Hello,
I'm hoping someone here will be able to assist me with the following.
I'm getting
ComponentSpace.Saml2.Exceptions.SamlSignatureException: The authn request signature failed to verify. exception when receiving a SAML request from out Service Provider.
I have verified the public key provided to the SP a number of times as well as our IDP certificate per the following post (
https://www.componentspace.com/Forums/1578/SHA256-and-Converting-the-Cryptographic-Service-Provider-Type)
I've enabled tracing in our IDP code but the only two messages I see in the log are:
Receiving an SSO request from a partner service provider has failed.
followed by
"ComponentSpace.Saml2.Exceptions.SamlSignatureException: The authn request signature failed to verify. at ComponentSpace.Saml2.SamlIdentityProvider.VerifyAuthnRequestSignatureAsync(XmlElement authnRequestElement, String signatureAlgorithm, String signature) at ComponentSpace.Saml2.SamlIdentityProvider.ProcessAuthnRequestAsync(XmlElement authnRequestElement, String signatureAlgorithm, String signature) at ComponentSpace.Saml2.SamlIdentityProvider.ReceiveSsoAsync()
Here is the request that contains the signature that's failing to verify.
SAMLRequest=fZFBa4NAFIT%2FiuxdzRqjZlEhNBSElpZaeuilbPSZLOhbu28NaX99jUlK0kOPO8wws99LSXZtL1aD3eELfA5A1inWGfvgYd2EmyBym4DP3TCJa3fJo7nLQSZVGIdxHDXMeQNDSmPGAm%2FGnIJogALJSrSjNONLdxa5nL%2FyRASRWCTeInhnznosUSjtFNxZ25PwfTuKHtQGem0seUBeD9KQRq%2FSnW%2BkL1G2X99ggIbWkl8q3LZQqi0%2BYQlmrypgzr02FUx%2FyVgjW4LjpmdJpPbwq6yIwBzL7zTS0IE5xwus4TDOHh3WGrUZLJwcY9OthTPn0LVIYoKXscGg0JIUCZQdkLCVKFePD2KEInqjra50y%2FL06BYTI3OV%2Fz8uL2NZfkPqjOEC5Q%2Bv1L%2Fqyk%2Bv2yPnPw%3D%3D&RelayState=3fc2d3c2-8a4f-44c6-9862-8a68cc127180&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=DHbYog1a7lnwbh8HHpnOMUJPr%2Ft4V7OO0rKyV3xW8OabGpsN96HjscNgOTqRrPBsEbO2%2F4%2FclZf2MA7WKXVLAV5RpdHTaYmdkvSZ87oEN2mJ7il7XVNCsF1bNo02djocLTbktN%2FucvxuMyVIu0KarWniSRPLC%2FbQrNpXOw6UcHQvdnwdZkDBxfabdQJk8YM9bMuaIKklrKqEJRD94TimWUpNrpc%2F9Fcf2IZ68pTAOmgIwJL84LJi5Whh4ta0Tl5%2FA5abhzvSMC3zKr%2FHc4Woq4T8t7u1Loyk1xD%2BALMSVhUP2jee3hAuUTv9AwF0UFlF9uxPBXk%2FCkID1xXDrp1%2FrA%3D%3D
Here are the idp.pfx attributes:
Bag Attributes
localKeyID: 7F 94 D7 E7 B2 62 5B BF 1F 88 2D 79 5A D7 75 C9 1C 26 2C 41
Microsoft CSP Name: Microsoft Enhanced RSA and AES Cryptographic Provider
Is there anything else I can look at to determine why the exception?
I'm using .net core 2.2 and the trial version of ComponentSpace SAML
This is my ComponentSpace config logic:
private void ConfigureSaml(SamlConfigurations samlConfigurations)
{
string certPassword = Configuration["CertPassword"];
string decryptedPassword = DataProtector.DecryptString(certPassword);
samlConfigurations.Configurations = new List<SamlConfiguration>()
{
new SamlConfiguration()
{
LocalIdentityProviderConfiguration = new LocalIdentityProviderConfiguration()
{
Name = Configuration["LocalIdentityProviderConfiguration:Name"],
Description = "My Identity Provider",
SingleSignOnServiceUrl = Configuration["LocalIdentityProviderConfiguration:SingleSignOnServiceUrl"],
SingleLogoutServiceUrl = Configuration["LocalIdentityProviderConfiguration:SingleLogoutServiceUrl"],
ArtifactResolutionServiceUrl = Configuration["LocalIdentityProviderConfiguration:ArtifactResolutionServiceUrl"],
LocalCertificates = new List<Certificate>()
{
new Certificate()
{
FileName = "certificates/idp.pfx",
Password = decryptedPassword
}
}
},
PartnerServiceProviderConfigurations = new List<PartnerServiceProviderConfiguration>()
{
new PartnerServiceProviderConfiguration()
{
Name = Configuration["PartnerServiceProviderConfigurations:Name"],
Description = "xxService",
WantAuthnRequestSigned = true,
SignSamlResponse = true,
SignAssertion = true,
AssertionConsumerServiceUrl = Configuration["PartnerServiceProviderConfigurations:SPAuthProxyUrl"],
SingleLogoutServiceUrl = Configuration["PartnerServiceProviderConfigurations:SPAuthProxyUrl"],
ArtifactResolutionServiceUrl = Configuration["PartnerServiceProviderConfigurations:SPAuthProxyUrl"],
PartnerCertificates = new List<Certificate>()
{
new Certificate()
{
FileName = "certificates/spSense.cer"
}
}
}
}
}
};
}
Thank you,