Reputation: 24325
SAML 2.0 and EncryptedAssertion
I am new to this Claims and SAML concept. I am using WIF from ASP.NET and recieve the request below from my IDP. I sent a username/password via a http request and recieved this SAML response. What exactly do I do now? I heard I need to validate the signature and key, and if so, how (.NET) and why?
<EncryptedAssertion xmlns="urn:oasis:names:tc:SAML:2.0:assertion">
- <xenc:EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc" />
- <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
- <e:EncryptedKey xmlns:e="http://www.w3.org/2001/04/xmlenc#">
- <e:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p">
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
</e:EncryptionMethod>
- <KeyInfo>
- <o:SecurityTokenReference xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
- <X509Data>
- <X509IssuerSerial>
<X509IssuerName>CN=LeastPrivilegeCA</X509IssuerName>
<X509SerialNumber>458206499362374248562711</X509SerialNumber>
</X509IssuerSerial>
</X509Data>
</o:SecurityTokenReference>
</KeyInfo>
- <e:CipherData>
<e:CipherValue>SOME DATA</e:CipherValue>
</e:CipherData>
</e:EncryptedKey>
</KeyInfo>
- <xenc:CipherData>
<xenc:CipherValue>SOME DATA</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedData>
</EncryptedAssertion>
Upvotes: 0
Views: 2406
Answers (1)
Reputation: 9494
To use SAML 2.0 with Windows Identity Foundation (WIF), you'll need the WIF Extension for the SAML 2.0 Protocol. Once you download it, you'll find some good examples on how to use the SAML token for authentication.
You really shouldn't need to do anything manually to parse this token since WIF should manage all of this for you. You'll just need to make sure you have the right certificate installed and configured to decrypt the message. If you're using the SAML 2.0 extension, this will be setup in the service provider configuration which is referenced in the web.config:
<microsoft.identityModel.saml metadata="bin\App_Data\serviceprovider.xml">
<!-- The location of the configuration files of all the partners this service trusts. -->
<identityProviders>
<metadata file="bin\App_Data\identityprovider.xml"/>
</identityProviders>
</microsoft.identityModel.saml>
Hopefully this helps.
Upvotes: 1
Related Questions
- How to read claims from SamlSecurityToken
- Create SAML 2.0 response with signed and encrypted Assertion using c#
- Can WIF Saml2SecurityTokenHandler validate top-level signature?
- Authentication using SAML
- Creating SAML 2 SSO token request using WIF
- Decrypting SAML 2 assertion using .NET 4.5 (System.IdentityModel) / WIF
- Failure validating SAML 2 assertion using Windows Identity Foundation
- SAML 2.0 password authentication
- Claims and SAML2 confusion
- WIF (Windows Identity Foundation) with SAML 2.0