Unicode C
Unicode C
SAML Signature Validation
See more XML Digital Signatures Examples
A SAML Signature is an XML Digital Signature (XMLDSig) just like any other XML digital signature. It can be verified by using Chilkat' XmlDSig class, as shown in this example.Chilkat Unicode C Downloads
#include <C_CkXmlDSigW.h>
void ChilkatSample(void)
{
BOOL success;
HCkXmlDSigW dsig;
int numSignatures;
int i;
BOOL bVerifyRefDigests;
BOOL bSignatureVerified;
int numRefDigests;
int j;
BOOL bDigestVerified;
success = FALSE;
// This example requires the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.
dsig = CkXmlDSigW_Create();
success = CkXmlDSigW_LoadSignature(dsig,L"XML xml signature goes here...");
// A sample SAML signature is shown below..
numSignatures = CkXmlDSigW_getNumSignatures(dsig);
i = 0;
while (i < numSignatures) {
CkXmlDSigW_putSelector(dsig,i);
bVerifyRefDigests = FALSE;
bSignatureVerified = CkXmlDSigW_VerifySignature(dsig,bVerifyRefDigests);
if (bSignatureVerified == TRUE) {
wprintf(L"Signature %d verified\n",i + 1);
}
else {
wprintf(L"Signature %d invalid\n",i + 1);
}
// Check each of the reference digests separately..
numRefDigests = CkXmlDSigW_getNumReferences(dsig);
j = 0;
while (j < numRefDigests) {
bDigestVerified = CkXmlDSigW_VerifyReferenceDigest(dsig,j);
wprintf(L"reference digest %d verified = %d\n",j + 1,bDigestVerified);
if (bDigestVerified == FALSE) {
wprintf(L" reference digest fail reason: %d\n",CkXmlDSigW_getRefFailReason(dsig));
}
j = j + 1;
}
i = i + 1;
}
// --------------------------------------
// Here is a sample SAML XML Signature
//
//
// <?xml version="1.0" encoding="UTF-8"?>
// <saml2p:Response xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" ID="abc123" Version="2.0" IssueInstant="2022-04-01T12:34:56Z" Destination="https://sp.example.com/sso">
// <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://idp.example.com</saml2:Issuer>
// <saml2p:Status>
// <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
// </saml2p:Status>
// <saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" ID="def456" IssueInstant="2022-04-01T12:34:56Z" Version="2.0">
// <saml2:Issuer>https://idp.example.com</saml2:Issuer>
// <saml2:Subject>
// <saml2:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">user@example.com</saml2:NameID>
// </saml2:Subject>
// <saml2:Conditions NotBefore="2022-04-01T12:34:56Z" NotOnOrAfter="2022-04-01T13:34:56Z"/>
// <saml2:AuthnStatement AuthnInstant="2022-04-01T12:34:56Z">
// <saml2:AuthnContext>
// <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</saml2:AuthnContextClassRef>
// </saml2:AuthnContext>
// </saml2:AuthnStatement>
// <!-- Additional assertion content -->
// </saml2:Assertion>
// <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
// <ds:SignedInfo>
// <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
// <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
// <ds:Reference URI="#abc123">
// <ds:Transforms>
// <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
// <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
// </ds:Transforms>
// <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
// <ds:DigestValue>q7Zj1w+...+pCsjw=</ds:DigestValue>
// </ds:Reference>
// <!-- Additional references if present -->
// </ds:SignedInfo>
// <ds:SignatureValue>
// NjIzOWE5ZjA2M2M1...NzUwNzUwNzUwNzUwNzU=
// </ds:SignatureValue>
// <ds:KeyInfo>
// <ds:X509Data>
// <ds:X509Certificate>
// MIIDgzCCAmugAwIBAg...AgADAA==
// </ds:X509Certificate>
// </ds:X509Data>
// </ds:KeyInfo>
// </ds:Signature>
// </saml2p:Response>
CkXmlDSigW_Dispose(dsig);
}