I am trying to sign my HTTP-Redirect binding AuthenRequest so I can send it to the Idp. What is the logic behind signing the request? Do I sign it using my x509 and a private key? Do I sign it using my private key and Idp's x509 cert? Also, the Idp requires the signature query parameter. Do I simply extract the signature value from the request after I sign it?
I am developing in c# .net
Thanks
The best and easiest solution to get the proper Signature value in HTTP-Redirect post is to use a 3rd party library for c# called ComponentPro. Below is what I used to get it to work:
NameValueCollection queryString = RedirectUtil.CreateQueryString("SAMLRequest", authnRequest.GetXml(), relayState, key, signatureAlgorithm);
The key is the private key.