From what I understood, if I want to sign the SAML request, the signature should be constructed of:
SAMLRequest=VALUE&RelayState=VALUE&SigAlg=VALUE and from that I should create the signature, this is the piece of code I have used in order to create the signature:
var MSCert = new X509Certificate2(ConfigurationManager.AppSettings["KeyFilepath"], ConfigurationManager.AppSettings["KeyFilePassword"]);
RSACryptoServiceProvider rsacsp = (RSACryptoServiceProvider)MSCert.PrivateKey;
CspParameters cspParam = new CspParameters();
cspParam.KeyContainerName = rsacsp.CspKeyContainerInfo.KeyContainerName;
cspParam.KeyNumber = rsacsp.CspKeyContainerInfo.KeyNumber == KeyNumber.Exchange ? 1 : 2;
RSACryptoServiceProvider aescsp = new RSACryptoServiceProvider(cspParam);
aescsp.PersistKeyInCsp = false;
byte[] signed = aescsp.SignData(requestBytes, "SHA256");
// For testing purposes - testing the signature
bool isValid = aescsp.VerifyData(requestBytes, "SHA256", signed);
string signatureValue = null;
// Deflate the signature string
using (var output = new MemoryStream())
{
using (var zip = new DeflateStream(output, CompressionMode.Compress))
{
zip.Write(signed, 0, signed.Length);
}
var base64 = Convert.ToBase64String(output.ToArray());
var urlEncode = HttpUtility.UrlEncode(base64);
signatureValue = urlEncode;
}
And still, I see that the validation fails, can some one help me to see why?
