Error: at ComponentSpace.SAML2.Utility.XmlSignature.Generate

Follow

Version Affected:  All

Description:  

The following error is received when trying to sign the SAML assertion or message.  If signing is disabled then the error does not occur:

Error: at ComponentSpace.SAML2.Utility.XmlSignature.Generate(XmlElement xmlElement, String elementId, AsymmetricAlgorithm signingKey, KeyInfo keyInfo, SignedXml signedXml, String inclusiveNamespacesPrefixList, String digestMethod, String signatureMethod) at ComponentSpace.SAML2.Assertions.SAMLAssertionSignature.Generate(XmlElement xmlElement, AsymmetricAlgorithm signingKey, X509Certificate2 x509Certificate, String inclusiveNamespacesPrefixList, String digestMethod, String signatureMethod) at MFC.WebApp.SecureAuth.SAML20SPInit.CreateSAMLResponse(AuthnRequest authnRequest, String sUser) at MFC.WebApp.SecureAuth.SAML20SPInit.Page_Load(Object sender, EventArgs e)

 

Cause:  

If the certificate being used to sign the SAML is a SHA2 certificate then the CSP (Cryptographic Service Provider) may be incorrect and/or the SAML Signing algorithm may be incorrectly set.

SHA2 signing requires the "Microsoft Enhanced RSA and AES Cryptographic Provider" CSP.

 

Resolution:  

To check the SHA version of the certificate and verify the CSP see this article:
https://support.secureauth.com/hc/en-us/articles/360026511172-Getting-Signature-Errors-During-SAML-Integration

As per the above article you also need to select the correct SHA version for signing from the drop down list.


Additionally if the cert is SHA2 and has the wrong CSP for SHA2 signing then use this article:
https://support.secureauth.com/hc/en-us/articles/360021301651-How-to-support-signing-with-a-SHA256-certificate

 

 

 

SecureAuth Knowledge Base Articles provide information based on specific use cases and may not apply to all appliances or configurations. Be advised that these instructions could cause harm to the environment if not followed correctly or if they do not apply to the current use case.

Customers are responsible for their own due diligence prior to utilizing this information and agree that SecureAuth is not liable for any issues caused by misconfiguration directly or indirectly related to SecureAuth products.

0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.