ID6013: The signature verification failed error message

SecureAuth IdP Version - Affected Versions 8.2, 9.0

Cause - Some Microsoft Applications versions do not support SHA 256 for WS-Fed token signing.

Error message shown:

"ID6013: The signature verification failed.

Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.Security.Cryptography.CryptographicException: ID6013: The signature verification failed.

Source Error:

An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

Stack Trace:

[CryptographicException: ID6013: The signature verification failed.]

Microsoft.IdentityModel.Protocols.XmlSignature.SignedXml.VerifySignature(HashAlgorithm hash, AsymmetricSignatureDeformatter deformatter, String signatureMethod) +354

Microsoft.IdentityModel.Protocols.XmlSignature.SignedXml.StartSignatureVerification(SecurityKey verificationKey) +409

Microsoft.IdentityModel.Protocols.XmlSignature.EnvelopedSignatureReader.OnEndOfRootElement() +66

Microsoft.IdentityModel.Protocols.XmlSignature.EnvelopedSignatureReader.Read() +89

System.Xml.XmlReader.ReadEndElement() +54

Microsoft.IdentityModel.Tokens.Saml11.Saml11SecurityTokenHandler.ReadAssertion(XmlReader reader) +1051

Microsoft.IdentityModel.Tokens.Saml11.Saml11SecurityTokenHandler.ReadToken(XmlReader reader) +49

Microsoft.IdentityModel.Tokens.SecurityTokenHandlerCollection.ReadToken(XmlReader reader) +144
Microsoft.IdentityModel.Web.TokenReceiver.ReadToken(String tokenXml, XmlDictionaryReaderQuotas readerQuotas) +236
, icrosoft.IdentityModel.Web.WSFederationAuthenticationModule.SignInWithResponseMessage(HttpRequest request) +330

Microsoft.IdentityModel.Web.WSFederationAuthenticationModule.OnAuthenticateRequest(Object sender, EventArgs args) +324

Microsoft.SharePoint.IdentityModel.SPFederationAuthenticationModule.OnAuthenticateRequest(Object sender, EventArgs eventArgs) +209

System.Web.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +215

System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +98"

Resolution -

Replace the SecureAuth.IdentityModel.dll in the affected Realm Only in the Bin Folder. This version forces SHA1 for the ws-fed token signing, not the SSL tunnel and rectifies the issue.

1.) Browse to D:\Secureauth\SecureAuthx\bin
2.) Rename SecureAuth.IdentityModel.dll to SecureAuth.IdentityModel.dll.orig
3.) Download Attached ForceSHA1.zip
4.) Unzip
5.) Place the new SecureAuth.IdentityModel.dll to D:\Secureauth\SecureAuthx\bin

Note that this is a known issue and will be fixed in the next release and it will be configurable.

SecureAuth Knowledge Base Articles provide information based on specific use cases and may not apply to all appliances or configurations. Be advised that these instructions could cause harm to the environment if not followed correctly or if they do not apply to the current use case.
Customers are responsible for their own due diligence prior to utilizing this information and agree that SecureAuth is not liable for any issues caused by misconfiguration directly or indirectly related to SecureAuth products