Forums

Hi Team,

I'm using ComponentSpace SAML 2.0 for .NET 4.0 for my custom IDP to connect different service provider applications. The SAML Response generates with sha256 algorithm since its using .NET 4.0.

But couple of my Service Provider applications accepting Sha1 algorithm, how to send SAML Response with Sha1 algorithm with ComponentSpace SAML 2.0 for .NET 4.0.

Regards,
Vasanth.

Hi Vasanth
In keeping with the industry move to SHA-256, we now default to SHA-256 XML signatures rather than SHA-1.
However, we still support SHA-1.
I'm assuming you're using the configuration-driven SAML high-level API.
In your saml.config, for the specific partner service providers that still require SHA-1, update each <PartnerServiceProvider> as follows.

<PartnerServiceProvider
    Name="xxxx"
    SignatureMethod="http://www.w3.org/2000/09/xmldsig#rsa-sha1"

The default signature method is "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256".

Regards
ComponentSpace Development

Thanks.

Can we use it for Low-Level app also? Please provide me some example.

-Vasanth

The low-level API supports both SHA-1 and SHA-256. It defaults to SHA-256.
Here's how to sign a SAML response using SHA-256.

// Sign the SAML response - SHA-256.
X509Certificate2 x509Certificate = new X509Certificate2("idp.pfx", "password");
SAMLMessageSignature.Generate(xmlElement, x509Certificate.PrivateKey, x509Certificate);

Here's how to signed a SAML response using SHA-1.


Similarly, here's how to sign a SAML assertion using SHA-256.

Here's how to signed a SAML assertion using SHA-1.




Regards
ComponentSpace Development