WCF/WF - Create xml signature using BinarySecret string token received from Secure Token Service

Asked By Manoj Pandey on 25-Feb-13 05:16 AM

I am using a Secure Token service to retrieve encrypted assertion and security token. I am able to successfully retrieve xml response. The general format is as below :



<?xml version="1.0" encoding="utf-8" ?>
<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
  <s:Header>
  <a:Action s:mustUnderstand="1">http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTRC/IssueFinal<;/a:Action>
  <a:RelatesTo>
  <!-- string -->
  </a:RelatesTo>
  <o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
  <u:Timestamp u:Id="_0">
  <u:Created>
  <!--created time-->
  </u:Created><br>
  <u:Expires><br>
  <!--expire time-->
  </u:Expires>
  </u:Timestamp>
  </o:Security>
  </s:Header>
  <s:Body>
  <trust:RequestSecurityTokenResponseCollection xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">
  <trust:RequestSecurityTokenResponse>
  <trust:KeySize>512</trust:KeySize>
  <trust:Lifetime>
  <wsu:Created xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
     <!--created-->
  </wsu:Created>
  <wsu:Expires xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
     <!--Expires-->
  </wsu:Expires>
  </trust:Lifetime>
  <wsp:AppliesTo xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
  <a:EndpointReference>
  <a:Address>
     <!--Address-->
  </a:Address>
  </a:EndpointReference>
  </wsp:AppliesTo>
  <trust:RequestedSecurityToken>
  <EncryptedAssertion xmlns="urn:oasis:names:tc:SAML:2.0:assertion">
       <!--assertion data-->
  </EncryptedAssertion>
  </trust:RequestedSecurityToken>
  <trust:RequestedProofToken>
  <trust:BinarySecret>
      <!-- string key-->
  </trust:BinarySecret>
  </trust:RequestedProofToken>
  <trust:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0</trust:TokenType>
  <trust:RequestType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue<;/trust:RequestType>
  <trust:KeyType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/SymmetricKey<;/trust:KeyType>
  </trust:RequestSecurityTokenResponse>
  </trust:RequestSecurityTokenResponseCollection>
  </s:Body>
</s:Envelope>

Now my requirement is that I want the create signature of EncryptedAssertion element using BinarySecret SAML token string contained in BinarySecret element. I know to create xml signature using RSA key but how to sign xml element using binary secret key which is a string. I am using .Net 4.0 and WCF to receive token reply.