EldoS | Feel safer!

Software components for data protection, secure storage and transfer

TElSAMLServiceProvider Signing AuthnRequest

Posted: 04/06/2016 13:26:11
by Ben Hunsberger (Standard support level)
Joined: 12/17/2015
Posts: 3


Is there a way to specify the SignatureMethod on a TElSAMLServiceProvider object or a TElSAMLAuthnRequestElement object for signing an AuthnRequest? It seems to default to
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>

regardless of the certificate that I use for signing. Is the SignatureMethod auto-detected in any way?

I'm using SecureBlackbox 14 VCL.
Posted: 04/07/2016 03:37:50
by Vsevolod Ievgiienko (Team)

Thank you for contacting us.

You should follow next steps to change the signature method:

1) handle TElSAMLServiceProvider.OnRequestPrepared that accepts TElSAMLAuthnRequestElement instance as a parameter;
2) cast TElSAMLAuthnRequestElement.Handle to TElSAMLSignatureHandler and handle its TElSAMLSignatureHandler.OnSignerPrepared event that accepts internal TElXMLSigner instance used to produce the signature;
3) set TElXMLSigner.SignatureMethod to desired value: https://www.eldos.com/documentation/sb...ethod.html
Posted: 04/07/2016 15:05:36
by Ben Hunsberger (Standard support level)
Joined: 12/17/2015
Posts: 3

Thanks, this works great. Is there a similar method for setting the DigestMethod?
Posted: 04/08/2016 02:56:23
by Vsevolod Ievgiienko (Team)

Digest method may be adjusted using TElXMLSigner.References[x].Reference.DigestMethod property inside TElSAMLSignatureHandler.OnSignerPrepared event handler.
Posted: 04/08/2016 10:14:07
by Ben Hunsberger (Standard support level)
Joined: 12/17/2015
Posts: 3

Will that value remain set? The OnSignerPrepared event handler is called before a TElXMLReferenceList is created and added to the TElXMLSigner object. The adjusted DigestMethod would be overwritten by the newly created ReferenceList, wouldn't it? This is in function TElSAMLSignatureHandler.Protect.
Posted: 04/11/2016 04:25:58
by Vsevolod Ievgiienko (Team)

You are right. Sorry for pointing into the wrong direction.

We'll improve the code to adjust these properties until the next SecureBlackbox build. Meanwhile you can duplicate OnXMLSignerPrepared event call after references are generated inside TElSAMLSignatureHandler.Protect method.



Topic viewed 2680 times

Number of guests: 1, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS business operates as a division of /n software, inc. For more information, please read the announcement.

Got it!