|
Chilkat • HOME • .NET Core C# • Android™ • AutoIt • C • C# • C++ • Chilkat2-Python • CkPython • Classic ASP • DataFlex • Delphi ActiveX • Delphi DLL • Go • Java • Lianja • Mono C# • Node.js • Objective-C • PHP ActiveX • PHP Extension • Perl • PowerBuilder • PowerShell • PureBasic • Ruby • SQL Server • Swift 2 • Swift 3,4,5... • Tcl • Unicode C • Unicode C++ • VB.NET • VBScript • Visual Basic 6.0 • Visual FoxPro • Xojo Plugin
(DataFlex) Create AuthNRequest with embedded signature (HTTP-POST binding)Demonstrates how to create a SAML AuthNRequest with embedded signature (HTTP-POST binding).
Use ChilkatAx-win32.pkg Procedure Test Boolean iSuccess Handle hoXmlToSign Handle hoGen Variant vCert Handle hoCert Variant vSbXml Handle hoSbXml Handle hoVerifier Boolean iVerified String sTemp1 // This example requires the Chilkat API to have been previously unlocked. // See Global Unlock Sample for sample code. // This example will sign the following SAML AuthNRequest: // <samlp:AuthnRequest // xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" // xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" // ID="pfx41d8ef22-e612-8c50-9960-1b16f15741b3" // Version="2.0" ProviderName="SP test" IssueInstant="2014-07-16T23:52:45Z" // Destination="http://idp.example.com/SSOService.php" // ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" // AssertionConsumerServiceURL="http://sp.example.com/demo1/index.php?acs"> // <saml:Issuer>http://sp.example.com/demo1/metadata.php</saml:Issuer> // <samlp:NameIDPolicy Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress" AllowCreate="true"/> // <samlp:RequestedAuthnContext Comparison="exact"> // <saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef> // </samlp:RequestedAuthnContext> // </samlp:AuthnRequest> // First we build the XML to be signed. // // Use this online tool to generate the code from sample XML: // Generate Code to Create XML Move True To iSuccess Get Create (RefClass(cComChilkatXml)) To hoXmlToSign If (Not(IsComObjectCreated(hoXmlToSign))) Begin Send CreateComObject of hoXmlToSign End Set ComTag Of hoXmlToSign To "samlp:AuthnRequest" Get ComAddAttribute Of hoXmlToSign "xmlns:samlp" "urn:oasis:names:tc:SAML:2.0:protocol" To iSuccess Get ComAddAttribute Of hoXmlToSign "xmlns:saml" "urn:oasis:names:tc:SAML:2.0:assertion" To iSuccess Get ComAddAttribute Of hoXmlToSign "ID" "pfx41d8ef22-e612-8c50-9960-1b16f15741b3" To iSuccess Get ComAddAttribute Of hoXmlToSign "Version" "2.0" To iSuccess Get ComAddAttribute Of hoXmlToSign "ProviderName" "SP test" To iSuccess Get ComAddAttribute Of hoXmlToSign "IssueInstant" "2014-07-16T23:52:45Z" To iSuccess Get ComAddAttribute Of hoXmlToSign "Destination" "http://idp.example.com/SSOService.php" To iSuccess Get ComAddAttribute Of hoXmlToSign "ProtocolBinding" "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" To iSuccess Get ComAddAttribute Of hoXmlToSign "AssertionConsumerServiceURL" "http://sp.example.com/demo1/index.php?acs" To iSuccess Send ComUpdateChildContent To hoXmlToSign "saml:Issuer" "http://sp.example.com/demo1/metadata.php" Get ComUpdateAttrAt Of hoXmlToSign "samlp:NameIDPolicy" True "Format" "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress" To iSuccess Get ComUpdateAttrAt Of hoXmlToSign "samlp:NameIDPolicy" True "AllowCreate" "true" To iSuccess Get ComUpdateAttrAt Of hoXmlToSign "samlp:RequestedAuthnContext" True "Comparison" "exact" To iSuccess Send ComUpdateChildContent To hoXmlToSign "samlp:RequestedAuthnContext|saml:AuthnContextClassRef" "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport" // Also see the online tool to generate the code from sample already-signed XML: // Generate XML Signature Creation Code from an Already-Signed XML Sample Get Create (RefClass(cComChilkatXmlDSigGen)) To hoGen If (Not(IsComObjectCreated(hoGen))) Begin Send CreateComObject of hoGen End Set ComSigLocation Of hoGen To "samlp:AuthnRequest" Set ComSigNamespacePrefix Of hoGen To "ds" Set ComSigNamespaceUri Of hoGen To "http://www.w3.org/2000/09/xmldsig#" Set ComSignedInfoCanonAlg Of hoGen To "EXCL_C14N" Set ComSignedInfoDigestMethod Of hoGen To "sha1" // -------- Reference 1 -------- Get ComAddSameDocRef Of hoGen "pfx41d8ef22-e612-8c50-9960-1b16f15741b3" "sha1" "EXCL_C14N" "" "" To iSuccess // Provide a certificate + private key. (PFX password is test123) Get Create (RefClass(cComChilkatCert)) To hoCert If (Not(IsComObjectCreated(hoCert))) Begin Send CreateComObject of hoCert End Get ComLoadPfxFile Of hoCert "qa_data/pfx/cert_test123.pfx" "test123" To iSuccess If (iSuccess <> True) Begin Get ComLastErrorText Of hoCert To sTemp1 Showln sTemp1 Procedure_Return End Get pvComObject of hoCert to vCert Get ComSetX509Cert Of hoGen vCert True To iSuccess Set ComKeyInfoType Of hoGen To "X509Data" Set ComX509Type Of hoGen To "Certificate" // Load XML to be signed... Get Create (RefClass(cComChilkatStringBuilder)) To hoSbXml If (Not(IsComObjectCreated(hoSbXml))) Begin Send CreateComObject of hoSbXml End Get pvComObject of hoSbXml to vSbXml Get ComGetXmlSb Of hoXmlToSign vSbXml To iSuccess Set ComBehaviors Of hoGen To "IndentedSignature,ForceAddEnvelopedSignatureTransform" // Sign the XML... Get pvComObject of hoSbXml to vSbXml Get ComCreateXmlDSigSb Of hoGen vSbXml To iSuccess If (iSuccess <> True) Begin Get ComLastErrorText Of hoGen To sTemp1 Showln sTemp1 Procedure_Return End // Save the signed XMl to a file. Get ComWriteFile Of hoSbXml "qa_output/signedXml.xml" "utf-8" False To iSuccess // A sample of the signed XML is shown below.. Get ComGetAsString Of hoSbXml To sTemp1 Showln sTemp1 // ---------------------------------------- // Verify the signature we just produced... Get Create (RefClass(cComChilkatXmlDSig)) To hoVerifier If (Not(IsComObjectCreated(hoVerifier))) Begin Send CreateComObject of hoVerifier End Get pvComObject of hoSbXml to vSbXml Get ComLoadSignatureSb Of hoVerifier vSbXml To iSuccess If (iSuccess <> True) Begin Get ComLastErrorText Of hoVerifier To sTemp1 Showln sTemp1 Procedure_Return End Get ComVerifySignature Of hoVerifier True To iVerified If (iVerified <> True) Begin Get ComLastErrorText Of hoVerifier To sTemp1 Showln sTemp1 Procedure_Return End Showln "This signature was successfully verified." // ----------------------------------------- // Sample output of AuthNRequest signed XML: // (Line-breaks and some indenting added for readability..) // <?xml version="1.0" encoding="utf-8"?> // <samlp:AuthnRequest // xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" // xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" // ID="pfx41d8ef22-e612-8c50-9960-1b16f15741b3" // Version="2.0" ProviderName="SP test" // IssueInstant="2014-07-16T23:52:45Z" // Destination="http://idp.example.com/SSOService.php" // ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" // AssertionConsumerServiceURL="http://sp.example.com/demo1/index.php?acs"> // <saml:Issuer>http://sp.example.com/demo1/metadata.php</saml:Issuer> // <samlp:NameIDPolicy Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress" AllowCreate="true"/> // <samlp:RequestedAuthnContext Comparison="exact"> // <saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef> // </samlp:RequestedAuthnContext> // <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> // <ds:SignedInfo> // <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> // <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> // <ds:Reference URI="#pfx41d8ef22-e612-8c50-9960-1b16f15741b3"> // <ds:Transforms> // <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/> // <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> // </ds:Transforms> // <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> // <ds:DigestValue>5d+/YNShy4qnvZcvik8fHHg2SWQ=</ds:DigestValue> // </ds:Reference> // </ds:SignedInfo> // <ds:SignatureValue>QS16H5...U5LQ==</ds:SignatureValue> // <ds:KeyInfo> // <ds:X509Data> // <ds:X509Certificate>MIIF...tjlF4=</ds:X509Certificate> // </ds:X509Data> // </ds:KeyInfo> // </ds:Signature> // </samlp:AuthnRequest> // End_Procedure |
||||
© 2000-2024 Chilkat Software, Inc. All Rights Reserved.