(Visual Basic 6.0) SAML Signature Validation

See more XML Digital Signatures Examples

A SAML Signature is an XML Digital Signature (XMLDSig) just like any other XML digital signature. It can be verified by using Chilkat' XmlDSig class, as shown in this example.

Chilkat ActiveX Downloads ActiveX for 32-bit and 64-bit Windows

' This example requires the Chilkat API to have been previously unlocked.
' See Global Unlock Sample for sample code.

Dim dsig As New ChilkatXmlDSig
Dim success As Long
success = dsig.LoadSignature("XML xml signature goes here...")

' A sample SAML signature is shown below..

Dim numSignatures As Long
numSignatures = dsig.NumSignatures
Dim i As Long
i = 0
Do While i < numSignatures
    dsig.Selector = i

    Dim bVerifyRefDigests As Long
    bVerifyRefDigests = 0
    Dim bSignatureVerified As Long
    bSignatureVerified = dsig.VerifySignature(bVerifyRefDigests)
    If (bSignatureVerified = 1) Then
        Debug.Print "Signature " & (i + 1) & " verified"
    Else
        Debug.Print "Signature " & (i + 1) & " invalid"
    End If

    ' Check each of the reference digests separately..
    Dim numRefDigests As Long
    numRefDigests = dsig.NumReferences
    Dim j As Long
    j = 0
    Do While j < numRefDigests
        Dim bDigestVerified As Long
        bDigestVerified = dsig.VerifyReferenceDigest(j)
        Debug.Print "reference digest " & (j + 1) & " verified = " & bDigestVerified
        If (bDigestVerified = 0) Then
            Debug.Print "    reference digest fail reason: " & dsig.RefFailReason
        End If

        j = j + 1
    Loop

    i = i + 1
Loop

' --------------------------------------
' Here is a sample SAML XML Signature
' 
' 
' <?xml version="1.0" encoding="UTF-8"?>
' <saml2p:Response xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" ID="abc123" Version="2.0" IssueInstant="2022-04-01T12:34:56Z" Destination="https://sp.example.com/sso">
'   <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://idp.example.com</saml2:Issuer>
'   <saml2p:Status>
'     <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
'   </saml2p:Status>
'   <saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" ID="def456" IssueInstant="2022-04-01T12:34:56Z" Version="2.0">
'     <saml2:Issuer>https://idp.example.com</saml2:Issuer>
'     <saml2:Subject>
'       <saml2:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">user@example.com</saml2:NameID>
'     </saml2:Subject>
'     <saml2:Conditions NotBefore="2022-04-01T12:34:56Z" NotOnOrAfter="2022-04-01T13:34:56Z"/>
'     <saml2:AuthnStatement AuthnInstant="2022-04-01T12:34:56Z">
'       <saml2:AuthnContext>
'         <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</saml2:AuthnContextClassRef>
'       </saml2:AuthnContext>
'     </saml2:AuthnStatement>
'     <!-- Additional assertion content -->
'   </saml2:Assertion>
'   <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
'     <ds:SignedInfo>
'       <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
'       <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
'       <ds:Reference URI="#abc123">
'         <ds:Transforms>
'           <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
'           <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
'         </ds:Transforms>
'         <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
'         <ds:DigestValue>q7Zj1w+...+pCsjw=</ds:DigestValue>
'       </ds:Reference>
'       <!-- Additional references if present -->
'     </ds:SignedInfo>
'     <ds:SignatureValue>
'       NjIzOWE5ZjA2M2M1...NzUwNzUwNzUwNzUwNzU=
'     </ds:SignatureValue>
'     <ds:KeyInfo>
'       <ds:X509Data>
'         <ds:X509Certificate>
'           MIIDgzCCAmugAwIBAg...AgADAA==
'         </ds:X509Certificate>
'       </ds:X509Data>
'     </ds:KeyInfo>
'   </ds:Signature>
' </saml2p:Response>