1

I am receiving a SAML 2.0 AuthnRequest:

<saml2p:AuthnRequest xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" Version="2.0">
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:CanonicalizationMethod xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference xmlns:ds="http://www.w3.org/2000/09/xmldsig#" URI="#_ab854a268099a9abfedf74deb5148576">
                <ds:Transforms xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                    <ds:Transform xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                <ds:DigestValue xmlns:ds="http://www.w3.org/2000/09/xmldsig#">YPAxelno504BpWNYxlaBfI5y8gQDhczpCKvN9poGLco=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        mcyNOzAqR8ir6dLLqujXhMKWlat3zJpaIumR8+KNoiDjHaa5pfKGXbTQHg7fazyezX4IHFygFV+/
        jrUfZNZJrPsGvpN02yTiJceFnaBmlWF9z1RRIZ4hJfh6wJU/9lzCWhfRf4qaChvt0ex8qgLJX7UF
        Uu6yGEo96kROu6EA7PttmZhWKyPqSc3k7IuzLFDzaxykTbYRZfogvySD97okbG38Hl4huGyJMe2m
        oHQqShZrEtLJl7WlmIgam6dJ5VwxHIBxHVAq5iHNnxISqJ3vYvTMbKVMJ7Ek8UlK7Sxox0cQBonn
        RcvsgGdYIrfqUz4+3dulZartsDOeBJTI35OYAQ==
        </ds:SignatureValue>
    </ds:Signature>
</saml2p:AuthnRequest>

My understanding is that the signature embedded in this AuthnRequest is generated using the application's private key. I do not have access to the private key, but I have the public key.

I want to verify that this AuthnRequest was signed with the correct private key, by using the matching public key that I have available. I tried the following:

const certificate = `-----BEGIN CERTIFICATE-----
......
-----END CERTIFICATE-----`;

const signature = 'mcyNOzAqR8ir6dLLqujXhMKWlat3zJpaIumR8+KNoiDjHaa5pfK.....'; // from the xml

const publicKeyBuffer = Buffer.from(certificate, 'utf-8');
const signatureBuffer = Buffer.from(signature, 'utf-8');

const verifier = crypto.createVerify('RSA-SHA256');
verifier.update(samlMessage);
const valid = verifier.verify(publicKeyBuffer, signatureBuffer);

As value for samlMessage, I tried using both the base64 encoded and deflated query parameter as well as the decoded XML above.

Unfortunately this tells me that the signature is invalid either way, even though I know it is correct. What am I doing wrong?

marcelh
  • 41
  • 4
  • Does this answer your question? [Can't verify signature witn Node.js Crypto, using key pairs](https://stackoverflow.com/questions/25006460/cant-verify-signature-witn-node-js-crypto-using-key-pairs) – Akshay G Sep 21 '21 at 07:47
  • use `verifier.verify(publicKey, signature,'base64');` instead of buffer – Akshay G Sep 21 '21 at 07:51
  • Unfortunately I still get false with this change. I have seen the post you linked and my solution is based on that. – marcelh Sep 22 '21 at 08:02
  • Try validating with Online Tools first [Validate SAML AuthN Request](https://www.samltool.com/validate_authn_req.php). Include All three values of Saml AUthentication request, Signature and X.509 cert of the Service Provider along with the SigAlg to check signature. Most of the cases you will be using the wrong public key or wrong SignatureAlgorithm – Akshay G Sep 22 '21 at 12:28
  • 1
    Do you have the AuthnRequest as received from the SP? A common mistake in DIY mechanisms is that developers don't think that canonicalization is critical, but it absolutely is in signature validation. In order to validate the signature, you need only the SP's public key. – Andrew K. Sep 22 '21 at 14:20
  • Yes, I signed in at the SP and captured the AuthnRequest via SAML-tracer. I grabbed the SP's public key as we have it configured in our IDP. Authentication works and our IDP validates the signature, so I know it is the correct public key. I tried the validation tool linked above, but it also says "Signature validation failed. AuthN Request rejected". I copied the query parameters "SAMLRequest", "SigAlg" and "Signature" from the request to our IDP and tried to verify it with the Public Key we have configured. Does node-crypto consider canonicalization or do you know a library that does this? – marcelh Sep 23 '21 at 11:51
  • @marcelh Are the query parameter values of "SAMLRequest", "SigAlg" and "Signature" URL encoded? – Akshay G Sep 24 '21 at 08:52
  • @AkshayG I used the url decoded values – marcelh Sep 24 '21 at 09:45
  • @marcelh if you can post an example with test data and keys that is reproducible I can check at my end. The entire Authentication SAML Request url with all query paramteers – Akshay G Sep 24 '21 at 11:02

0 Answers0