none
SAMl 2.0 Token Asymmetric RRS feed

  • Question

  • Hi,

    I am able to create a saml assertions using wcf sdk which describes classes like samlcredentials,samlutilities etc

    on debugging  i have copied genericsaml structure which contains subject,confirmation,keytoken,certificatename,signature.

    But in wcf trace i will not see certificate name But as --removed why?

    And also i have imported certificate which not having private key.But still i will see the saml assertions,signature.actually it has to throw error right.Please explain?is it does not need private key?

    And also i would like to know i need saml token 2.0 with signature in future i need bearer token .I m seeing

    <dir>

    <saml:SubjectConfirmation>

    <dir>

    <saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:holder-of-key</saml:ConfirmationMethod>

    <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">

    <dir>

    <KeyValue>

    <RSAKeyValue>

    <dir>

    <Modulus>t7WybtPK3qDP+AS0rMw1qAJn7Iyf6MIZpM6EcuMlXSb/fnZ1/Vun/e1uU8fbcjKQKCgM6Y8feVrZ62mmmI8NZS3GDuTds59+8Pr8gSDbXWIuejpu8dmS6Wx7No2orn/+hHv9oAeFIHiHWkZg6UvQ6sxdAEcTrTQ2HmK4yRqgUfE=</Modulus>

    <Exponent>AQAB</Exponent>

    </dir>

    </RSAKeyValue>

    </KeyValue>

    </dir>

    </KeyInfo>

    </dir>

    </saml:SubjectConfirmation>

    </saml:Subject>

    <saml:Attribute AttributeName="name" AttributeNamespace="http://schemas.xmlsoap.org/ws/2005/05/identity/claims">

    <saml:AttributeValue>

    <dir>

    <!-- Removed-->

    </dir>

    </saml:AttributeValue>

    </saml:Attribute>

    </dir>

    </saml:AttributeStatement>

    <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">

    <dir>

    <SignedInfo>

    <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></CanonicalizationMethod>

    <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></SignatureMethod>

    <Reference URI="#_c17383d6-395c-4a45-b8d3-7a7d62c6af0b">

    <dir>

    <Transforms>

    <dir>

    <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"></Transform>

    <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></Transform>

    </dir>

    </Transforms>

    <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></DigestMethod>

    <DigestValue>hGCeZd7RU2ekTPgXYuyYVrz+13w=</DigestValue>

    </dir>

    </Reference>

    </SignedInfo>

    <SignatureValue>Qg0Qo0YZY/removed+oxx0r40arfnjqhIytqkQYUixUnRvbfUa52TY4fKHuiNzqO63KW30DBJQTQu5igeuOVkcAhE/uGQ/FNFv+ZG7/z0SWX1VLIjafOVVhQyQAFk8mEEdWwMuDys2+nOaAryefd25xiL7dAXUtQ+OSqw=</SignatureValue>

    <KeyInfo>

    <KeyValue>

    <dir>

    <RSAKeyValue>

    <dir>

    <Modulus>t7WybtPK3qDP+removed/fnZ1/Vun/e1uU8fbcjKQKCgM6Y8feVrZ62mmmI8NZS3GDuTds59+8Pr8gSDbXWIuejpu8dmS6Wx7No2orn/+hHv9oAeFIHiHWkZg6UvQ6sxdAEcTrTQ2HmK4yRqgUfE=</Modulus>

    <Exponent>AQAB</Exponent>

    </dir>

    </RSAKeyValue>

    </dir>

    </KeyValue>

    </KeyInfo>

    </dir>

    </Signature>

     Is this saml assertions is signed.Please clarify


    priyanka

    Thursday, September 25, 2014 1:51 AM

All replies

  • Hi,

    Hope the following information helps:

    http://weblogs.asp.net/cibrax/carrying-sensitive-information-in-saml-assertions

    http://www.ibm.com/developerworks/tivoli/library/t-samlwse/

    Friday, September 26, 2014 6:48 AM