Hello, I'm using your product to perfrom SAML authentication with Azure ADFS,
last week we upgraded the .net version to 4.7.2 and the "generation of the XML signature" stoped working.
my guess is that it has to do with a breaking change in the .net 4.7.1 where the defualt algorithm change from SHA1 to SHA256. now I'm no expert in .net programing I could use some help on making this work,
here is the error stack
[1] Failed to generate XML signature.
at ssiDP.RssExtensionComponentSpace.MssSendAuthRequest(HeContext heContext, String inParamRelayState, Byte[] inParamCertificateSP, String inParamDestination, String inParamIssuer, String inParamPassword, String inParamBinding, String& outParamErrorMessage)
at ssiDP.Flows.FlowAuth.ScrnDoLogin.Preparation(HeContext heContext)
at ssiDP.Flows.FlowAuth.ScrnDoLogin.Page_Load(Object sender, EventArgs e)
at System.Web.UI.Control.OnLoad(EventArgs e)
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
[2] Invalid algorithm specified.
at System.Security.Cryptography.CryptographicException.ThrowCryptographicException(Int32 hr)
at System.Security.Cryptography.Utils.SignValue(SafeKeyHandle hKey, Int32 keyNumber, Int32 calgKey, Int32 calgHash, Byte[] hash, Int32 cbHash, ObjectHandleOnStack retSignature)
at System.Security.Cryptography.Utils.SignValue(SafeKeyHandle hKey, Int32 keyNumber, Int32 calgKey, Int32 calgHash, Byte[] hash)
at System.Security.Cryptography.RSACryptoServiceProvider.SignHash(Byte[] rgbHash, Int32 calgHash)
at System.Security.Cryptography.Xml.SignedXml.ComputeSignature()
at ComponentSpace.SAML2.Utility.XmlSignature.Generate(XmlElement xmlElement, String elementId, AsymmetricAlgorithm signingKey, KeyInfo keyInfo, SignedXml signedXml, String inclusiveNamespacesPrefixList, String digestMethod, String signatureMethod)
and here is the implementation for the class
/// </summary>
/// <param name="ssRelayState"></param>
/// <param name="ssCerteficate">SP Certeficate</param>
/// <param name="ssDestination"></param>
/// <param name="ssIssuer"></param>
/// <param name="ssPassword">Certeficate Password</param>
/// <param name="ssBinding">Redirect or Post</param>
public void MssSendAuthRequest(string ssRelayState, byte[] ssCerteficate, string ssDestination, string ssIssuer, string ssPassword, string ssBinding) {
// Create the authentication request.
AuthnRequest authnRequest = new AuthnRequest();
authnRequest.Destination = ssDestination;
authnRequest.Issuer = new Issuer(ssIssuer);
authnRequest.ForceAuthn = false;
authnRequest.NameIDPolicy = new NameIDPolicy(null, null, true);
// Serialize the authentication request to XML for transmission.
XmlElement authnRequestXml = authnRequest.ToXml();
// Sign the authentication request.
X509Certificate2 x509Certificate = new X509Certificate2(ssCerteficate, ssPassword, X509KeyStorageFlags.MachineKeySet);
switch (ssBinding.ToLower())
{
case "redirect":
ServiceProvider.SendAuthnRequestByHTTPRedirect(HttpContext.Current.Response, ssDestination, authnRequestXml, ssRelayState, x509Certificate.PrivateKey);
break;
case "post":
SAMLMessageSignature.Generate(authnRequestXml, x509Certificate.PrivateKey, x509Certificate);
ServiceProvider.SendAuthnRequestByHTTPPost(HttpContext.Current.Response, ssDestination, authnRequestXml, ssRelayState);
HttpContext.Current.Response.End();
break;
}
} // MssSendAuthRequest
Help is appreciated.
Best regards,
Carlos Rocha