ComponentSpace

Forums



ComponentSpace.Saml2.Exceptions.SamlSignatureException: The authn request signature failed to...


ComponentSpace.Saml2.Exceptions.SamlSignatureException: The authn...

Author
Message
rihadd
rihadd
New Member
New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)

Group: Forum Members
Posts: 1, Visits: 10
Hello,

I'm hoping someone here will be able to assist me with the following.

I'm getting ComponentSpace.Saml2.Exceptions.SamlSignatureException: The authn request signature failed to verify.  exception when receiving a SAML request from out Service Provider.
I have verified the public key provided to the SP a number of times as well as our IDP certificate per the following post (https://www.componentspace.com/Forums/1578/SHA256-and-Converting-the-Cryptographic-Service-Provider-Type)

I've enabled tracing in our IDP code but the only two messages I see in the log are:
Receiving an SSO request from a partner service provider has failed.
followed by
"ComponentSpace.Saml2.Exceptions.SamlSignatureException: The authn request signature failed to verify.  at ComponentSpace.Saml2.SamlIdentityProvider.VerifyAuthnRequestSignatureAsync(XmlElement authnRequestElement, String signatureAlgorithm, String signature)  at ComponentSpace.Saml2.SamlIdentityProvider.ProcessAuthnRequestAsync(XmlElement authnRequestElement, String signatureAlgorithm, String signature)  at ComponentSpace.Saml2.SamlIdentityProvider.ReceiveSsoAsync()

Here is the request that contains the signature that's failing to verify.

SAMLRequest=fZFBa4NAFIT%2FiuxdzRqjZlEhNBSElpZaeuilbPSZLOhbu28NaX99jUlK0kOPO8wws99LSXZtL1aD3eELfA5A1inWGfvgYd2EmyBym4DP3TCJa3fJo7nLQSZVGIdxHDXMeQNDSmPGAm%2FGnIJogALJSrSjNONLdxa5nL%2FyRASRWCTeInhnznosUSjtFNxZ25PwfTuKHtQGem0seUBeD9KQRq%2FSnW%2BkL1G2X99ggIbWkl8q3LZQqi0%2BYQlmrypgzr02FUx%2FyVgjW4LjpmdJpPbwq6yIwBzL7zTS0IE5xwus4TDOHh3WGrUZLJwcY9OthTPn0LVIYoKXscGg0JIUCZQdkLCVKFePD2KEInqjra50y%2FL06BYTI3OV%2Fz8uL2NZfkPqjOEC5Q%2Bv1L%2Fqyk%2Bv2yPnPw%3D%3D&RelayState=3fc2d3c2-8a4f-44c6-9862-8a68cc127180&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=DHbYog1a7lnwbh8HHpnOMUJPr%2Ft4V7OO0rKyV3xW8OabGpsN96HjscNgOTqRrPBsEbO2%2F4%2FclZf2MA7WKXVLAV5RpdHTaYmdkvSZ87oEN2mJ7il7XVNCsF1bNo02djocLTbktN%2FucvxuMyVIu0KarWniSRPLC%2FbQrNpXOw6UcHQvdnwdZkDBxfabdQJk8YM9bMuaIKklrKqEJRD94TimWUpNrpc%2F9Fcf2IZ68pTAOmgIwJL84LJi5Whh4ta0Tl5%2FA5abhzvSMC3zKr%2FHc4Woq4T8t7u1Loyk1xD%2BALMSVhUP2jee3hAuUTv9AwF0UFlF9uxPBXk%2FCkID1xXDrp1%2FrA%3D%3D

Here are the idp.pfx attributes:

Bag Attributes
  localKeyID: 7F 94 D7 E7 B2 62 5B BF 1F 88 2D 79 5A D7 75 C9 1C 26 2C 41
  Microsoft CSP Name: Microsoft Enhanced RSA and AES Cryptographic Provider

Is there anything else I can look at to determine why the exception?
I'm using .net core 2.2 and the trial version of ComponentSpace SAML

This is my ComponentSpace config logic:

private void ConfigureSaml(SamlConfigurations samlConfigurations)
   {
    string certPassword = Configuration["CertPassword"];
    string decryptedPassword = DataProtector.DecryptString(certPassword);

    samlConfigurations.Configurations = new List<SamlConfiguration>()
    {
      new SamlConfiguration()
      {
       LocalIdentityProviderConfiguration = new LocalIdentityProviderConfiguration()
       {
        Name = Configuration["LocalIdentityProviderConfiguration:Name"],
        Description = "My Identity Provider",
        SingleSignOnServiceUrl = Configuration["LocalIdentityProviderConfiguration:SingleSignOnServiceUrl"],
        SingleLogoutServiceUrl = Configuration["LocalIdentityProviderConfiguration:SingleLogoutServiceUrl"],
        ArtifactResolutionServiceUrl = Configuration["LocalIdentityProviderConfiguration:ArtifactResolutionServiceUrl"],
        LocalCertificates = new List<Certificate>()
        {
          new Certificate()
          {
           FileName = "certificates/idp.pfx",
           Password = decryptedPassword
          }
        }
       },
       PartnerServiceProviderConfigurations = new List<PartnerServiceProviderConfiguration>()
       {
        new PartnerServiceProviderConfiguration()
        {
          Name = Configuration["PartnerServiceProviderConfigurations:Name"],
          Description = "xxService",
          WantAuthnRequestSigned = true,
          SignSamlResponse = true,
          SignAssertion = true,
          AssertionConsumerServiceUrl = Configuration["PartnerServiceProviderConfigurations:SPAuthProxyUrl"],
          SingleLogoutServiceUrl = Configuration["PartnerServiceProviderConfigurations:SPAuthProxyUrl"],
          ArtifactResolutionServiceUrl = Configuration["PartnerServiceProviderConfigurations:SPAuthProxyUrl"],
         

          PartnerCertificates = new List<Certificate>()
          {
           new Certificate()
           {
            FileName = "certificates/spSense.cer"
           }
          }
        }
       }
      }
    };
   }


Thank you,
ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
The signature will attempt to be verified using certificates/spSense.cer. The SP must signed the authn request using the corresponding private key.
You mentioned the public key provided to the SP and your IdP PFX file. The certificates/idp.pfx is used to sign the SAML response or assertion sent to the SP.
The SP will use the corresponding public key (ie .cer file) to verify the signature.
Please double check with the SP that the certificates/spSense.cer is the correct certificate/public key for verifying their signature.

Regards
ComponentSpace Development
GO


Similar Topics


Execution: 0.000. 1 query. Compression Enabled.
Login
Existing Account
Email Address:


Password:


Select a Forum....












Forums, Documentation & Knowledge Base - ComponentSpace


Search