Redirect After SAML Authentication (VB .NET)

We are using a trial of your software for an IdP-initiated SAML authentication. Our service partner has an assertion consumer service URL. After authenticating through that URL we need to redirect to a different URL. The redirect URL is the SP's base URL plus a query string and then the full text of the SAML response, both Base64 encoded and URL encoded. The actual text of the SAML response is correct - the service provider gave us a sample for us to match for the initial testing. The problem is just with the redirect. Is there a way to do this? Dim samlResponse As New ComponentPro.Saml2.Response() Dim issuer As New ComponentPro.Saml2.Issuer(CreateAbsoluteURL("NS:saml2:entityid")) samlResponse.Issuer = issuer samlResponse.Status = New ComponentPro.Saml2.Status(ComponentPro.Saml2.SamlPrimaryStatusCode.Success, Nothing) Dim samlAssertion As New ComponentPro.Saml2.Assertion() samlAssertion.Issuer = issuer Dim subject As New ComponentPro.Saml2.Subject(New ComponentPro.Saml2.NameId("ava", "", "", ComponentSpace.SAML2.SAMLIdentifiers.NameIdentifierFormats.Unspecified, "")) Dim subjectConfirmation As New ComponentPro.Saml2.SubjectConfirmation(ComponentPro.Saml2.SamlSubjectConfirmationMethod.Bearer) Dim subjectConfirmationData As New ComponentPro.Saml2.SubjectConfirmationData() subjectConfirmationData.Recipient = AssertionConsumerServiceUrl subjectConfirmation.SubjectConfirmationData = subjectConfirmationData subject.SubjectConfirmations.Add(subjectConfirmation) samlAssertion.Subject = subject Dim authnStatement As New ComponentPro.Saml2.AuthnStatement() authnStatement.AuthnContext = New ComponentPro.Saml2.AuthnContext() authnStatement.AuthnContext.AuthnContextClassRef = New ComponentPro.Saml2.AuthnContextClassRef(ComponentPro.Saml2.SamlAuthenticationContext.Unspecified) samlAssertion.Statements.Add(authnStatement) samlAssertion.Conditions = New ComponentPro.Saml2.Conditions(New TimeSpan(0, 10, 0)) Dim audienceRestriction As New ComponentPro.Saml2.AudienceRestriction() audienceRestriction.Audiences.Add(New ComponentPro.Saml2.Audience("WR_ROLE_SP")) samlAssertion.Conditions.ConditionsList.Add(audienceRestriction) Dim attributeStatement As New ComponentPro.Saml2.AttributeStatement() attributeStatement.Attributes.Add(New ComponentPro.Saml2.Attribute("org_code", ComponentPro.Saml2.SamlAttributeNameFormat.Basic, "", "xs:string", "NSTEST")) attributeStatement.Attributes.Add(New ComponentPro.Saml2.Attribute("patient_gender", ComponentSpace.SAML2.SAMLIdentifiers.AttributeNameFormats.Basic, "", "xs:string", "F")) attributeStatement.Attributes.Add(New ComponentPro.Saml2.Attribute("patient_dob", ComponentSpace.SAML2.SAMLIdentifiers.AttributeNameFormats.Basic, "", "xs:string", "09/30/1930")) attributeStatement.Attributes.Add(New ComponentPro.Saml2.Attribute("login_name", ComponentSpace.SAML2.SAMLIdentifiers.AttributeNameFormats.Basic, "", "xs:string", "jdoe")) attributeStatement.Attributes.Add(New ComponentPro.Saml2.Attribute("patient_last_name", ComponentSpace.SAML2.SAMLIdentifiers.AttributeNameFormats.Basic, "", "xs:string", "Smith")) attributeStatement.Attributes.Add(New ComponentPro.Saml2.Attribute("patient_first_name", ComponentSpace.SAML2.SAMLIdentifiers.AttributeNameFormats.Basic, "", "xs:string", "Mary")) attributeStatement.Attributes.Add(New ComponentPro.Saml2.Attribute("patient_number", ComponentSpace.SAML2.SAMLIdentifiers.AttributeNameFormats.Basic, "", "xs:string", "12345")) samlAssertion.Statements.Add(attributeStatement) Dim x509Certificate As X509Certificate2 = DirectCast(Application(IdPX509Certificate), X509Certificate2) samlResponse.Sign(x509Certificate.PrivateKey, x509Certificate, "http://www.w3.org/2001/04/xmlenc#sha256", "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256") samlResponse.Assertions.Add(samlAssertion) Dim samlResponseStr As String = samlResponse.ToString() Dim bytesToEncode() As Byte = Encoding.UTF8.GetBytes(samlResponseStr) Dim encodedData As String = Convert.ToBase64String(bytesToEncode) Dim strUrl As String = "http://trainingsite.com/SSO/NS/SAMLPatientDisplay.aspx?SAMLResponse=" & Server.UrlEncode(encodedData) samlResponse.SendHttpPost(Response, AssertionConsumerServiceUrl, strUrl)

It turns out that the problem was that I was signing the SAML response but not the assertion. When I added code to sign the assertion as well it started working as expected. Thanks! Dim samlResponse As New ComponentPro.Saml2.Response() Dim issuer As New ComponentPro.Saml2.Issuer(CreateAbsoluteURL("NS:saml2:entityid")) samlResponse.Issuer = issuer samlResponse.Status = New ComponentPro.Saml2.Status(ComponentPro.Saml2.SamlPrimaryStatusCode.Success, Nothing) Dim samlAssertion As New ComponentPro.Saml2.Assertion() samlAssertion.Issuer = issuer Dim subject As New ComponentPro.Saml2.Subject(New ComponentPro.Saml2.NameId("ava", "", "", ComponentSpace.SAML2.SAMLIdentifiers.NameIdentifierFormats.Unspecified, "")) Dim subjectConfirmation As New ComponentPro.Saml2.SubjectConfirmation(ComponentPro.Saml2.SamlSubjectConfirmationMethod.Bearer) Dim subjectConfirmationData As New ComponentPro.Saml2.SubjectConfirmationData() subjectConfirmationData.Recipient = AssertionConsumerServiceUrl subjectConfirmation.SubjectConfirmationData = subjectConfirmationData subject.SubjectConfirmations.Add(subjectConfirmation) samlAssertion.Subject = subject Dim authnStatement As New ComponentPro.Saml2.AuthnStatement() authnStatement.AuthnContext = New ComponentPro.Saml2.AuthnContext() authnStatement.AuthnContext.AuthnContextClassRef = New ComponentPro.Saml2.AuthnContextClassRef(ComponentPro.Saml2.SamlAuthenticationContext.Unspecified) samlAssertion.Statements.Add(authnStatement) samlAssertion.Conditions = New ComponentPro.Saml2.Conditions(New TimeSpan(0, 10, 0)) Dim audienceRestriction As New ComponentPro.Saml2.AudienceRestriction() audienceRestriction.Audiences.Add(New ComponentPro.Saml2.Audience("WR_ROLE_SP")) samlAssertion.Conditions.ConditionsList.Add(audienceRestriction) Dim attributeStatement As New ComponentPro.Saml2.AttributeStatement() attributeStatement.Attributes.Add(New ComponentPro.Saml2.Attribute("org_code", ComponentPro.Saml2.SamlAttributeNameFormat.Basic, "", "xs:string", "NSTEST")) attributeStatement.Attributes.Add(New ComponentPro.Saml2.Attribute("patient_gender", ComponentSpace.SAML2.SAMLIdentifiers.AttributeNameFormats.Basic, "", "xs:string", "F")) attributeStatement.Attributes.Add(New ComponentPro.Saml2.Attribute("patient_dob", ComponentSpace.SAML2.SAMLIdentifiers.AttributeNameFormats.Basic, "", "xs:string", "09/30/1930")) attributeStatement.Attributes.Add(New ComponentPro.Saml2.Attribute("login_name", ComponentSpace.SAML2.SAMLIdentifiers.AttributeNameFormats.Basic, "", "xs:string", "jdoe")) attributeStatement.Attributes.Add(New ComponentPro.Saml2.Attribute("patient_last_name", ComponentSpace.SAML2.SAMLIdentifiers.AttributeNameFormats.Basic, "", "xs:string", "Smith")) attributeStatement.Attributes.Add(New ComponentPro.Saml2.Attribute("patient_first_name", ComponentSpace.SAML2.SAMLIdentifiers.AttributeNameFormats.Basic, "", "xs:string", "Mary")) attributeStatement.Attributes.Add(New ComponentPro.Saml2.Attribute("patient_number", ComponentSpace.SAML2.SAMLIdentifiers.AttributeNameFormats.Basic, "", "xs:string", "12345")) samlAssertion.Statements.Add(attributeStatement) Dim samlAssertionElement As XmlElement = samlAssertion.GetXml() Dim x509Certificate As X509Certificate2 = DirectCast(Application(IdPX509Certificate), X509Certificate2) ComponentPro.Saml2.Assertion.Sign(samlAssertionElement, x509Certificate.PrivateKey, x509Certificate, "#default saml ds xs xsi", "http://www.w3.org/2001/04/xmlenc#sha256", "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256") samlResponse.Assertions.Add(samlAssertionElement) samlResponse.Sign(x509Certificate.PrivateKey, x509Certificate, "http://www.w3.org/2001/04/xmlenc#sha256", "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256") Dim samlResponseStr As String = samlResponse.ToString() Dim bytesToEncode() As Byte = Encoding.UTF8.GetBytes(samlResponseStr) Dim encodedData As String = Convert.ToBase64String(bytesToEncode) Dim strUrl As String = "http://trainingsite.com/SSO/NS/SAMLPatientDisplay.aspx?SAMLResponse=" & Server.UrlEncode(encodedData) samlResponse.SendHttpPost(Response, strUrl, AssertionConsumerServiceUrl)

Can you give us an example of their URL? In this non-standard case, you can get your SAML Response XML by `samlResponse.GetXm().OuterXml`. Then you can encode it with base64 and append to your URL.