Hello, We develop an ASP.Net application and we use SAML as our SSO method for our clients who wish to use SSO. One of our clients now wants us to have all of our SP Initiated Responses signed but we have never done this for a customer before. Any help here would be greatly appreciated.
Redacted version of the client SAML.config file below:
<?xml version="1.0"?>
<SAMLConfiguration xmlns="urn:componentspace:SAML:2.0:configuration">
<ServiceProvider Name="WoltersKluwer:OneSumXGRC:customer:Staging"
AssertionConsumerServiceUrl="https:// applicationURL /wkcs/AppA/SAML/SSOLogin.aspx"
SingleLogoutServiceUrl="
https://applicationURL/customer/AppA/SAML/SSOLogout.aspx"
LocalCertificateThumbprint=" xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx "
WantSAMLResponseSigned="true"
WantAssertionSigned="true"
/>
<!-- ADFS -->
<PartnerIdentityProviders>
<PartnerIdentityProvider Name="
https://abc-defg.hj.client.net"
WantAssertionSigned="true"
WantSAMLResponseSigned ="true"
PartnerCertificateThumbprint="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
SingleSignOnServiceUrl="https://
https://abc-defg.hj.client.net /idp/SSO.saml2"
SingleLogoutServiceUrl="https://
https://abc-defg.hj.client.net /idp/startSLO.ping"
SignLogoutRequest="true"/>
</PartnerIdentityProviders>
</SAMLConfiguration>
The error that we see in our logs is:
<samlp:Status>
<samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Requester"/>
<samlp:StatusMessage>Signature required</samlp:StatusMessage>
</samlp:Status>
Thanks in advance.