Knowledge Base

Support Policies

ID6013: The signature verification failed error message

SecureAuth IdP Version - Affected Versions 8.2, 9.0


Cause - Some Microsoft Applications versions do not support SHA 256 for WS-Fed token signing.

Error message shown:

"ID6013: The signature verification failed.

Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.Security.Cryptography.CryptographicException: ID6013: The signature verification failed.

Source Error:

An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

Stack Trace:

[CryptographicException: ID6013: The signature verification failed.]

Microsoft.IdentityModel.Protocols.XmlSignature.SignedXml.VerifySignature(HashAlgorithm hash, AsymmetricSignatureDeformatter deformatter, String signatureMethod) +354

Microsoft.IdentityModel.Protocols.XmlSignature.SignedXml.StartSignatureVerification(SecurityKey verificationKey) +409

Microsoft.IdentityModel.Protocols.XmlSignature.EnvelopedSignatureReader.OnEndOfRootElement() +66

Microsoft.IdentityModel.Protocols.XmlSignature.EnvelopedSignatureReader.Read() +89

System.Xml.XmlReader.ReadEndElement() +54

Microsoft.IdentityModel.Tokens.Saml11.Saml11SecurityTokenHandler.ReadAssertion(XmlReader reader) +1051

Microsoft.IdentityModel.Tokens.Saml11.Saml11SecurityTokenHandler.ReadToken(XmlReader reader) +49

Microsoft.IdentityModel.Tokens.SecurityTokenHandlerCollection.ReadToken(XmlReader reader) +144
Microsoft.IdentityModel.Web.TokenReceiver.ReadToken(String tokenXml, XmlDictionaryReaderQuotas readerQuotas) +236
, icrosoft.IdentityModel.Web.WSFederationAuthenticationModule.SignInWithResponseMessage(HttpRequest request) +330

Microsoft.IdentityModel.Web.WSFederationAuthenticationModule.OnAuthenticateRequest(Object sender, EventArgs args) +324

Microsoft.SharePoint.IdentityModel.SPFederationAuthenticationModule.OnAuthenticateRequest(Object sender, EventArgs eventArgs) +209

System.Web.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +215

System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +98"

Resolution -

Replace the SecureAuth.IdentityModel.dll in the affected Realm Only in the Bin Folder. This version forces SHA1 for the ws-fed token signing, not the SSL tunnel and rectifies the issue.

1.) Browse to D:\Secureauth\SecureAuthx\bin
2.) Rename SecureAuth.IdentityModel.dll to SecureAuth.IdentityModel.dll.orig
3.) Download Attached ForceSHA1.zip
4.) Unzip
5.) Place the new SecureAuth.IdentityModel.dll to D:\Secureauth\SecureAuthx\bin


Note that this is a known issue and will be fixed in the next release and it will be configurable.

Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.