Click here to Skip to main content
15,867,330 members
Please Sign up or sign in to vote.
0.00/5 (No votes)
See more:
I'm struggling for almost a week to include a SAML-token into a Soap-request via WCF.

I get a Saml-assertion from a third-party security-token-service response which looks like:

XML
<soapenv:Envelope>
 <soapenv:Header/>
 <S:Body>
  <ns4:RequestSecurityTokenResponse>
   <ns4:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1</ns4:TokenType>
   <ns4:RequestedSecurityToken>
    <saml:Assertion>
     <saml:Conditions NotBefore="2014-05-05T15:15:06.787Z" NotOnOrAfter="2014-05-05T16:15:06.787Z"/>
     <saml:AuthenticationStatement AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:X509-PKI">
      <saml:Subject>
       <saml:NameIdentifier>removed</saml:NameIdentifier>
        <saml:SubjectConfirmation>
         <saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:holder-of-key</saml:ConfirmationMethod>
          <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">                                                                       <ds:X509Data>
            <ds:X509Certificate>removed</ds:X509Certificate>                                                                           </ds:X509Data>
          </ds:KeyInfo>
         </saml:SubjectConfirmation>
      </saml:Subject>
     </saml:AuthenticationStatement>
     <saml:AttributeStatement>
      <saml:Subject>                  <saml:NameIdentifier>removed</saml:NameIdentifier>
       <saml:SubjectConfirmation>
        <saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:holder-of-key</saml:ConfirmationMethod>
        <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
         <ds:X509Data>                  <ds:X509Certificate>removed</ds:X509Certificate>
         </ds:X509Data>
        </ds:KeyInfo>
       </saml:SubjectConfirmation>
      </saml:Subject>
       <saml:Attribute ...>
        <saml:AttributeValue>removed</saml:AttributeValue>
       </saml:Attribute>
       <saml:Attribute ...>
        <saml:AttributeValue>removed</saml:AttributeValue>
       </saml:Attribute>
       ...
     </saml:AttributeStatement>
     <dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
      <dsig:SignedInfo>
       <dsig:CanonicalizationMethod />
       <dsig:SignatureMethod />
       <dsig:Reference >
        <dsig:Transforms>
         <dsig:Transform />
         <dsig:Transform />
        </dsig:Transforms>
        <dsig:DigestMethod />
        <dsig:DigestValue>removed</dsig:DigestValue>
       </dsig:Reference>
      </dsig:SignedInfo>
      <dsig:SignatureValue>removed</dsig:SignatureValue>
     </dsig:Signature>
    </saml:Assertion>
   </ns4:RequestedSecurityToken>
   <ns4:Lifetime>
    <ns2:Created>2014-05-05T15:15:06.787Z</ns2:Created>
    <ns2:Expires>2014-05-05T16:15:06.787Z</ns2:Expires>
   </ns4:Lifetime>
  </ns4:RequestSecurityTokenResponse>
</S:Body>
</soapenv:Envelope>


In order to consume the other services from that third party I need to include the full SAML-assertion tag into my request, my request should look like:

XML
<soapenv:Envelope xmlns:S="S" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
 <soapenv:Header>
  <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
    <saml:Assertion>
     <saml:Conditions NotBefore="2014-05-05T15:15:06.787Z" NotOnOrAfter="2014-05-05T16:15:06.787Z"/>
     <saml:AuthenticationStatement AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:X509-PKI">
      <saml:Subject>
       <saml:NameIdentifier>removed</saml:NameIdentifier>
        <saml:SubjectConfirmation>
         <saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:holder-of-key</saml:ConfirmationMethod>
          <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">                                     <ds:X509Data> <ds:X509Certificate>removed</ds:X509Certificate>                                          </ds:X509Data>
          </ds:KeyInfo>
         </saml:SubjectConfirmation>
      </saml:Subject>
     </saml:AuthenticationStatement>
     <saml:AttributeStatement>
      <saml:Subject>
       <saml:NameIdentifier>removed</saml:NameIdentifier>
       <saml:SubjectConfirmation>
        <saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:holder-of-key</saml:ConfirmationMethod>
        <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
         <ds:X509Data>
          <ds:X509Certificate>removed</ds:X509Certificate>
         </ds:X509Data>
        </ds:KeyInfo>
       </saml:SubjectConfirmation>
      </saml:Subject>
       <saml:Attribute ...>
        <saml:AttributeValue>removed</saml:AttributeValue>
       </saml:Attribute>
       <saml:Attribute ...>
        <saml:AttributeValue>removed</saml:AttributeValue>
       </saml:Attribute>
       ...
     </saml:AttributeStatement>
     <dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
      <dsig:SignedInfo>
       <dsig:CanonicalizationMethod />
       <dsig:SignatureMethod />
       <dsig:Reference >
        <dsig:Transforms>
         <dsig:Transform />
         <dsig:Transform />
        </dsig:Transforms>
        <dsig:DigestMethod />
        <dsig:DigestValue>removed</dsig:DigestValue>
       </dsig:Reference>
      </dsig:SignedInfo>
      <dsig:SignatureValue>removed</dsig:SignatureValue>
     </dsig:Signature>
    </saml:Assertion>
    ... some other signatures ...
    ... timestamp ...
 </soapenv:Header>
 <soapenv:Body>
   ... the body ...
 </soapenv:Body>
</soapenv:Envelope>


Does anyone have any idea how to achieve this?

Regards,
Kevin
Posted
Comments
DeFille 19-Sep-14 8:33am    
Hi Kevin,

We are facing the exact same problems as you did. Did you already come up with a solution?

Thx,
Filip
Steven Cool 12-Aug-15 9:02am    
Exact the same problem here. Do you already have a solution for this?

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900