PowerBuilder
PowerBuilder
SAML Signature Validation
See more XML Digital Signatures Examples
A SAML Signature is an XML Digital Signature (XMLDSig) just like any other XML digital signature. It can be verified by using Chilkat' XmlDSig class, as shown in this example.Chilkat PowerBuilder Downloads
integer li_rc
integer li_Success
oleobject loo_Dsig
integer li_NumSignatures
integer i
integer li_BVerifyRefDigests
integer li_BSignatureVerified
integer li_NumRefDigests
integer j
integer li_BDigestVerified
li_Success = 0
// This example requires the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.
loo_Dsig = create oleobject
li_rc = loo_Dsig.ConnectToNewObject("Chilkat.XmlDSig")
if li_rc < 0 then
destroy loo_Dsig
MessageBox("Error","Connecting to COM object failed")
return
end if
li_Success = loo_Dsig.LoadSignature("XML xml signature goes here...")
// A sample SAML signature is shown below..
li_NumSignatures = loo_Dsig.NumSignatures
i = 0
do while i < li_NumSignatures
loo_Dsig.Selector = i
li_BVerifyRefDigests = 0
li_BSignatureVerified = loo_Dsig.VerifySignature(li_BVerifyRefDigests)
if li_BSignatureVerified = 1 then
Write-Debug "Signature " + string(i + 1) + " verified"
else
Write-Debug "Signature " + string(i + 1) + " invalid"
end if
// Check each of the reference digests separately..
li_NumRefDigests = loo_Dsig.NumReferences
j = 0
do while j < li_NumRefDigests
li_BDigestVerified = loo_Dsig.VerifyReferenceDigest(j)
Write-Debug "reference digest " + string(j + 1) + " verified = " + string(li_BDigestVerified)
if li_BDigestVerified = 0 then
Write-Debug " reference digest fail reason: " + string(loo_Dsig.RefFailReason)
end if
j = j + 1
loop
i = i + 1
loop
// --------------------------------------
// Here is a sample SAML XML Signature
//
//
// <?xml version="1.0" encoding="UTF-8"?>
// <saml2p:Response xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" ID="abc123" Version="2.0" IssueInstant="2022-04-01T12:34:56Z" Destination="https://sp.example.com/sso">
// <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://idp.example.com</saml2:Issuer>
// <saml2p:Status>
// <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
// </saml2p:Status>
// <saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" ID="def456" IssueInstant="2022-04-01T12:34:56Z" Version="2.0">
// <saml2:Issuer>https://idp.example.com</saml2:Issuer>
// <saml2:Subject>
// <saml2:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">user@example.com</saml2:NameID>
// </saml2:Subject>
// <saml2:Conditions NotBefore="2022-04-01T12:34:56Z" NotOnOrAfter="2022-04-01T13:34:56Z"/>
// <saml2:AuthnStatement AuthnInstant="2022-04-01T12:34:56Z">
// <saml2:AuthnContext>
// <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</saml2:AuthnContextClassRef>
// </saml2:AuthnContext>
// </saml2:AuthnStatement>
// <!-- Additional assertion content -->
// </saml2:Assertion>
// <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
// <ds:SignedInfo>
// <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
// <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
// <ds:Reference URI="#abc123">
// <ds:Transforms>
// <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
// <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
// </ds:Transforms>
// <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
// <ds:DigestValue>q7Zj1w+...+pCsjw=</ds:DigestValue>
// </ds:Reference>
// <!-- Additional references if present -->
// </ds:SignedInfo>
// <ds:SignatureValue>
// NjIzOWE5ZjA2M2M1...NzUwNzUwNzUwNzUwNzU=
// </ds:SignatureValue>
// <ds:KeyInfo>
// <ds:X509Data>
// <ds:X509Certificate>
// MIIDgzCCAmugAwIBAg...AgADAA==
// </ds:X509Certificate>
// </ds:X509Data>
// </ds:KeyInfo>
// </ds:Signature>
// </saml2p:Response>
destroy loo_Dsig