1. SecureAuth Support
  2. Support Documentation
  3. IdP Knowledge Base Articles

Error: at ComponentSpace.SAML2.Utility.XmlSignature.Generate

Follow
Avatar
Simon Watts
    Applies to:
  • SecureAuth Identity Platform
  • Legacy SecureAuth IdP
Deployment model:
  • Hybrid
  • On Premises

    • Version Affected:  All

    Description:  

    The following error is received when trying to sign the SAML assertion or message.  If signing is disabled then the error does not occur:

    Error: at ComponentSpace.SAML2.Utility.XmlSignature.Generate(XmlElement xmlElement, String elementId, AsymmetricAlgorithm signingKey, KeyInfo keyInfo, SignedXml signedXml, String inclusiveNamespacesPrefixList, String digestMethod, String signatureMethod) at ComponentSpace.SAML2.Assertions.SAMLAssertionSignature.Generate(XmlElement xmlElement, AsymmetricAlgorithm signingKey, X509Certificate2 x509Certificate, String inclusiveNamespacesPrefixList, String digestMethod, String signatureMethod) at MFC.WebApp.SecureAuth.SAML20SPInit.CreateSAMLResponse(AuthnRequest authnRequest, String sUser) at MFC.WebApp.SecureAuth.SAML20SPInit.Page_Load(Object sender, EventArgs e)

     

    Cause:  

    If the certificate being used to sign the SAML is a SHA2 certificate then the CSP (Cryptographic Service Provider) may be incorrect and/or the SAML Signing algorithm may be incorrectly set.

    SHA2 signing requires the "Microsoft Enhanced RSA and AES Cryptographic Provider" CSP.

     

    Resolution:  

    To check the SHA version of the certificate and verify the CSP see this article:
    https://support.secureauth.com/hc/en-us/articles/360026511172-Getting-Signature-Errors-During-SAML-Integration

    As per the above article you also need to select the correct SHA version for signing from the drop down list.


    Additionally if the cert is SHA2 and has the wrong CSP for SHA2 signing then use this article:
    https://support.secureauth.com/hc/en-us/articles/360021301651-How-to-support-signing-with-a-SHA256-certificate

     

     

     

    SecureAuth Knowledge Base Articles provide information based on specific use cases and may not apply to all appliances or configurations. Be advised that these instructions could cause harm to the environment if not followed correctly or if they do not apply to the current use case.

    Customers are responsible for their own due diligence prior to utilizing this information and agree that SecureAuth is not liable for any issues caused by misconfiguration directly or indirectly related to SecureAuth products.

    0 out of 0 found this helpful

    Comments

    0 comments

    Please sign in to leave a comment.

    Related articles

    Links:

    Identity Platform Documentation Portal
    Identity Platform Product Lifecycle Policy
    Global Support Policy

    Contact Support:

    Submit a Ticket
    Identity Platform Support: (866) 859-1526