfo & X509Data under the Signature in SAML 2.0 using Java
- Signature as parameter in the authentication request
- Steps to generate Signature Value in SAML Response XML
- How to Sign SAML Response using Open SAML?
- unable to get signature value in SAMLResponse
- Spring Security SAML - Signature and Decryption
- add attribute to signature xml in java
- SAML 2.0 x509 Certificate and Signature value?
- SAML Request Signature verification failure