ComponentSpace

Forums



ASP.Net: Saml XML signature failure


ASP.Net: Saml XML signature failure

Author
Message
Manikumar
Manikumar
New Member
New Member (9 reputation)New Member (9 reputation)New Member (9 reputation)New Member (9 reputation)New Member (9 reputation)New Member (9 reputation)New Member (9 reputation)New Member (9 reputation)New Member (9 reputation)

Group: Forum Members
Posts: 7, Visits: 15
Hello team,

We have recently migrated our windows servers from 2008 to 2019 and the component space library (componentspace.saml2.dll) from version 2.4.0.13 to 4.5.0.0. Our .Net framework version was also updated from 4.0.3 to 4.7.2.
Now the issue is, in the environment where we have installed the certificate that uses sha256RSA to generate the signature, getting an exception with the error  "Failed to generate the XML signature. ---> System.Security.Cryptography.CryptographicException: Invalid algorithm specified." However this works fine in the old environment (2008 windows server).

Here are the screenshots for the certificate we have been using in our environment. Request you to please take a look and guide us in the right direction of what next steps to be taken and what could be the issue happening in the new environment.







Thanks,
Manikumar Ponnuru.
ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
In earlier releases we defaulted to SHA-1 as the signature algorithm. In later releases the default is SHA-256.

SHA-256 is only supported by certain cryptographic service providers (CSPs). You need to ensure your PFX file specifies the correct CSP. This can be done using Microsoft's CertUtil.exe as described in the following forum post.

https://www.componentspace.com/Forums/1578/SHA256-and-Converting-the-Cryptographic-Service-Provider-Type

Let me know how that goes. Thanks.

Regards
ComponentSpace Development
Manikumar
Manikumar
New Member
New Member (9 reputation)New Member (9 reputation)New Member (9 reputation)New Member (9 reputation)New Member (9 reputation)New Member (9 reputation)New Member (9 reputation)New Member (9 reputation)New Member (9 reputation)

Group: Forum Members
Posts: 7, Visits: 15
ComponentSpace - 4/5/2021
In earlier releases we defaulted to SHA-1 as the signature algorithm. In later releases the default is SHA-256.

SHA-256 is only supported by certain cryptographic service providers (CSPs). You need to ensure your PFX file specifies the correct CSP. This can be done using Microsoft's CertUtil.exe as described in the following forum post.

https://www.componentspace.com/Forums/1578/SHA256-and-Converting-the-Cryptographic-Service-Provider-Type

Let me know how that goes. Thanks.

This worked. We are able to update the Cryptographic Service Provider using Microsoft's CertUtil.exe. Thanks for you quick response.
ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
You're welcome. Thanks for the update.

Regards
ComponentSpace Development
Manikumar
Manikumar
New Member
New Member (9 reputation)New Member (9 reputation)New Member (9 reputation)New Member (9 reputation)New Member (9 reputation)New Member (9 reputation)New Member (9 reputation)New Member (9 reputation)New Member (9 reputation)

Group: Forum Members
Posts: 7, Visits: 15
Hi @Team,

We are facing a similar issue in our lower environment. "The signature is failed to verify" is the issue. Checked everything about the SAML response and seems to be fine. Can you please take a look at the response and point us in the right direction of the issue? Attaching the XML here.
The certificate details are below. Please let me know if anything else needed from me for further research.







Attachments
SAMLResponseCERT.xml (1 view, 4.00 KB)
ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
I wasn't able to verify the signature either. I noticed that the XML is formatted with newlines and other whitespace characters. If this formatting occurred after signing it will have invalidated the signature.

Please enable SAML trace and send the generated log file as an email attachment to [email protected] mentioning your forum post.

https://www.componentspace.com/Forums/17/Enabing-SAML-Trace


Regards
ComponentSpace Development
GO


Similar Topics


Execution: 0.000. 2 queries. Compression Enabled.
Login
Existing Account
Email Address:


Password:


Select a Forum....












Forums, Documentation & Knowledge Base - ComponentSpace


Search