Why I get error while parsing SAMLresponse?

Question

I have configurate a SAML SSO service for connection to our site. I use the same configuration with other endpoint and works fine. With this, I get always "Signature Validation error". I try to debug the ITFoxtech source code, and I found this error. When the the library try to validate assertation, it goes in this method (Class: ITfoxtec.Identity.Saml2. Saml2AuthnResponse):

private Saml2SecurityToken ReadSecurityToken(XmlNode assertionElement)
{
     using (var reader = new XmlNodeReader(assertionElement))
     {
          return Saml2SecurityTokenHandler.ReadToken(reader) as Saml2SecurityToken;
     }
}

The only difference between worked response and this one in errore is that all xml node in assertation have not the namenspace "Saml2:". Here an example of assertation of SAML Response:

<Assertion xmlns="....
<Issuer Format="....
<Subject>
<NameID ....

Could be that the problem? Thanks in advance.

Answer 1

For security reasons I got the authn response on an email.

I'm able to read the Authn response. It looks like the XML is accepted perfectly without the XML namenspace Saml2.

The authn response in question is signed two times, both on assertion level and on response level (the outermost level). Maybe the problem is that the two times of signing cannot be validated. I have seen this being a problem with some IdPs Please try to only sign the authn response on either assertion level or the response level. I prefer to sign on response level.