I have been trying to create and sign an AuthnRequest with ITfoxtec on .NET 6. The creation of the AuthnRequest works fine but the signing does not. I am able to pass the cert with the public and private key as described below. But the actual AuthnRequest XML that I got back does not contain a signature. Anything I am missing?
SamlConfig = new Saml2Configuration
{
Issuer = "<my-issuer>",
SigningCertificate = cert,
AuthnResponseSignType = Saml2AuthnResponseSignTypes.SignAssertionAndResponse,
SignatureAlgorithm = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256",
SignAuthnRequest = true
};
var authnRequest = new Saml2AuthnRequest(SamlConfig);
authnRequest.ProtocolBinding = new Uri("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST");
authnRequest.AssertionConsumerServiceIndex = 0;
authnRequest.RequestedAuthnContext = new RequestedAuthnContext
{
AuthnContextClassRef = new string[] { "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport" },
Comparison = AuthnContextComparisonTypes.Minimum
};
authnRequest.Validate();
return authnRequest.ToXml();
The XML is signed if you use a POST binding. But if you use redirect binding the signature is added as a URL parameter.
---- EDITED ----
The samples (e.g. TestWebAppCore) default use redirect binding on the authn request. It can be changed to post binding like this:
var binding = new Saml2PostBinding();
binding.SetRelayStateQuery(new Dictionary<string, string> { { relayStateReturnUrl, returnUrl ?? Url.Content("~/") } });
return binding.Bind(new Saml2AuthnRequest(config)
{
Subject = new Subject { NameID = new NameID { ID = "abcd" } },
NameIdPolicy = new NameIdPolicy { AllowCreate = true, Format = "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" },
}).ToActionResult();