EDN Admin
Well-known member
why can SAML2 produce a SAML where it use the prefix "SAML:" Like in this exemple:
<?xml version="1.0" encoding="utf-8"?><br/>
<saml:Assertion ID="_51bc8a37-0b6d-4e13-81e9-e1778a9b4dd3" IssueInstant="2012-10-10T19:32:07.526Z" Version="2.0" xmlns="urnasis:names:tc:SAML:2.0:assertion <br/>
<saml:Issuer>someidentifier</Issuer><br/>
<ds:Signature xmlns:ds=" http://www.w3.org/2000/09/xmldsig http://www.w3.org/2000/09/xmldsig # <br/>
<ds:SignedInfo><br/>
<ds:CanonicalizationMethod Algorithm=" http://www.w3.org/2001/10/xml-exc-c14n http://www.w3.org/2001/10/xml-exc-c14n #" /><br/>
<ds:SignatureMethod Algorithm=" http://www.w3.org/2000/09/xmldsig#rsa-sha1 http://www.w3.org/2000/09/xmldsig#rsa-sha1 " /><br/>
<ds:Reference URI="#_51bc8a37-0b6d-4e13-81e9-e1778a9b4dd3 <br/>
<ds:Transforms><br/>
<ds:Transform Algorithm=" http://www.w3.org/2000/09/xmldsig#enveloped-signature http://www.w3.org/2000/09/xmldsig#enveloped-signature " /><br/>
<ds:Transform Algorithm=" http://www.w3.org/2001/10/xml-exc-c14n http://www.w3.org/2001/10/xml-exc-c14n #" /><br/>
</ds:Transforms><br/>
<dsigestMethod Algorithm=" http://www.w3.org/2000/09/xmldsig#sha1 http://www.w3.org/2000/09/xmldsig#sha1 " /><br/>
<dsigestValue>N3UrIhpT+EXn+CeMiaq98v4n6vWw=</dsigestValue><br/>
</ds:Reference><br/>
</ds:SignedInfo><br/>
<ds:SignatureValue>ACDCBN55g2FTo82jWjfN67BQB7XyC1UxUIqr6iAGfu85O2P7WCkqDxPhsaveOOVkNgz1r4KkSEAdFdv5sh4xCumooUVAiQXYFMgGz6QSNjdsxUurrmetyrDLQOtU2phuAykY9bF4kNYuYBgvDygCq6gbv8DR+M83WbKFMHRy7nYkrHZg0DJw56aiHnZvZQr/VyIsSvxGU7ra9ED4Tbe26oWte8ysb71yAZKqcEzzFKZU1BmMoApwJU3DLVqHo5r335ayPYxcsvm3LJ3vIDx+ql3tEKFSlt2OLBYSMlhCGYbyxMwAmzWzgv53zx1DiXrBxsSFzrbqk7y4PNx2eE0NciA==</ds:SignatureValue><br/>
<KeyInfo xmlns=" http://www.w3.org/2000/09/xmldsig http://www.w3.org/2000/09/xmldsig # <br/>
<o:SecurityTokenReference xmlns=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd <br/>
<o:KeyIdentifier ValueType=" http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1 kdkT3iOnlm4C8J3oa4/KPHOyqngc=</o:KeyIdentifier http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1 kdkT3iOnlm4C8J3oa4/KPHOyqngc=</o:KeyIdentifier ><br/>
</o:SecurityTokenReference><br/>
</KeyInfo><br/>
</ds:Signature><br/>
<saml:Subject><br/>
<saml:NameID Format="urnasis:names:tc:SAML:2.0:attrname-format:unspecified 12345</saml:NameID><br/>
<saml:SubjectConfirmation Method="urnasis:names:tc:SAML:2.0:cm:bearer <br/>
</saml:SubjectConfirmation><br/>
</saml:Subject><br/>
<saml:Conditions NotBefore="2012-10-10T19:31:37.526Z" NotOnOrAfter="2012-10-10T19:32:37.526Z <br/>
</saml:Conditions><br/>
<saml:AttributeStatement><br/>
<saml:Attribute Name="userud <br/>
<saml:AttributeValue>999999</saml:AttributeValue><br/>
</saml:Attribute><br/>
</saml:AttributeStatement><br/>
</saml:Assertion>
but all I can produce is (wheres the "SAML" prefix?):
<br/>
<?xml version="1.0" encoding="utf-8"?><br/>
<Assertion ID="_51bc8a37-0b6d-4e13-81e9-e1778a9b4dd3" IssueInstant="2012-10-10T19:32:07.526Z" Version="2.0" xmlns="urnasis:names:tc:2.0:assertion <br/>
<Issuer>someidentifier</Issuer><br/>
<ds:Signature xmlns:ds=" http://www.w3.org/2000/09/xmldsig http://www.w3.org/2000/09/xmldsig # <br/>
<ds:SignedInfo><br/>
<ds:CanonicalizationMethod Algorithm=" http://www.w3.org/2001/10/xml-exc-c14n http://www.w3.org/2001/10/xml-exc-c14n #" /><br/>
<ds:SignatureMethod Algorithm=" http://www.w3.org/2000/09/xmldsig#rsa-sha1 http://www.w3.org/2000/09/xmldsig#rsa-sha1 " /><br/>
<ds:Reference URI="#_51bc8a37-0b6d-4e13-81e9-e1778a9b4dd3 <br/>
<ds:Transforms><br/>
<ds:Transform Algorithm=" http://www.w3.org/2000/09/xmldsig#enveloped-signature http://www.w3.org/2000/09/xmldsig#enveloped-signature " /><br/>
<ds:Transform Algorithm=" http://www.w3.org/2001/10/xml-exc-c14n http://www.w3.org/2001/10/xml-exc-c14n #" /><br/>
</ds:Transforms><br/>
<dsigestMethod Algorithm=" http://www.w3.org/2000/09/xmldsig#sha1 http://www.w3.org/2000/09/xmldsig#sha1 " /><br/>
<dsigestValue>N3UrIhpT+EXn+CeMiaq98v4n6vWw=</dsigestValue><br/>
</ds:Reference><br/>
</ds:SignedInfo><br/>
<ds:SignatureValue>ACDCBN55g2FTo82jWjfN67BQB7XyC1UxUIqr6iAGfu85O2P7WCkqDxPhsaveOOVkNgz1r4KkSEAdFdv5sh4xCumooUVAiQXYFMgGz6QSNjdsxUurrmetyrDLQOtU2phuAykY9bF4kNYuYBgvDygCq6gbv8DR+M83WbKFMHRy7nYkrHZg0DJw56aiHnZvZQr/VyIsSvxGU7ra9ED4Tbe26oWte8ysb71yAZKqcEzzFKZU1BmMoApwJU3DLVqHo5r335ayPYxcsvm3LJ3vIDx+ql3tEKFSlt2OLBYSMlhCGYbyxMwAmzWzgv53zx1DiXrBxsSFzrbqk7y4PNx2eE0NciA==</ds:SignatureValue><br/>
<KeyInfo xmlns=" http://www.w3.org/2000/09/xmldsig http://www.w3.org/2000/09/xmldsig # <br/>
<o:SecurityTokenReference xmlns=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd <br/>
<o:KeyIdentifier ValueType=" http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1 kdkT3iOnlm4C8J3o4/KPHOyqngc=</o:KeyIdentifier http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1 kdkT3iOnlm4C8J3o4/KPHOyqngc=</o:KeyIdentifier ><br/>
</o:SecurityTokenReference><br/>
</KeyInfo><br/>
</ds:Signature><br/>
<Subject><br/>
<NameID Format="urnasis:names:tc:2.0:attrname-format:unspecified 12345</NameID><br/>
<SubjectConfirmation Method="urnasis:names:tc:2.0:cm:bearer <br/>
</SubjectConfirmation><br/>
</Subject><br/>
<Conditions NotBefore="2012-10-10T19:31:37.526Z" NotOnOrAfter="2012-10-10T19:32:37.526Z <br/>
</Conditions><br/>
<AttributeStatement><br/>
<Attribute Name="userud <br/>
<AttributeValue>999999</AttributeValue><br/>
</Attribute><br/>
</AttributeStatement><br/>
</Assertion>
Here is my code:
<br/>
<br/>
Saml2NameIdentifier assertionNameIdentifier = new Saml2NameIdentifier("someidentifier");
<br/>
Saml2Assertion assertion = new Saml2Assertion(assertionNameIdentifier);
<br/>
assertion.Id = new Saml2Id(SamlAssertionID);<br/>
assertion.IssueInstant = dtIssueInstant;<br/>
assertion.Conditions = new Saml2Conditions(); <br/>
assertion.Conditions.NotBefore = dtNotBefore; <br/>
assertion.Conditions.NotOnOrAfter = dtNotOnOrAfter; <br/>
// <br/>
// Create some SAML subject. <br/>
assertion.Subject = new Saml2Subject();<br/>
assertion.Subject.NameId = new Saml2NameIdentifier("12345"); <br/>
assertion.Subject.NameId.Format = new Uri("urnasis:names:tc:SAML:2.0:attrname-format:unspecified");
<br/>
<br/>
// <br/>
// Now create the SAML statement containing one attribute and one subject.
<br/>
Saml2AttributeStatement samlAttributeStatement = new Saml2AttributeStatement();<br/>
<br/>
// <br/>
// Create one SAML attribute with few values. <br/>
Saml2Attribute attr = null;<br/>
<br/>
attr = new Saml2Attribute("userid"); <br/>
attr.FriendlyName = "userid"; <br/>
attr.Values.Add("999999"); <br/>
samlAttributeStatement.Attributes.Add(attr); <br/>
<br/>
// Append the statement to the SAML assertion. <br/>
assertion.Statements.Add(samlAttributeStatement);<br/>
<br/>
<br/>
/**************************************************************<br/>
* END createSamlAssertion()<br/>
**************************************************************/<br/>
<br/>
// <br/>
// Signing credentials are consisted <br/>
// of private key in the certificate (see above), <br/>
// the signature algorithm, security algortihm and key identifier.
<br/>
assertion.SigningCredentials = <br/>
new SigningCredentials(signingKey, SecurityAlgorithms.RsaSha1Signature,<br/>
SecurityAlgorithms.Sha1Digest,<br/>
new SecurityKeyIdentifier(new X509ThumbprintKeyIdentifierClause(SigningCert)));<br/>
<br/>
<br/>
<br/>
// Finally create the SamlSecurityToken from the assertion <br/>
Saml2SecurityToken samlToken = new Saml2SecurityToken(assertion);<br/>
<br/>
<br/>
var tokenhandler = new Microsoft.IdentityModel.Tokens.Saml2.Saml2SecurityTokenHandler();<br/>
<br/>
var settings = new XmlWriterSettings();<br/>
settings.Indent = false;<br/>
settings.Encoding = Encoding.UTF8; <br/>
<br/>
using (var xWriter = XmlWriter.Create(@"c:saml2.xml", settings))<br/>
{<br/>
<br/>
Debug.WriteLine(xWriter.LookupPrefix("urnasis:names:tc:SAML:2.0:assertion"));<br/>
tokenhandler.WriteToken(xWriter, samlToken);<br/>
xWriter.Flush();<br/>
xWriter.Close();<br/>
}
View the full article
<?xml version="1.0" encoding="utf-8"?><br/>
<saml:Assertion ID="_51bc8a37-0b6d-4e13-81e9-e1778a9b4dd3" IssueInstant="2012-10-10T19:32:07.526Z" Version="2.0" xmlns="urnasis:names:tc:SAML:2.0:assertion <br/>
<saml:Issuer>someidentifier</Issuer><br/>
<ds:Signature xmlns:ds=" http://www.w3.org/2000/09/xmldsig http://www.w3.org/2000/09/xmldsig # <br/>
<ds:SignedInfo><br/>
<ds:CanonicalizationMethod Algorithm=" http://www.w3.org/2001/10/xml-exc-c14n http://www.w3.org/2001/10/xml-exc-c14n #" /><br/>
<ds:SignatureMethod Algorithm=" http://www.w3.org/2000/09/xmldsig#rsa-sha1 http://www.w3.org/2000/09/xmldsig#rsa-sha1 " /><br/>
<ds:Reference URI="#_51bc8a37-0b6d-4e13-81e9-e1778a9b4dd3 <br/>
<ds:Transforms><br/>
<ds:Transform Algorithm=" http://www.w3.org/2000/09/xmldsig#enveloped-signature http://www.w3.org/2000/09/xmldsig#enveloped-signature " /><br/>
<ds:Transform Algorithm=" http://www.w3.org/2001/10/xml-exc-c14n http://www.w3.org/2001/10/xml-exc-c14n #" /><br/>
</ds:Transforms><br/>
<dsigestMethod Algorithm=" http://www.w3.org/2000/09/xmldsig#sha1 http://www.w3.org/2000/09/xmldsig#sha1 " /><br/>
<dsigestValue>N3UrIhpT+EXn+CeMiaq98v4n6vWw=</dsigestValue><br/>
</ds:Reference><br/>
</ds:SignedInfo><br/>
<ds:SignatureValue>ACDCBN55g2FTo82jWjfN67BQB7XyC1UxUIqr6iAGfu85O2P7WCkqDxPhsaveOOVkNgz1r4KkSEAdFdv5sh4xCumooUVAiQXYFMgGz6QSNjdsxUurrmetyrDLQOtU2phuAykY9bF4kNYuYBgvDygCq6gbv8DR+M83WbKFMHRy7nYkrHZg0DJw56aiHnZvZQr/VyIsSvxGU7ra9ED4Tbe26oWte8ysb71yAZKqcEzzFKZU1BmMoApwJU3DLVqHo5r335ayPYxcsvm3LJ3vIDx+ql3tEKFSlt2OLBYSMlhCGYbyxMwAmzWzgv53zx1DiXrBxsSFzrbqk7y4PNx2eE0NciA==</ds:SignatureValue><br/>
<KeyInfo xmlns=" http://www.w3.org/2000/09/xmldsig http://www.w3.org/2000/09/xmldsig # <br/>
<o:SecurityTokenReference xmlns=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd <br/>
<o:KeyIdentifier ValueType=" http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1 kdkT3iOnlm4C8J3oa4/KPHOyqngc=</o:KeyIdentifier http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1 kdkT3iOnlm4C8J3oa4/KPHOyqngc=</o:KeyIdentifier ><br/>
</o:SecurityTokenReference><br/>
</KeyInfo><br/>
</ds:Signature><br/>
<saml:Subject><br/>
<saml:NameID Format="urnasis:names:tc:SAML:2.0:attrname-format:unspecified 12345</saml:NameID><br/>
<saml:SubjectConfirmation Method="urnasis:names:tc:SAML:2.0:cm:bearer <br/>
</saml:SubjectConfirmation><br/>
</saml:Subject><br/>
<saml:Conditions NotBefore="2012-10-10T19:31:37.526Z" NotOnOrAfter="2012-10-10T19:32:37.526Z <br/>
</saml:Conditions><br/>
<saml:AttributeStatement><br/>
<saml:Attribute Name="userud <br/>
<saml:AttributeValue>999999</saml:AttributeValue><br/>
</saml:Attribute><br/>
</saml:AttributeStatement><br/>
</saml:Assertion>
but all I can produce is (wheres the "SAML" prefix?):
<br/>
<?xml version="1.0" encoding="utf-8"?><br/>
<Assertion ID="_51bc8a37-0b6d-4e13-81e9-e1778a9b4dd3" IssueInstant="2012-10-10T19:32:07.526Z" Version="2.0" xmlns="urnasis:names:tc:2.0:assertion <br/>
<Issuer>someidentifier</Issuer><br/>
<ds:Signature xmlns:ds=" http://www.w3.org/2000/09/xmldsig http://www.w3.org/2000/09/xmldsig # <br/>
<ds:SignedInfo><br/>
<ds:CanonicalizationMethod Algorithm=" http://www.w3.org/2001/10/xml-exc-c14n http://www.w3.org/2001/10/xml-exc-c14n #" /><br/>
<ds:SignatureMethod Algorithm=" http://www.w3.org/2000/09/xmldsig#rsa-sha1 http://www.w3.org/2000/09/xmldsig#rsa-sha1 " /><br/>
<ds:Reference URI="#_51bc8a37-0b6d-4e13-81e9-e1778a9b4dd3 <br/>
<ds:Transforms><br/>
<ds:Transform Algorithm=" http://www.w3.org/2000/09/xmldsig#enveloped-signature http://www.w3.org/2000/09/xmldsig#enveloped-signature " /><br/>
<ds:Transform Algorithm=" http://www.w3.org/2001/10/xml-exc-c14n http://www.w3.org/2001/10/xml-exc-c14n #" /><br/>
</ds:Transforms><br/>
<dsigestMethod Algorithm=" http://www.w3.org/2000/09/xmldsig#sha1 http://www.w3.org/2000/09/xmldsig#sha1 " /><br/>
<dsigestValue>N3UrIhpT+EXn+CeMiaq98v4n6vWw=</dsigestValue><br/>
</ds:Reference><br/>
</ds:SignedInfo><br/>
<ds:SignatureValue>ACDCBN55g2FTo82jWjfN67BQB7XyC1UxUIqr6iAGfu85O2P7WCkqDxPhsaveOOVkNgz1r4KkSEAdFdv5sh4xCumooUVAiQXYFMgGz6QSNjdsxUurrmetyrDLQOtU2phuAykY9bF4kNYuYBgvDygCq6gbv8DR+M83WbKFMHRy7nYkrHZg0DJw56aiHnZvZQr/VyIsSvxGU7ra9ED4Tbe26oWte8ysb71yAZKqcEzzFKZU1BmMoApwJU3DLVqHo5r335ayPYxcsvm3LJ3vIDx+ql3tEKFSlt2OLBYSMlhCGYbyxMwAmzWzgv53zx1DiXrBxsSFzrbqk7y4PNx2eE0NciA==</ds:SignatureValue><br/>
<KeyInfo xmlns=" http://www.w3.org/2000/09/xmldsig http://www.w3.org/2000/09/xmldsig # <br/>
<o:SecurityTokenReference xmlns=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd <br/>
<o:KeyIdentifier ValueType=" http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1 kdkT3iOnlm4C8J3o4/KPHOyqngc=</o:KeyIdentifier http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1 kdkT3iOnlm4C8J3o4/KPHOyqngc=</o:KeyIdentifier ><br/>
</o:SecurityTokenReference><br/>
</KeyInfo><br/>
</ds:Signature><br/>
<Subject><br/>
<NameID Format="urnasis:names:tc:2.0:attrname-format:unspecified 12345</NameID><br/>
<SubjectConfirmation Method="urnasis:names:tc:2.0:cm:bearer <br/>
</SubjectConfirmation><br/>
</Subject><br/>
<Conditions NotBefore="2012-10-10T19:31:37.526Z" NotOnOrAfter="2012-10-10T19:32:37.526Z <br/>
</Conditions><br/>
<AttributeStatement><br/>
<Attribute Name="userud <br/>
<AttributeValue>999999</AttributeValue><br/>
</Attribute><br/>
</AttributeStatement><br/>
</Assertion>
Here is my code:
<br/>
<br/>
Saml2NameIdentifier assertionNameIdentifier = new Saml2NameIdentifier("someidentifier");
<br/>
Saml2Assertion assertion = new Saml2Assertion(assertionNameIdentifier);
<br/>
assertion.Id = new Saml2Id(SamlAssertionID);<br/>
assertion.IssueInstant = dtIssueInstant;<br/>
assertion.Conditions = new Saml2Conditions(); <br/>
assertion.Conditions.NotBefore = dtNotBefore; <br/>
assertion.Conditions.NotOnOrAfter = dtNotOnOrAfter; <br/>
// <br/>
// Create some SAML subject. <br/>
assertion.Subject = new Saml2Subject();<br/>
assertion.Subject.NameId = new Saml2NameIdentifier("12345"); <br/>
assertion.Subject.NameId.Format = new Uri("urnasis:names:tc:SAML:2.0:attrname-format:unspecified");
<br/>
<br/>
// <br/>
// Now create the SAML statement containing one attribute and one subject.
<br/>
Saml2AttributeStatement samlAttributeStatement = new Saml2AttributeStatement();<br/>
<br/>
// <br/>
// Create one SAML attribute with few values. <br/>
Saml2Attribute attr = null;<br/>
<br/>
attr = new Saml2Attribute("userid"); <br/>
attr.FriendlyName = "userid"; <br/>
attr.Values.Add("999999"); <br/>
samlAttributeStatement.Attributes.Add(attr); <br/>
<br/>
// Append the statement to the SAML assertion. <br/>
assertion.Statements.Add(samlAttributeStatement);<br/>
<br/>
<br/>
/**************************************************************<br/>
* END createSamlAssertion()<br/>
**************************************************************/<br/>
<br/>
// <br/>
// Signing credentials are consisted <br/>
// of private key in the certificate (see above), <br/>
// the signature algorithm, security algortihm and key identifier.
<br/>
assertion.SigningCredentials = <br/>
new SigningCredentials(signingKey, SecurityAlgorithms.RsaSha1Signature,<br/>
SecurityAlgorithms.Sha1Digest,<br/>
new SecurityKeyIdentifier(new X509ThumbprintKeyIdentifierClause(SigningCert)));<br/>
<br/>
<br/>
<br/>
// Finally create the SamlSecurityToken from the assertion <br/>
Saml2SecurityToken samlToken = new Saml2SecurityToken(assertion);<br/>
<br/>
<br/>
var tokenhandler = new Microsoft.IdentityModel.Tokens.Saml2.Saml2SecurityTokenHandler();<br/>
<br/>
var settings = new XmlWriterSettings();<br/>
settings.Indent = false;<br/>
settings.Encoding = Encoding.UTF8; <br/>
<br/>
using (var xWriter = XmlWriter.Create(@"c:saml2.xml", settings))<br/>
{<br/>
<br/>
Debug.WriteLine(xWriter.LookupPrefix("urnasis:names:tc:SAML:2.0:assertion"));<br/>
tokenhandler.WriteToken(xWriter, samlToken);<br/>
xWriter.Flush();<br/>
xWriter.Close();<br/>
}
View the full article