(DataFlex) SAML Signature Validation

See more XML Digital Signatures Examples

A SAML Signature is an XML Digital Signature (XMLDSig) just like any other XML digital signature. It can be verified by using Chilkat' XmlDSig class, as shown in this example.

Chilkat ActiveX Downloads ActiveX for 32-bit and 64-bit Windows

Use ChilkatAx-win32.pkg

Procedure Test
    Handle hoDsig
    Boolean iSuccess
    Integer iNumSignatures
    Integer i
    Boolean iBVerifyRefDigests
    Boolean iBSignatureVerified
    Integer iNumRefDigests
    Integer j
    Boolean iBDigestVerified
    Integer iTemp1

    // This example requires the Chilkat API to have been previously unlocked.
    // See Global Unlock Sample for sample code.

    Get Create (RefClass(cComChilkatXmlDSig)) To hoDsig
    If (Not(IsComObjectCreated(hoDsig))) Begin
        Send CreateComObject of hoDsig
    End
    Get ComLoadSignature Of hoDsig "XML xml signature goes here..." To iSuccess

    // A sample SAML signature is shown below..

    Get ComNumSignatures Of hoDsig To iNumSignatures
    Move 0 To i
    While (i < iNumSignatures)
        Set ComSelector Of hoDsig To i

        Move False To iBVerifyRefDigests
        Get ComVerifySignature Of hoDsig iBVerifyRefDigests To iBSignatureVerified
        If (iBSignatureVerified = True) Begin
            Showln "Signature " (i + 1) " verified"
        End
        Else Begin
            Showln "Signature " (i + 1) " invalid"
        End

        // Check each of the reference digests separately..
        Get ComNumReferences Of hoDsig To iNumRefDigests
        Move 0 To j
        While (j < iNumRefDigests)
            Get ComVerifyReferenceDigest Of hoDsig j To iBDigestVerified
            Showln "reference digest " (j + 1) " verified = " iBDigestVerified
            If (iBDigestVerified = False) Begin
                Get ComRefFailReason Of hoDsig To iTemp1
                Showln "    reference digest fail reason: " iTemp1
            End

            Move (j + 1) To j
        Loop

        Move (i + 1) To i
    Loop

    // --------------------------------------
    // Here is a sample SAML XML Signature
    // 
    // 
    // <?xml version="1.0" encoding="UTF-8"?>
    // <saml2p:Response xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" ID="abc123" Version="2.0" IssueInstant="2022-04-01T12:34:56Z" Destination="https://sp.example.com/sso">
    //   <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://idp.example.com</saml2:Issuer>
    //   <saml2p:Status>
    //     <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    //   </saml2p:Status>
    //   <saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" ID="def456" IssueInstant="2022-04-01T12:34:56Z" Version="2.0">
    //     <saml2:Issuer>https://idp.example.com</saml2:Issuer>
    //     <saml2:Subject>
    //       <saml2:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">user@example.com</saml2:NameID>
    //     </saml2:Subject>
    //     <saml2:Conditions NotBefore="2022-04-01T12:34:56Z" NotOnOrAfter="2022-04-01T13:34:56Z"/>
    //     <saml2:AuthnStatement AuthnInstant="2022-04-01T12:34:56Z">
    //       <saml2:AuthnContext>
    //         <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</saml2:AuthnContextClassRef>
    //       </saml2:AuthnContext>
    //     </saml2:AuthnStatement>
    //     <!-- Additional assertion content -->
    //   </saml2:Assertion>
    //   <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
    //     <ds:SignedInfo>
    //       <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
    //       <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
    //       <ds:Reference URI="#abc123">
    //         <ds:Transforms>
    //           <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
    //           <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
    //         </ds:Transforms>
    //         <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
    //         <ds:DigestValue>q7Zj1w+...+pCsjw=</ds:DigestValue>
    //       </ds:Reference>
    //       <!-- Additional references if present -->
    //     </ds:SignedInfo>
    //     <ds:SignatureValue>
    //       NjIzOWE5ZjA2M2M1...NzUwNzUwNzUwNzUwNzU=
    //     </ds:SignatureValue>
    //     <ds:KeyInfo>
    //       <ds:X509Data>
    //         <ds:X509Certificate>
    //           MIIDgzCCAmugAwIBAg...AgADAA==
    //         </ds:X509Certificate>
    //       </ds:X509Data>
    //     </ds:KeyInfo>
    //   </ds:Signature>
    // </saml2p:Response>


End_Procedure