Sign SAML Response with or without Assertion Signature?
When signing a SAML Response that also has a signed Assertion, should I:
A) Generate the Response signature without the Assertion signature. Then inject the Assertion signature after both signatures have been generated.
B) Generate the Assertion signature and include it when generating the Response signature.
C) Something else?
Answer
SAML is awful, every time I read answer they are almost correct, here is the correct algorithm distilled:
- SHA1 the canonical version of the Assertion.
- Generate a SignedInfo XML fragment with the SHA1 signature
- Sign the SignedInfo XML fragment, again the canonical form
- Take the SignedInfo, the Signature and the key info and create a Signature XML fragment
- Insert this SignatureXML into the Assertion ( should go right before the saml:subject)
- Now take the assertion(with the signature included) and insert it into the Response
- SHA1 this response
- Generate a SignedInfo XML fragment with the SHA1 signature
- Sign the SignedInfo XML fragment, again the canonical form
- Take the SignedInfo, the Signature and the key info and create a Signature XML fragment
- Insert this SignatureXML into the Response
- Add the XML version info to the response.
Thats it. SAML is completely awful. There are tons of little subtleties that make implementing SAML a nightmare(like calculating the canonical form of a subset of the XML(the assertion), also the XML version of XML documents is not included.
I finished my implementation, I hope never to revisit such pain again.