ComponentSpace

Forums



SAML Assertion Signing


SAML Assertion Signing

Author
Message
dreed83
dreed83
New Member
New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)

Group: Forum Members
Posts: 1, Visits: 5
I inherited component space from my dev team and cannot understand how to correctly bind the certificate to sign correctly.
We've updated our public certificate and everything except assertions requiring signature are working.  All Service Partners, IP, and IDP function just fine, but when I go to sign an assertion the code breaks down for crypto reasons.

What certificate is used in the signing process?  The IDP PFX?  Should this be converted to PFX from a PEM or specific format?  Should it include public and private keys?

4/22/2022 11:27:27 AM : - RxFormsController:OASSO() : Exception occurred for user CV*******. System Message : Exception Message : Failed to generate XML signature. Exception Message : Invalid algorithm specified.
Stack Trace :  at System.Security.Cryptography.CryptographicException.ThrowCryptographicException(Int32 hr)
 at System.Security.Cryptography.Utils.SignValue(SafeKeyHandle hKey, Int32 keyNumber, Int32 calgKey, Int32 calgHash, Byte[] hash, Int32 cbHash, ObjectHandleOnStack retSignature)
 at System.Security.Cryptography.Utils.SignValue(SafeKeyHandle hKey, Int32 keyNumber, Int32 calgKey, Int32 calgHash, Byte[] hash)
 at System.Security.Cryptography.RSACryptoServiceProvider.SignHash(Byte[] rgbHash, Int32 calgHash)
 at System.Security.Cryptography.Xml.SignedXml.ComputeSignature()
 at ComponentSpace.SAML2.Utility.XmlSignature.Generate(XmlElement xmlElement, String elementId, AsymmetricAlgorithm signingKey, KeyInfo keyInfo, SignedXml signedXml, String inclusiveNamespacesPrefixList, String digestMethod, String signatureMethod) Stack Trace :  at ComponentSpace.SAML2.Utility.XmlSignature.Generate(XmlElement xmlElement, String elementId, AsymmetricAlgorithm signingKey, KeyInfo keyInfo, SignedXml signedXml, String inclusiveNamespacesPrefixList, String digestMethod, String signatureMethod)
 at ComponentSpace.SAML2.InternalSAMLIdentityProvider.CreateSAMLResponse(String userName, SAMLAttribute[] attributes, Status status, String assertionConsumerServiceUrl)
 at ComponentSpace.SAML2.InternalSAMLIdentityProvider.InitiateSSO(HttpResponseBase httpResponse, String userName, SAMLAttribute[] attributes, String relayState, String partnerSP, String assertionConsumerServiceUrl)
 at ComponentSpace.SAML2.SAMLIdentityProvider.InitiateSSO(HttpResponseBase httpResponse, String userName, IDictionary`2 attributes, String relayState, String partnerSP)
 at ProviderPortal.Controllers.PageControllers.Authorization.RxFormsController.OASSO(String id, String memberId)

Any help appreciated.  Also sent an email in for support.


ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
The PFX file includes the public key and private key and it's the private key that's used when signing SAML responses and SAML assertions. 

SHA-256, SHA-384 and SHA-512 XML signatures require the use of the Microsoft Enhanced RSA and AES Cryptographic Provider.

The PFX file includes a property specifying which cryptographic service provider to use. This must specify the Microsoft Enhanced RSA and AES Cryptographic Provider.

More information, including how to update the PFX, may be found at:

https://www.componentspace.com/forums/1578/SHA256-and-Converting-the-Cryptographic-Service-Provider-Type



Regards
ComponentSpace Development
GO


Similar Topics


Execution: 0.000. 1 query. Compression Enabled.
Login
Existing Account
Email Address:


Password:


Select a Forum....












Forums, Documentation & Knowledge Base - ComponentSpace


Search