EldoS | Feel safer!

Software components for data protection, secure storage and transfer

TElSAMLServiceProvider Signing AuthnRequest

Also by EldoS: CallbackRegistry
A component to monitor and control Windows registry access and create virtual registry keys.
Posted: 04/06/2016 13:26:11
by Ben Hunsberger (Standard support level)
Joined: 12/17/2015
Posts: 3


Is there a way to specify the SignatureMethod on a TElSAMLServiceProvider object or a TElSAMLAuthnRequestElement object for signing an AuthnRequest? It seems to default to
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>

regardless of the certificate that I use for signing. Is the SignatureMethod auto-detected in any way?

I'm using SecureBlackbox 14 VCL.
Posted: 04/07/2016 03:37:50
by Vsevolod Ievgiienko (EldoS Corp.)

Thank you for contacting us.

You should follow next steps to change the signature method:

1) handle TElSAMLServiceProvider.OnRequestPrepared that accepts TElSAMLAuthnRequestElement instance as a parameter;
2) cast TElSAMLAuthnRequestElement.Handle to TElSAMLSignatureHandler and handle its TElSAMLSignatureHandler.OnSignerPrepared event that accepts internal TElXMLSigner instance used to produce the signature;
3) set TElXMLSigner.SignatureMethod to desired value: https://www.eldos.com/documentation/sb...ethod.html
Posted: 04/07/2016 15:05:36
by Ben Hunsberger (Standard support level)
Joined: 12/17/2015
Posts: 3

Thanks, this works great. Is there a similar method for setting the DigestMethod?
Posted: 04/08/2016 02:56:23
by Vsevolod Ievgiienko (EldoS Corp.)

Digest method may be adjusted using TElXMLSigner.References[x].Reference.DigestMethod property inside TElSAMLSignatureHandler.OnSignerPrepared event handler.
Posted: 04/08/2016 10:14:07
by Ben Hunsberger (Standard support level)
Joined: 12/17/2015
Posts: 3

Will that value remain set? The OnSignerPrepared event handler is called before a TElXMLReferenceList is created and added to the TElXMLSigner object. The adjusted DigestMethod would be overwritten by the newly created ReferenceList, wouldn't it? This is in function TElSAMLSignatureHandler.Protect.
Posted: 04/11/2016 04:25:58
by Vsevolod Ievgiienko (EldoS Corp.)

You are right. Sorry for pointing into the wrong direction.

We'll improve the code to adjust these properties until the next SecureBlackbox build. Meanwhile you can duplicate OnXMLSignerPrepared event call after references are generated inside TElSAMLSignatureHandler.Protect method.
Also by EldoS: BizCrypto
Components for BizTalk® and SQL Server® Integration Services that let you securely store and transfer information in your business automation solutions.



Topic viewed 1753 times

Number of guests: 1, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!