(C) SAML Signature Validation

See more XML Digital Signatures Examples

A SAML Signature is an XML Digital Signature (XMLDSig) just like any other XML digital signature. It can be verified by using Chilkat' XmlDSig class, as shown in this example.

Chilkat C/C++ Library Downloads
MS Visual C/C++ Linux/CentOS C/C++ Alpine Linux C/C++ MAC OS X C/C++	armhf/aarch64 C/C++ C++ Builder iOS C/C++ Android C/C++	Solaris C/C++ MinGW C/C++

#include <C_CkXmlDSig.h>

void ChilkatSample(void)
    {
    HCkXmlDSig dsig;
    BOOL success;
    int numSignatures;
    int i;
    BOOL bVerifyRefDigests;
    BOOL bSignatureVerified;
    int numRefDigests;
    int j;
    BOOL bDigestVerified;

    // This example requires the Chilkat API to have been previously unlocked.
    // See Global Unlock Sample for sample code.

    dsig = CkXmlDSig_Create();
    success = CkXmlDSig_LoadSignature(dsig,"XML xml signature goes here...");

    // A sample SAML signature is shown below..

    numSignatures = CkXmlDSig_getNumSignatures(dsig);
    i = 0;
    while (i < numSignatures) {
        CkXmlDSig_putSelector(dsig,i);

        bVerifyRefDigests = FALSE;
        bSignatureVerified = CkXmlDSig_VerifySignature(dsig,bVerifyRefDigests);
        if (bSignatureVerified == TRUE) {
            printf("Signature %d verified\n",i + 1);
        }
        else {
            printf("Signature %d invalid\n",i + 1);
        }

        // Check each of the reference digests separately..
        numRefDigests = CkXmlDSig_getNumReferences(dsig);
        j = 0;
        while (j < numRefDigests) {
            bDigestVerified = CkXmlDSig_VerifyReferenceDigest(dsig,j);
            printf("reference digest %d verified = %d\n",j + 1,bDigestVerified);
            if (bDigestVerified == FALSE) {
                printf("    reference digest fail reason: %d\n",CkXmlDSig_getRefFailReason(dsig));
            }

            j = j + 1;
        }

        i = i + 1;
    }

    // --------------------------------------
    // Here is a sample SAML XML Signature
    // 
    // 
    // <?xml version="1.0" encoding="UTF-8"?>
    // <saml2p:Response xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" ID="abc123" Version="2.0" IssueInstant="2022-04-01T12:34:56Z" Destination="https://sp.example.com/sso">
    //   <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://idp.example.com</saml2:Issuer>
    //   <saml2p:Status>
    //     <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    //   </saml2p:Status>
    //   <saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" ID="def456" IssueInstant="2022-04-01T12:34:56Z" Version="2.0">
    //     <saml2:Issuer>https://idp.example.com</saml2:Issuer>
    //     <saml2:Subject>
    //       <saml2:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">user@example.com</saml2:NameID>
    //     </saml2:Subject>
    //     <saml2:Conditions NotBefore="2022-04-01T12:34:56Z" NotOnOrAfter="2022-04-01T13:34:56Z"/>
    //     <saml2:AuthnStatement AuthnInstant="2022-04-01T12:34:56Z">
    //       <saml2:AuthnContext>
    //         <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</saml2:AuthnContextClassRef>
    //       </saml2:AuthnContext>
    //     </saml2:AuthnStatement>
    //     <!-- Additional assertion content -->
    //   </saml2:Assertion>
    //   <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
    //     <ds:SignedInfo>
    //       <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
    //       <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
    //       <ds:Reference URI="#abc123">
    //         <ds:Transforms>
    //           <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
    //           <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
    //         </ds:Transforms>
    //         <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
    //         <ds:DigestValue>q7Zj1w+...+pCsjw=</ds:DigestValue>
    //       </ds:Reference>
    //       <!-- Additional references if present -->
    //     </ds:SignedInfo>
    //     <ds:SignatureValue>
    //       NjIzOWE5ZjA2M2M1...NzUwNzUwNzUwNzUwNzU=
    //     </ds:SignatureValue>
    //     <ds:KeyInfo>
    //       <ds:X509Data>
    //         <ds:X509Certificate>
    //           MIIDgzCCAmugAwIBAg...AgADAA==
    //         </ds:X509Certificate>
    //       </ds:X509Data>
    //     </ds:KeyInfo>
    //   </ds:Signature>
    // </saml2p:Response>


    CkXmlDSig_Dispose(dsig);

    }