ComponentSpace

Forums



Error generating XML signature


Error generating XML signature

Author
Message
Carlos
Carlos
New Member
New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)

Group: Forum Members
Posts: 1, Visits: 6
Hello, I'm using your product to perfrom SAML authentication with Azure ADFS, 
last week we upgraded the .net version to 4.7.2 and the "generation of the XML signature" stoped working.

my guess is that it has to do with a breaking change in the .net 4.7.1 where the defualt algorithm change from SHA1 to SHA256. now I'm no expert in .net programing I could use some help on making this work,

here is the error stack 
[1] Failed to generate XML signature.
 at ssiDP.RssExtensionComponentSpace.MssSendAuthRequest(HeContext heContext, String inParamRelayState, Byte[] inParamCertificateSP, String inParamDestination, String inParamIssuer, String inParamPassword, String inParamBinding, String& outParamErrorMessage)
 at ssiDP.Flows.FlowAuth.ScrnDoLogin.Preparation(HeContext heContext)
 at ssiDP.Flows.FlowAuth.ScrnDoLogin.Page_Load(Object sender, EventArgs e)
 at System.Web.UI.Control.OnLoad(EventArgs e)
 at System.Web.UI.Control.LoadRecursive()
 at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
[2] Invalid algorithm specified.
 at System.Security.Cryptography.CryptographicException.ThrowCryptographicException(Int32 hr)
 at System.Security.Cryptography.Utils.SignValue(SafeKeyHandle hKey, Int32 keyNumber, Int32 calgKey, Int32 calgHash, Byte[] hash, Int32 cbHash, ObjectHandleOnStack retSignature)
 at System.Security.Cryptography.Utils.SignValue(SafeKeyHandle hKey, Int32 keyNumber, Int32 calgKey, Int32 calgHash, Byte[] hash)
 at System.Security.Cryptography.RSACryptoServiceProvider.SignHash(Byte[] rgbHash, Int32 calgHash)
 at System.Security.Cryptography.Xml.SignedXml.ComputeSignature()
 at ComponentSpace.SAML2.Utility.XmlSignature.Generate(XmlElement xmlElement, String elementId, AsymmetricAlgorithm signingKey, KeyInfo keyInfo, SignedXml signedXml, String inclusiveNamespacesPrefixList, String digestMethod, String signatureMethod)
and here is the implementation for the class
/// </summary>
/// <param name="ssRelayState"></param>
/// <param name="ssCerteficate">SP Certeficate</param>
/// <param name="ssDestination"></param>
/// <param name="ssIssuer"></param>
/// <param name="ssPassword">Certeficate Password</param>
/// <param name="ssBinding">Redirect or Post</param>
public void MssSendAuthRequest(string ssRelayState, byte[] ssCerteficate, string ssDestination, string ssIssuer, string ssPassword, string ssBinding) {
    // Create the authentication request.
    AuthnRequest authnRequest = new AuthnRequest();
    authnRequest.Destination = ssDestination;
    authnRequest.Issuer = new Issuer(ssIssuer);
    authnRequest.ForceAuthn = false;
    authnRequest.NameIDPolicy = new NameIDPolicy(null, null, true);
    // Serialize the authentication request to XML for transmission.
    XmlElement authnRequestXml = authnRequest.ToXml();
    // Sign the authentication request.
    X509Certificate2 x509Certificate = new X509Certificate2(ssCerteficate, ssPassword, X509KeyStorageFlags.MachineKeySet);
    switch (ssBinding.ToLower())
    {
      case "redirect":
       ServiceProvider.SendAuthnRequestByHTTPRedirect(HttpContext.Current.Response, ssDestination, authnRequestXml, ssRelayState, x509Certificate.PrivateKey);
       break;
      case "post":
       SAMLMessageSignature.Generate(authnRequestXml, x509Certificate.PrivateKey, x509Certificate);
       ServiceProvider.SendAuthnRequestByHTTPPost(HttpContext.Current.Response, ssDestination, authnRequestXml, ssRelayState);
       HttpContext.Current.Response.End();
       break;
    }
} // MssSendAuthRequest

Help is appreciated.
Best regards,
Carlos Rocha
ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
Hi Carlos,

It's the SAML library rather than the .NET framework that specifies SHA-256 as the default algorithm so I don't think that's the issue.

Are you using the same X.509 certificate as you were previous to the .NET framework upgrade?

Please enable SAML trace and send the generated log file as an email attachment to [email protected] mentioning your forum post.

https://www.componentspace.com/Forums/17/Enabing-SAML-Trace


Regards
ComponentSpace Development
GO


Similar Topics


Execution: 0.000. 2 queries. Compression Enabled.
Login
Existing Account
Email Address:


Password:


Select a Forum....












Forums, Documentation & Knowledge Base - ComponentSpace


Search