在ADFS中,SAML签名验证依赖于以下内容:
示例代码:
string signatureAlgorithm = "http://www.w3.org/2000/09/xmldsig#rsa-sha1";
if (signatureAlgorithm != samlDoc.Signature.SignedInfo.SignatureMethod.Algorithm) { // Signature validation failed }
示例代码:
string signingCertificate = GetSigningCertificateFromMetadata(idpMetadata);
if (!samlDoc.Signature.KeyInfo.ContainsCertificateData(signingCertificate)) { // Signature validation failed }
示例代码:
DateTime now = DateTime.UtcNow; TimeSpan allowedClockSkew = TimeSpan.FromMinutes(5);
if (samlDoc.Signature.SignedInfo.SignatureValue.ValidityInterval.Contains(now + allowedClockSkew)) { // Signature validation failed }
通过这些方法,可以在ADFS中成功验证SAML签名。