Sample code for 30+ languages & platforms
Delphi ActiveX

SAML Signature Validation

See more XML Digital Signatures Examples

A SAML Signature is an XML Digital Signature (XMLDSig) just like any other XML digital signature. It can be verified by using Chilkat' XmlDSig class, as shown in this example.

Chilkat Delphi ActiveX Downloads

Delphi ActiveX
uses
    Winapi.Windows, Winapi.Messages, System.SysUtils, System.Variants, System.Classes, Vcl.Graphics,
    Vcl.Controls, Vcl.Forms, Vcl.Dialogs, Vcl.StdCtrls, Chilkat_TLB;

...

procedure TForm1.Button1Click(Sender: TObject);
var
success: Integer;
dsig: TChilkatXmlDSig;
numSignatures: Integer;
i: Integer;
bVerifyRefDigests: Integer;
bSignatureVerified: Integer;
numRefDigests: Integer;
j: Integer;
bDigestVerified: Integer;

begin
success := 0;

// This example requires the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.

dsig := TChilkatXmlDSig.Create(Self);
success := dsig.LoadSignature('XML xml signature goes here...');

// A sample SAML signature is shown below..

numSignatures := dsig.NumSignatures;
i := 0;
while i < numSignatures do
  begin
    dsig.Selector := i;

    bVerifyRefDigests := 0;
    bSignatureVerified := dsig.VerifySignature(bVerifyRefDigests);
    if (bSignatureVerified = 1) then
      begin
        Memo1.Lines.Add('Signature ' + IntToStr(i + 1) + ' verified');
      end
    else
      begin
        Memo1.Lines.Add('Signature ' + IntToStr(i + 1) + ' invalid');
      end;

    // Check each of the reference digests separately..
    numRefDigests := dsig.NumReferences;
    j := 0;
    while j < numRefDigests do
      begin
        bDigestVerified := dsig.VerifyReferenceDigest(j);
        Memo1.Lines.Add('reference digest ' + IntToStr(j + 1) + ' verified = ' + IntToStr(Ord(bDigestVerified)));
        if (bDigestVerified = 0) then
          begin
            Memo1.Lines.Add('    reference digest fail reason: ' + IntToStr(dsig.RefFailReason));
          end;

        j := j + 1;
      end;

    i := i + 1;
  end;

// --------------------------------------
// Here is a sample SAML XML Signature
// 
// 
// <?xml version="1.0" encoding="UTF-8"?>
// <saml2p:Response xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" ID="abc123" Version="2.0" IssueInstant="2022-04-01T12:34:56Z" Destination="https://sp.example.com/sso">
//   <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://idp.example.com</saml2:Issuer>
//   <saml2p:Status>
//     <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
//   </saml2p:Status>
//   <saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" ID="def456" IssueInstant="2022-04-01T12:34:56Z" Version="2.0">
//     <saml2:Issuer>https://idp.example.com</saml2:Issuer>
//     <saml2:Subject>
//       <saml2:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">user@example.com</saml2:NameID>
//     </saml2:Subject>
//     <saml2:Conditions NotBefore="2022-04-01T12:34:56Z" NotOnOrAfter="2022-04-01T13:34:56Z"/>
//     <saml2:AuthnStatement AuthnInstant="2022-04-01T12:34:56Z">
//       <saml2:AuthnContext>
//         <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</saml2:AuthnContextClassRef>
//       </saml2:AuthnContext>
//     </saml2:AuthnStatement>
//     <!-- Additional assertion content -->
//   </saml2:Assertion>
//   <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
//     <ds:SignedInfo>
//       <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
//       <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
//       <ds:Reference URI="#abc123">
//         <ds:Transforms>
//           <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
//           <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
//         </ds:Transforms>
//         <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
//         <ds:DigestValue>q7Zj1w+...+pCsjw=</ds:DigestValue>
//       </ds:Reference>
//       <!-- Additional references if present -->
//     </ds:SignedInfo>
//     <ds:SignatureValue>
//       NjIzOWE5ZjA2M2M1...NzUwNzUwNzUwNzUwNzU=
//     </ds:SignatureValue>
//     <ds:KeyInfo>
//       <ds:X509Data>
//         <ds:X509Certificate>
//           MIIDgzCCAmugAwIBAg...AgADAA==
//         </ds:X509Certificate>
//       </ds:X509Data>
//     </ds:KeyInfo>
//   </ds:Signature>
// </saml2p:Response>
end;