StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

POSAML Signature verification failed
primarykey
Id
19464358
data
AcceptedAnswerId
21201901
AnswerCount
2
ClosedDate
CommentCount
3
CommunityOwnedDate
CreationDate
2013-10-19T09:09:01.207
FavoriteCount
1
LastActivityDate
2015-06-01T17:30:19.360
LastEditDate
2013-10-19T16:15:16.593
LastEditorUserId
72644
OwnerUserId
72644
ParentId
0
PostTypeId
1
Score
2
ViewCount
9044
LastEditorDisplayName
text
Body
Our IdP is a Salesforce.com org. The SP is a third party .Net application. During development, the 3rd party reported that they're unable to validate the SAML response sent. We decided to try validating on our end using <a href="http://www.componentspace.com/products/samlv20.aspx" rel="nofollow">ComponentSpace</a> to validate the SAML response. Below is what we tried: <pre><code>// Load the certificate from the file: certInFile // Load the SAML in an XMLElement: samlXml // Retrieve the certificate from the SAML: certInSaml Console.WriteLine("SAML is valid ? " + SAMLResponse.IsValid(samlXml)); Console.WriteLine("Is SAML signed? " + SAMLMessageSignature.IsSigned(samlXml)); Console.WriteLine("Certificate found in SAML is same as certificate file? " + certInFile.Equals(certInSaml)); Console.WriteLine("Validated SAML with certificate found in SAML" + SAMLMessageSignature.Verify(samlXml, certInSaml)); Console.WriteLine("Validated SAML with certificate file" + SAMLMessageSignature.Verify(samlXml, certInFile)); </code></pre> I'm getting true for everything above, except the last two. So: <ol> <li>The SAML is valid</li> <li>The SAML has a valid signature</li> <li>The public key certificate in the SAML is the same as the certificate file we have</li> <li>The SAML is signed with the private key of neither the certificate file nor the public key sent in the SAML</li> </ol> From 3,4 can we conclude that Salesforce is signing but with a different certificate but sending the wrong public key in the response?! Edit: Sample SAML is here <a href="http://pastebin.com/J8FTxnhJ" rel="nofollow">http://pastebin.com/J8FTxnhJ</a> What am I missing?
Tags
<salesforce><x509certificate><saml-2.0><component-space>
Title
SAML Signature verification failed
singulars
PostAcceptedAnswerId
1. This table or related slice is empty.
PostParentId
1. This table or related slice is empty.
PostTypePostTypeId
1. PTQuestion
UserLastEditorUserId
1. USVid L
UserOwnerUserId
1. USVid L
plurals
PostLinksPostIdRelatedPostId
1. This table or related slice is empty.
PostLinksRelatedPostIdPostId
1. This table or related slice is empty.
PostsAcceptedAnswerId
1. This table or related slice is empty.
PostsParentIdCreationDate
1. This table or related slice is empty.
VotesPostIdCreationDate
1. This table or related slice is empty.
CommentsPostId
1. COCan you paste the full SAML message somewhere?
 singulars
 PostPostId
 POSAML Signature verification failed
 UserUserId
 USStefan Rasmusson
2. CO@Stefan http://pastebin.com/J8FTxnhJ
 singulars
 PostPostId
 POSAML Signature verification failed
 UserUserId
 USVid L

Querying!

Guidance

A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.