Problems reading authenticating a SAML assertion in .Net using WSSecurityTokenSerializer

Question

I have a SAML assertion that I wish to authenticate in .Net using WSSecurityTokenSerializer.

I\'ve got the key-chain and SAML XML, despite a few issues.

Answer 1

It looks like you are receiving a SAML2 response. Although there is support for SAML2 in .NET 4.5, there is unfortunately only support for the assertions - not the protocol itself (including the Response message).

To process the SAML2 response in .NET you have to:

1. Validate the signature on the entire response message.
2. Extract the assertion part of the message.
3. Read the token with Saml2SecurityTokenHandler.ReadToken().
4. Validate the token with Saml2SecurityTokenHandler.DetectReplayedToken().
5. Validate the token with Saml2SecurityTokenHandler.ValidateConditions()
6. Use Saml2SecurityTokenHandler.CreateClaims() to create a claims identity.

Unfortunately most of those methods are protected, but you can subclass Saml2SecurityTokenHandler and get access to them.

A complete working example can be found in the Saml2Response class in the Sustainsys.Saml2 project.