With XML Signature Verification filter, make sure that the SAML assertion is selected under "What must be signed". In the filter to validate the SAML assertion, make sure that it's a SAML 2.0 assertion.
Really what we are doing here is first verifying the SAML assertion (i.e. checking it's trusted, using its signature) and then validating it (making sure it's the right format). By checking the trust first, we are ensuring that we are not wasting time validating an untrusted SAML assertion. It is important to understand the difference between verifying and validating a token like this. The configuration for the validation step is shown below:
To test this circuit, I am using the SOAPbox testing tool.
We see on the Response screen of SOAPbox that the assertion we've sent is indeed valid. If you change its signature in any way, the Vordel Gateway will reject it. Grab an evaluation of the Vordel Gateway here.
