Reputation: 1167
Sign SAML Response with or without Assertion Signature?
When signing a SAML Response that also has a signed Assertion, should I:
A) Generate the Response signature without the Assertion signature. Then inject the Assertion signature after both signatures have been generated.
B) Generate the Assertion signature and include it when generating the Response signature.
C) Something else?
Upvotes: 15
Views: 23132
Answers (4)
Reputation: 9845
SAML is awful, every time I read answer they are almost correct, here is the correct algorithm distilled:
- SHA1 the canonical version of the Assertion.
- Generate a SignedInfo XML fragment with the SHA1 signature
- Sign the SignedInfo XML fragment, again the canonical form
- Take the SignedInfo, the Signature and the key info and create a Signature XML fragment
- Insert this SignatureXML into the Assertion ( should go right before the saml:subject)
- Now take the assertion(with the signature included) and insert it into the Response
- SHA1 this response
- Generate a SignedInfo XML fragment with the SHA1 signature
- Sign the SignedInfo XML fragment, again the canonical form
- Take the SignedInfo, the Signature and the key info and create a Signature XML fragment
- Insert this SignatureXML into the Response
- Add the XML version info to the response.
Thats it. SAML is completely awful. There are tons of little subtleties that make implementing SAML a nightmare(like calculating the canonical form of a subset of the XML(the assertion), also the XML version of XML documents is not included.
I finished my implementation, I hope never to revisit such pain again.
Upvotes: 44
Reputation: 4255
I believe the correct answer is B). Sign the Assertion first then sign the Response that contains the signed Assertion data. However, if a single Issuer/Entity (STS/IDP/etc) is signing both there is no real reason to sign the Assertion is there? Just sign the Protocol Message/Response which should include the Assertion data. This will cut down on processing requirements at the SP. For Web SSO, I've only ever seen both portions signed when you have a different entity signing the Assertion vs the Response.
Upvotes: 8
Reputation: 1563
The right answer is B.
If asserting party signs the SAML response using A, then the relying party must remove the signature of the SAML response and the signature of the SAML assertion before validating the SAML response. SAML Core Specification says that the signature must not be generated using transforms other than enveloped signature transform or exclusive canonicalization transform. None of these two transforms can remove the signature of the SAML assertion. Thus, the relying party cannot validate the SAML response.
Upvotes: 0
Reputation: 1174
If you're signing both, then the assertion MUST be signed first, then the response, because the response signature will be based on the entire contents of the response (including the assertion signature). So signing the assertion second would invalidate the response signature.
Upvotes: 6
Related Questions
- Validate signed assertion embedded in SAMLResponse
- How to have a SAML request/response signed using Spring Security SAML extension
- Steps to generate Signature Value in SAML Response XML
- Asp.Net Core SAML Response Signature Validation
- What are the security implications of sending SAML assertions unsigned?
- How to validate SAML assertion signatures
- How can I sign XML SAML Assertions in ASP.NET CORE
- How to manually validate a SAMLResponse signature?
- How can I sign a SOAP message (body and a header element) with a SAML assertion token?
- Required signature on a SAML assertion