Hello team,
We have recently migrated our windows servers from 2008 to 2019 and the component space library (componentspace.saml2.dll) from version 2.4.0.13 to 4.5.0.0. Our .Net framework version was also updated from 4.0.3 to 4.7.2.
Now the issue is, in the environment where we have installed the certificate that uses sha256RSA to generate the signature, getting an exception with the error “Failed to generate the XML signature. —> System.Security.Cryptography.CryptographicException: Invalid algorithm specified.” However this works fine in the old environment (2008 windows server).
Here are the screenshots for the certificate we have been using in our environment. Request you to please take a look and guide us in the right direction of what next steps to be taken and what could be the issue happening in the new environment.
Thanks,
Manikumar Ponnuru.
In earlier releases we defaulted to SHA-1 as the signature algorithm. In later releases the default is SHA-256.
SHA-256 is only supported by certain cryptographic service providers (CSPs). You need to ensure your PFX file specifies the correct CSP. This can be done using Microsoft’s CertUtil.exe as described in the following forum post.
https://www.componentspace.com/Forums/1578/SHA256-and-Converting-the-Cryptographic-Service-Provider-Type
Let me know how that goes. Thanks.
SHA-256 is only supported by certain cryptographic service providers (CSPs). You need to ensure your PFX file specifies the correct CSP. This can be done using Microsoft's CertUtil.exe as described in the following forum post.
https://www.componentspace.com/Forums/1578/SHA256-and-Converting-the-Cryptographic-Service-Provider-Type
Let me know how that goes. Thanks.
This worked. We are able to update the Cryptographic Service Provider using Microsoft's CertUtil.exe. Thanks for you quick response.
You’re welcome. Thanks for the update.
Hi @Team,
We are facing a similar issue in our lower environment. “The signature is failed to verify” is the issue. Checked everything about the SAML response and seems to be fine. Can you please take a look at the response and point us in the right direction of the issue? Attaching the XML here.
The certificate details are below. Please let me know if anything else needed from me for further research.
I wasn’t able to verify the signature either. I noticed that the XML is formatted with newlines and other whitespace characters. If this formatting occurred after signing it will have invalidated the signature.
Please enable SAML trace and send the generated log file as an email attachment to support@componentspace.com mentioning your forum post.
https://www.componentspace.com/Forums/17/Enabing-SAML-Trace