Creating of SAML token

re: Creating of SAML token

Danila Polevshikov — Wed, 27 Feb 2013 08:37:25 GMT

I got expection while validating manually created SAML token:

The Saml2SecurityToken cannot be validated because the IssuerToken property is not set. Unsigned SAML2:Assertions cannot be validated.

Reason was that new SamlSecurityToken(assertion) is not sign token, and i have to use Saml2SecurityToken(Saml2Assertion assertion, ReadOnlyCollection<SecurityKey> keys, SecurityToken issuerToken) instead.

re: Creating of SAML token

Dharma — Wed, 14 Oct 2009 11:20:45 GMT

Hi,

I tried implementing the above example (second example) it is giving an inner exception "The private key is not present in the X.509 certificate." and more over in the statement SamlAssertion assertion = createSamlAssertion(); are you calling the same method?? Also there is no return statement in the method. PLease explain me how to implement your code.

re: Creating of SAML token

Dharma — Tue, 13 Oct 2009 10:38:11 GMT

Hi,

After implementing your code i'm getting the following exception. WHat could be the problem?

System.Xml.XmlException was unhandled by user code

Message="There was an error serializing the security token. Please see the inner exception for more details."

Source="System.ServiceModel"

LineNumber=0

LinePosition=0

StackTrace:

at System.ServiceModel.Security.WSSecurityTokenSerializer.WriteTokenCore(XmlWriter writer, SecurityToken token)

at System.IdentityModel.Selectors.SecurityTokenSerializer.WriteToken(XmlWriter writer, SecurityToken token)

at SAMLPerfMan.login.createSamlAssertion() in C:\Documents and Settings\DJNA\My Documents\Visual Studio 2008\Projects\SAMLPerfMan\SAMLPerfMan\login.aspx.cs:line 88

at SAMLPerfMan.login.Page_Load(Object sender, EventArgs e) in C:\Documents and Settings\DJNA\My Documents\Visual Studio 2008\Projects\SAMLPerfMan\SAMLPerfMan\login.aspx.cs:line 26

at System.Web.Util.CalliHelper.EventArgFunctionCaller(IntPtr fp, Object o, Object t, EventArgs e)

at System.Web.Util.CalliEventHandlerDelegateProxy.Callback(Object sender, EventArgs e)

at System.Web.UI.Control.OnLoad(EventArgs e)

at System.Web.UI.Control.LoadRecursive()

at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)

InnerException: System.InvalidOperationException

Message="The SamlAssertion could not be serialized to XML. Please see inner exception for details."

Source="System.IdentityModel"

StackTrace:

at System.IdentityModel.Tokens.SamlAssertion.WriteXml(XmlDictionaryWriter writer, SamlSerializer samlSerializer, SecurityTokenSerializer keyInfoSerializer)

at System.IdentityModel.Tokens.SamlAssertion.WriteTo(XmlWriter writer, SamlSerializer samlSerializer, SecurityTokenSerializer keyInfoSerializer)

at System.IdentityModel.Tokens.SamlSerializer.WriteToken(SamlSecurityToken token, XmlWriter writer, SecurityTokenSerializer keyInfoSerializer)

at System.ServiceModel.Security.WSSecurityJan2004.SamlTokenEntry.WriteTokenCore(XmlDictionaryWriter writer, SecurityToken token)

at System.ServiceModel.Security.WSSecurityTokenSerializer.WriteTokenCore(XmlWriter writer, SecurityToken token)

InnerException: System.NotSupportedException

Message="The private key is not present in the X.509 certificate."

Source="System.IdentityModel"

StackTrace:

at System.IdentityModel.Tokens.X509AsymmetricSecurityKey.GetSignatureFormatter(String algorithm)

at System.IdentityModel.SignedXml.ComputeSignature(SecurityKey signingKey)

at System.IdentityModel.Tokens.SamlAssertion.System.IdentityModel.ICanonicalWriterEndRootElementCallback.OnEndOfRootElement(XmlDictionaryWriter dictionaryWriter)

at System.IdentityModel.SamlDelegatingWriter.OnEndOfRootElement()

at System.IdentityModel.SamlDelegatingWriter.WriteEndElement()

at System.IdentityModel.Tokens.SamlAssertion.WriteXml(XmlDictionaryWriter writer, SamlSerializer samlSerializer, SecurityTokenSerializer keyInfoSerializer)

InnerException:

re: Creating of SAML token

steven — Fri, 14 Aug 2009 03:21:41 GMT

could you give me the library of your code?

how can I use it ?

sli@ttg.cc

re: Creating of SAML token

tak — Thu, 18 Jun 2009 10:51:32 GMT

Where can I find library for this code please?

re: Creating of SAML token

fan — Fri, 22 May 2009 03:17:22 GMT

hi, when i debuy it, it stopped at "ser.WriteToken(xWriter, samlToken); ", throw out a exception"SamlAssertion can't be serialized". why?

re: Creating of SAML token

fan — Wed, 20 May 2009 13:00:45 GMT

hi, in your code the "CertificateSearchValue x509FindType", i think should be "x509FindType CertificateSearchValue".

but there is a exception that "The SamlAssertion could not be serialized to XML. Please see inner exception for details." when i debuy it at the code " ser.WriteToken(xWriter, samlToken); ". why? my platform are: vs2005,.net 3.5. I'm hoping for your reply, thank you.

re: Creating of SAML token

Damir Dobric — Mon, 18 May 2009 17:07:37 GMT

Here is one method which retrieves a certificate from the proper store without of using of certificate file:

/// <summary>

/// This helper method retrieves the specified certificate from the TrustePeople store at specified location.

/// </summary>

/// <param name="storeName">The name of the store.</param>

/// <param name="storeLocation">The location of the store.</param>

/// <param name="x509FindType">The find type.</param>

/// <param name="findValue">The value to search.</param>

/// <returns>The target certificate if found. Otherwise null value.</returns>

public static X509Certificate2 GetCertificate(

StoreLocation storeLocation,

StoreName storeName,

CertificateSearchValue x509FindType,

string findValue)

{

X509Store store = new X509Store(storeName, storeLocation);

store.Open(OpenFlags.ReadOnly);

foreach (X509Certificate2 cert in store.Certificates)

{

if (x509FindType == CertificateSearchValue.SearchBySubjectName)

{

if (cert.Subject == findValue)

{

return cert;

}

else if (x509FindType == CertificateSearchValue.SearchByThumbprint)

{

if (String.Compare(cert.Thumbprint.ToString(), findValue.ToString(), true, CultureInfo.InvariantCulture) == 0)

{

return cert;

}

return null;

}

re: Creating of SAML token

fan — Mon, 18 May 2009 03:04:41 GMT

acccording to X509Certificate2 cert = new X509Certificate2("filename.cert"); if i don't export it, where do "filename.cert" store? , and what is the name of the "filename" and its full path?

if i use "makecert.exe -sr LocalMachine -ss My -n CN=localhost -sky exchange -sk -pe" to generate the certi, the cert is stored in "My" storege field, how can i get it? or what's the concrete value of the "filename.cert"? thank you!

re: Creating of SAML token

Damir Dobric — Fri, 15 May 2009 13:38:35 GMT

You cannot export private key by MMC if created this way. But, you don't have to do it at all. new X509AsymmetricSecurityKey(cert) will do it for you.

re: Creating of SAML token

fan — Fri, 15 May 2009 09:32:34 GMT

thank you for your reply. i m sorry to trouble you again. i m a beginner in saml. i generate the certi using your method, but when i export the certi from MMC which says the private key can't be exported. i have tried other ways, for exaple, .snk file, but according your code, only .cert or .cer file be accepted. i' d like to your reply. thanks.

re: Creating of SAML token

Damir Dobric — Thu, 14 May 2009 15:47:22 GMT

It depends how you create self signed certificate. Here is the example how to create self-signed cerificate with exportable private key:

makecert.exe -sr LocalMachine -ss My -n CN=localhost -sky exchange -sk -pe

re: Creating of SAML token

fan — Thu, 14 May 2009 01:42:50 GMT

i think you are bussy. when i run the progrom.

X509AsymmetricSecurityKey signingKey = new X509AsymmetricSecurityKey(cert);

throw out a excepion " can.t find the private key" . and you know the .cert file is genetated by makecert.exe. why?

re: Creating of SAML token

fan — Wed, 13 May 2009 16:09:34 GMT

hi, I.m studing the saml in the IDM interoperation, and have some questions, can you tell me your email?so that i can communicate with you in detail. thank you?

re: Creating of SAML token

fan — Wed, 13 May 2009 03:19:22 GMT

The SAML token makes a sense if it is digitally signed?

Is it nessary?I think it just need encrypted.right ?