Hello,

We have a requirement where we need to decode base64 string and parse the SAML 2.0 response XML in Pega and from parsed data, we need to get the signed certificate and validate against the certificate. Issue that we are facing:

1. We tried parsing Sample SAML responses with "NS-366601360 • Assertion Parse" rule in Pega, but it is not mapping all the attributes to clipboard. Though the parse rule has Assertion tag mentioned, but only 1st tag is getting parsed within that. Please refer to the attachments. If the <samlp tags are removed and only Assertion tag is kept in Request, then the parsing is proper, as shown in Expected_Response screenshot. In Pega Parse rule mentioned above, the root element is Assertion only. Is there any specific reason to not include <saml tags?

2. Another challenge we are facing is, once the parsing is properly done, we need to obtain the signature and validate against the certificate, which we will be storing in Pega keystore. So in Key store the signature will be a part of file I assume and in XML we will be having a signature string. Looking for some thoughts on how to validate the signature.

Note: We are not using Authentication Service for SAML 2.0, since this mechanism has already been taken care by middleware system. With in Pega we just need to decode and parse the SAML response and validate the signature to authenticate the user.

Also, please let me know if I need to raise a SR for 1st issue?

Thanks!