Sample code for 30+ languages & platforms
PowerBuilder

SAML Signature Validation

See more XML Digital Signatures Examples

A SAML Signature is an XML Digital Signature (XMLDSig) just like any other XML digital signature. It can be verified by using Chilkat' XmlDSig class, as shown in this example.

Chilkat PowerBuilder Downloads

PowerBuilder
integer li_rc
integer li_Success
oleobject loo_Dsig
integer li_NumSignatures
integer i
integer li_BVerifyRefDigests
integer li_BSignatureVerified
integer li_NumRefDigests
integer j
integer li_BDigestVerified

li_Success = 0

// This example requires the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.

loo_Dsig = create oleobject
li_rc = loo_Dsig.ConnectToNewObject("Chilkat.XmlDSig")
if li_rc < 0 then
    destroy loo_Dsig
    MessageBox("Error","Connecting to COM object failed")
    return
end if
li_Success = loo_Dsig.LoadSignature("XML xml signature goes here...")

// A sample SAML signature is shown below..

li_NumSignatures = loo_Dsig.NumSignatures
i = 0
do while i < li_NumSignatures
    loo_Dsig.Selector = i

    li_BVerifyRefDigests = 0
    li_BSignatureVerified = loo_Dsig.VerifySignature(li_BVerifyRefDigests)
    if li_BSignatureVerified = 1 then
        Write-Debug "Signature " + string(i + 1) + " verified"
    else
        Write-Debug "Signature " + string(i + 1) + " invalid"
    end if

    // Check each of the reference digests separately..
    li_NumRefDigests = loo_Dsig.NumReferences
    j = 0
    do while j < li_NumRefDigests
        li_BDigestVerified = loo_Dsig.VerifyReferenceDigest(j)
        Write-Debug "reference digest " + string(j + 1) + " verified = " + string(li_BDigestVerified)
        if li_BDigestVerified = 0 then
            Write-Debug "    reference digest fail reason: " + string(loo_Dsig.RefFailReason)
        end if

        j = j + 1
    loop

    i = i + 1
loop

// --------------------------------------
// Here is a sample SAML XML Signature
// 
// 
// <?xml version="1.0" encoding="UTF-8"?>
// <saml2p:Response xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" ID="abc123" Version="2.0" IssueInstant="2022-04-01T12:34:56Z" Destination="https://sp.example.com/sso">
//   <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://idp.example.com</saml2:Issuer>
//   <saml2p:Status>
//     <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
//   </saml2p:Status>
//   <saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" ID="def456" IssueInstant="2022-04-01T12:34:56Z" Version="2.0">
//     <saml2:Issuer>https://idp.example.com</saml2:Issuer>
//     <saml2:Subject>
//       <saml2:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">user@example.com</saml2:NameID>
//     </saml2:Subject>
//     <saml2:Conditions NotBefore="2022-04-01T12:34:56Z" NotOnOrAfter="2022-04-01T13:34:56Z"/>
//     <saml2:AuthnStatement AuthnInstant="2022-04-01T12:34:56Z">
//       <saml2:AuthnContext>
//         <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</saml2:AuthnContextClassRef>
//       </saml2:AuthnContext>
//     </saml2:AuthnStatement>
//     <!-- Additional assertion content -->
//   </saml2:Assertion>
//   <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
//     <ds:SignedInfo>
//       <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
//       <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
//       <ds:Reference URI="#abc123">
//         <ds:Transforms>
//           <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
//           <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
//         </ds:Transforms>
//         <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
//         <ds:DigestValue>q7Zj1w+...+pCsjw=</ds:DigestValue>
//       </ds:Reference>
//       <!-- Additional references if present -->
//     </ds:SignedInfo>
//     <ds:SignatureValue>
//       NjIzOWE5ZjA2M2M1...NzUwNzUwNzUwNzUwNzU=
//     </ds:SignatureValue>
//     <ds:KeyInfo>
//       <ds:X509Data>
//         <ds:X509Certificate>
//           MIIDgzCCAmugAwIBAg...AgADAA==
//         </ds:X509Certificate>
//       </ds:X509Data>
//     </ds:KeyInfo>
//   </ds:Signature>
// </saml2p:Response>


destroy loo_Dsig