views:

291

answers:

2

I'm working to implement a SAML service. As such, I believe the identity provider is supposed to digitally sign the SAML assertion using the service provider's public key before sending the assertion to the service provider (which the service provider verifies using their private key). However, I'm having a hard time finding any examples of using the SignXML object (in C#) to sign using a public key. All of the examples are signing using the private key.

Any examples or advise would be greatly appreciated.

+1  A: 

No - the correct behavior is for the identity provider to sign with its own private key and the service provider to verify with the identity provider's public key.

metadaddy
A: 

Hello Metadaddy,

how can i get the private key from a A3 certificate?

from a A1 i'm loading it from the certificates collection and them i use the x509.PrivateKey.

i store this key in a RSACryptoServiceProvider, after this i pass it to SignXML.SigningKey property and with this i'm signing all the nodes that i need to sign...

but when i'm using the A3 certificate i can't extract the private key... i always get one exception! i think that this exception is lauched because i don't provide the certificate password.

how can i provide this password?

Marco