Chilkat2-Python
Chilkat2-Python
SAML Signature Validation
See more XML Digital Signatures Examples
A SAML Signature is an XML Digital Signature (XMLDSig) just like any other XML digital signature. It can be verified by using Chilkat' XmlDSig class, as shown in this example.Chilkat Chilkat2-Python Downloads
import chilkat2
success = False
# This example requires the Chilkat API to have been previously unlocked.
# See Global Unlock Sample for sample code.
dsig = chilkat2.XmlDSig()
success = dsig.LoadSignature("XML xml signature goes here...")
# A sample SAML signature is shown below..
numSignatures = dsig.NumSignatures
i = 0
while i < numSignatures :
dsig.Selector = i
bVerifyRefDigests = False
bSignatureVerified = dsig.VerifySignature(bVerifyRefDigests)
if (bSignatureVerified == True):
print("Signature " + str(i + 1) + " verified")
else:
print("Signature " + str(i + 1) + " invalid")
# Check each of the reference digests separately..
numRefDigests = dsig.NumReferences
j = 0
while j < numRefDigests :
bDigestVerified = dsig.VerifyReferenceDigest(j)
print("reference digest " + str(j + 1) + " verified = " + str(bDigestVerified))
if (bDigestVerified == False):
print(" reference digest fail reason: " + str(dsig.RefFailReason))
j = j + 1
i = i + 1
# --------------------------------------
# Here is a sample SAML XML Signature
#
#
# <?xml version="1.0" encoding="UTF-8"?>
# <saml2p:Response xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" ID="abc123" Version="2.0" IssueInstant="2022-04-01T12:34:56Z" Destination="https://sp.example.com/sso">
# <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://idp.example.com</saml2:Issuer>
# <saml2p:Status>
# <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
# </saml2p:Status>
# <saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" ID="def456" IssueInstant="2022-04-01T12:34:56Z" Version="2.0">
# <saml2:Issuer>https://idp.example.com</saml2:Issuer>
# <saml2:Subject>
# <saml2:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">user@example.com</saml2:NameID>
# </saml2:Subject>
# <saml2:Conditions NotBefore="2022-04-01T12:34:56Z" NotOnOrAfter="2022-04-01T13:34:56Z"/>
# <saml2:AuthnStatement AuthnInstant="2022-04-01T12:34:56Z">
# <saml2:AuthnContext>
# <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</saml2:AuthnContextClassRef>
# </saml2:AuthnContext>
# </saml2:AuthnStatement>
# <!-- Additional assertion content -->
# </saml2:Assertion>
# <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
# <ds:SignedInfo>
# <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
# <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
# <ds:Reference URI="#abc123">
# <ds:Transforms>
# <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
# <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
# </ds:Transforms>
# <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
# <ds:DigestValue>q7Zj1w+...+pCsjw=</ds:DigestValue>
# </ds:Reference>
# <!-- Additional references if present -->
# </ds:SignedInfo>
# <ds:SignatureValue>
# NjIzOWE5ZjA2M2M1...NzUwNzUwNzUwNzUwNzU=
# </ds:SignatureValue>
# <ds:KeyInfo>
# <ds:X509Data>
# <ds:X509Certificate>
# MIIDgzCCAmugAwIBAg...AgADAA==
# </ds:X509Certificate>
# </ds:X509Data>
# </ds:KeyInfo>
# </ds:Signature>
# </saml2p:Response>