I
Ilkay Benian
Hi,
I'm trying to verify a signed SAML reponse. It's an enveloped signature
with following format:
<Response ResponseID="xxx" >
<ds:Signature> ...
<ds:Reference URI="xxx">
...
I use SignedXML class in the MS WSE library. This class works as expected
when the Reference element refers to an element with Id="xxx". But for SAML
responses, there's no Id element, but instead it has ResponseID. Somehow, I
must tell the SignedXML to use ReponseID to find the Reference! I've tried
to hack it by changing the ds:Reference URI="", so that it would implicitly
refer to the top element. But it didn't work!
When I run a search on the internet, I see similar problems but no
appropriate solutions.
If you have any experience/idea, please respond.
Thanks.
I'm trying to verify a signed SAML reponse. It's an enveloped signature
with following format:
<Response ResponseID="xxx" >
<ds:Signature> ...
<ds:Reference URI="xxx">
...
I use SignedXML class in the MS WSE library. This class works as expected
when the Reference element refers to an element with Id="xxx". But for SAML
responses, there's no Id element, but instead it has ResponseID. Somehow, I
must tell the SignedXML to use ReponseID to find the Reference! I've tried
to hack it by changing the ds:Reference URI="", so that it would implicitly
refer to the top element. But it didn't work!
When I run a search on the internet, I see similar problems but no
appropriate solutions.
If you have any experience/idea, please respond.
Thanks.