ID6013: The signature verification failed error message

    Applies to:
  • Legacy SecureAuth IdP
Deployment model:
  • On Premises
  • SecureAuth IdP Version - Affected Versions 8.2, 9.0

    Cause - Some Microsoft Applications versions do not support SHA 256 for WS-Fed token signing.

    Error message shown:

    "ID6013: The signature verification failed.

    Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

    Exception Details: System.Security.Cryptography.CryptographicException: ID6013: The signature verification failed.

    Source Error:

    An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

    Stack Trace:

    [CryptographicException: ID6013: The signature verification failed.]

    Microsoft.IdentityModel.Protocols.XmlSignature.SignedXml.VerifySignature(HashAlgorithm hash, AsymmetricSignatureDeformatter deformatter, String signatureMethod) +354

    Microsoft.IdentityModel.Protocols.XmlSignature.SignedXml.StartSignatureVerification(SecurityKey verificationKey) +409

    Microsoft.IdentityModel.Protocols.XmlSignature.EnvelopedSignatureReader.OnEndOfRootElement() +66

    Microsoft.IdentityModel.Protocols.XmlSignature.EnvelopedSignatureReader.Read() +89

    System.Xml.XmlReader.ReadEndElement() +54

    Microsoft.IdentityModel.Tokens.Saml11.Saml11SecurityTokenHandler.ReadAssertion(XmlReader reader) +1051

    Microsoft.IdentityModel.Tokens.Saml11.Saml11SecurityTokenHandler.ReadToken(XmlReader reader) +49

    Microsoft.IdentityModel.Tokens.SecurityTokenHandlerCollection.ReadToken(XmlReader reader) +144
    Microsoft.IdentityModel.Web.TokenReceiver.ReadToken(String tokenXml, XmlDictionaryReaderQuotas readerQuotas) +236
    , icrosoft.IdentityModel.Web.WSFederationAuthenticationModule.SignInWithResponseMessage(HttpRequest request) +330

    Microsoft.IdentityModel.Web.WSFederationAuthenticationModule.OnAuthenticateRequest(Object sender, EventArgs args) +324

    Microsoft.SharePoint.IdentityModel.SPFederationAuthenticationModule.OnAuthenticateRequest(Object sender, EventArgs eventArgs) +209

    System.Web.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +215

    System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +98"

    Resolution -

    Replace the SecureAuth.IdentityModel.dll in the affected Realm Only in the Bin Folder. This version forces SHA1 for the ws-fed token signing, not the SSL tunnel and rectifies the issue.

    1.) Browse to D:\Secureauth\SecureAuthx\bin
    2.) Rename SecureAuth.IdentityModel.dll to SecureAuth.IdentityModel.dll.orig
    3.) Download Attached
    4.) Unzip
    5.) Place the new SecureAuth.IdentityModel.dll to D:\Secureauth\SecureAuthx\bin

    Note that this is a known issue and will be fixed in the next release and it will be configurable.


    SecureAuth Knowledge Base Articles provide information based on specific use cases and may not apply to all appliances or configurations. Be advised that these instructions could cause harm to the environment if not followed correctly or if they do not apply to the current use case.
    Customers are responsible for their own due diligence prior to utilizing this information and agree that SecureAuth is not liable for any issues caused by misconfiguration directly or indirectly related to SecureAuth products

    0 out of 0 found this helpful



    Please sign in to leave a comment.