DataFlex
DataFlex
SAML Signature Validation
See more XML Digital Signatures Examples
A SAML Signature is an XML Digital Signature (XMLDSig) just like any other XML digital signature. It can be verified by using Chilkat' XmlDSig class, as shown in this example.Chilkat DataFlex Downloads
Use ChilkatAx-win32.pkg
Procedure Test
Boolean iSuccess
Handle hoDsig
Integer iNumSignatures
Integer i
Boolean iBVerifyRefDigests
Boolean iBSignatureVerified
Integer iNumRefDigests
Integer j
Boolean iBDigestVerified
Integer iTemp1
Move False To iSuccess
// This example requires the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.
Get Create (RefClass(cComChilkatXmlDSig)) To hoDsig
If (Not(IsComObjectCreated(hoDsig))) Begin
Send CreateComObject of hoDsig
End
Get ComLoadSignature Of hoDsig "XML xml signature goes here..." To iSuccess
// A sample SAML signature is shown below..
Get ComNumSignatures Of hoDsig To iNumSignatures
Move 0 To i
While (i < iNumSignatures)
Set ComSelector Of hoDsig To i
Move False To iBVerifyRefDigests
Get ComVerifySignature Of hoDsig iBVerifyRefDigests To iBSignatureVerified
If (iBSignatureVerified = True) Begin
Showln "Signature " (i + 1) " verified"
End
Else Begin
Showln "Signature " (i + 1) " invalid"
End
// Check each of the reference digests separately..
Get ComNumReferences Of hoDsig To iNumRefDigests
Move 0 To j
While (j < iNumRefDigests)
Get ComVerifyReferenceDigest Of hoDsig j To iBDigestVerified
Showln "reference digest " (j + 1) " verified = " iBDigestVerified
If (iBDigestVerified = False) Begin
Get ComRefFailReason Of hoDsig To iTemp1
Showln " reference digest fail reason: " iTemp1
End
Move (j + 1) To j
Loop
Move (i + 1) To i
Loop
// --------------------------------------
// Here is a sample SAML XML Signature
//
//
// <?xml version="1.0" encoding="UTF-8"?>
// <saml2p:Response xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" ID="abc123" Version="2.0" IssueInstant="2022-04-01T12:34:56Z" Destination="https://sp.example.com/sso">
// <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://idp.example.com</saml2:Issuer>
// <saml2p:Status>
// <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
// </saml2p:Status>
// <saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" ID="def456" IssueInstant="2022-04-01T12:34:56Z" Version="2.0">
// <saml2:Issuer>https://idp.example.com</saml2:Issuer>
// <saml2:Subject>
// <saml2:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">user@example.com</saml2:NameID>
// </saml2:Subject>
// <saml2:Conditions NotBefore="2022-04-01T12:34:56Z" NotOnOrAfter="2022-04-01T13:34:56Z"/>
// <saml2:AuthnStatement AuthnInstant="2022-04-01T12:34:56Z">
// <saml2:AuthnContext>
// <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</saml2:AuthnContextClassRef>
// </saml2:AuthnContext>
// </saml2:AuthnStatement>
// <!-- Additional assertion content -->
// </saml2:Assertion>
// <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
// <ds:SignedInfo>
// <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
// <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
// <ds:Reference URI="#abc123">
// <ds:Transforms>
// <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
// <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
// </ds:Transforms>
// <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
// <ds:DigestValue>q7Zj1w+...+pCsjw=</ds:DigestValue>
// </ds:Reference>
// <!-- Additional references if present -->
// </ds:SignedInfo>
// <ds:SignatureValue>
// NjIzOWE5ZjA2M2M1...NzUwNzUwNzUwNzUwNzU=
// </ds:SignatureValue>
// <ds:KeyInfo>
// <ds:X509Data>
// <ds:X509Certificate>
// MIIDgzCCAmugAwIBAg...AgADAA==
// </ds:X509Certificate>
// </ds:X509Data>
// </ds:KeyInfo>
// </ds:Signature>
// </saml2p:Response>
End_Procedure