Hello -
I am working on an interoperability issue concerning validation of digital signature on a referenced SAML assertion in a SOAP message produced by a Java framework and consumed by a .NET framework. The client framework is .NET 4.5. The provider framework uses Apache WSS4J (with OpenSAML libraries). The SAML confirmation method is Sender-Vouches. The SAML assertion itself is referenced in the SOAP message using the wsse:SecurityTokenReference element with a KeyIdentifier element. We have determined through testing that the error is caused by use of the "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#STR-Transform" algorithm in the transforms on the SAML reference. I am aware of KB 974842 and hotfix for what seems to be the same issue in the .NET 3.5 framework (http://support.microsoft.com/kb/974842). I am confident that the WSS4J framework is producing a SAML assertion that conforms with OASIS specifications. My questions:
1. Was the hotfix ported to later versions of the .NET framework?
2. Does the .NET 4.5 framework support use of the STR-Transform algorithm to resolve the SAML assertion from a reference for verification of the message-level signature on the assertion?
Thank you for your help.