SAMLSignatureException: Failed to generate XML signature. Invalid algorithm specified

Forums, Documentation & Knowledge Base - ComponentSpace

SAMLSignatureException: Failed to generate XML signature. Invalid algorithm specified

https://www.componentspace.com/forums/Topic8069.aspx

By ondrod - 7/20/2017

Hello,

We have upated to ComponentSpace.SAML2.dll version 2.8.2.0 from older verion of 2.5.0.20.

This upgrade broke our existing integration, because of :
"SAMLSignatureException: Failed to generate XML signature. Invalid algorithm specified".

I seen you have covered the topic in forum posts:
    • http://www.componentspace.com/Forums/1623/SAMLSignatureException-Failed-to-generate-XML-signature-Invalid-algorithm-specified
    • http://www.componentspace.com/Forums/1578/SHA256-and-Converting-the-Cryptographic-Service-Provider-Type?PageIndex=1
    • http://www.componentspace.com/Forums/1565/SHA256-and-Cryptographic-Provider-Types

We were generating self signed certificates for our integrations by code (not using openssl nor makecert), with Cryptographic Service Provider (CSP) set to "Microsoft Base Cryptographic Provider v1.0", instead of "Microsoft Enhanced RSA and AES Cryptographic Provider". We are using one of SHA256, SHA384 and SHA512 signature algorithms.

I have two questions:
    • Why this was not an issue in version "2.5.0.20"?
    • Is there any way we can upgrade our already generated certificates to use correct CSP, and do not break existing integrations?

Thank you for the answers.

Best Regards

By ComponentSpace - 12/8/2022

The EncryptedAssertion constructor defaults the symmetric key encryption method to "http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" and the data encryption method to "http://www.w3.org/2001/04/xmlenc#aes256-cbc".

What version of the SAML library are you using?

What version of the .NET framework are you using?

Have you tried the same code but specifying the "sp.cer" certificate that we include with the example projects? This will help identify whether the issue is related to your certificate.

If there's still an issue, please enable SAML trace and send the generated log file as an email attachment to [email protected] mentioning your forum post.

https://www.componentspace.com/Forums/17/Enabing-SAML-Trace