Topic
  • 3 replies
  • Latest Post - ‏2013-04-24T18:04:26Z by RolfRander
FF1P_Michael_Harvan
FF1P_Michael_Harvan
2 Posts

Pinned topic Sign action for SAML token

‏2013-04-23T17:09:55Z |

I have a SOAP request with a SAML 1.1 token and I have a requirement to sign the message body, the WS-Security timestamp and a security token reference which refers back to the SAML token.

I can only find a way to create a token reference to an X509 cert using the standard sign actions.

Is there a way to reference the SAML token, or will I need to create a custom transform for that?

  • RolfRander
    RolfRander
    39 Posts

    Re: Sign action for SAML token

    ‏2013-04-24T07:09:26Z  

    In the "sign action" you can select "message type": "selected elements (field-level)". This enables you to create a "document crypto map", which effectively is an XPath-expression selecting those elements the signature should cover.

     

    regards

    rolf rander

     

  • FF1P_Michael_Harvan
    FF1P_Michael_Harvan
    2 Posts

    Re: Sign action for SAML token

    ‏2013-04-24T12:15:41Z  

    In the "sign action" you can select "message type": "selected elements (field-level)". This enables you to create a "document crypto map", which effectively is an XPath-expression selecting those elements the signature should cover.

     

    regards

    rolf rander

     

    I have done that and the signature covers all the correct elements, but I cannot find a way for the sign action to reference the SAML token. The SecurityTokenReference is always to the x509 BinarySecurityToken.

  • RolfRander
    RolfRander
    39 Posts

    Re: Sign action for SAML token

    ‏2013-04-24T18:04:26Z  

    I have done that and the signature covers all the correct elements, but I cannot find a way for the sign action to reference the SAML token. The SecurityTokenReference is always to the x509 BinarySecurityToken.

    can you provide an (abridged) example (without all the base64-coded binary parts...) of the message pre and post signature and some more details of what you have tried?

     

    regards

    rolf rander