Hi Team,
We have purchase .pfx cert file from one vendor and try to Send HTTPArtifcats request to IdP server using LowLevel API.
But when i tried to create SAML request using cert file it given me below error while try to sign. Provider = Microsoft Enhanced RSA and AES Cryptographic Provider
My Question :-
1) Shall i need to ask .pfx cert file vendor to give correct provider cert file ?
Provider = Microsoft Enhanced RSA and AES Cryptographic Provider
2) Or it is componentspace library issue or restriction to have above provider.
My Code :-
SAMLMessageSignature.Generate(artifactResolveXml, x509CertificateSP.PrivateKey, x509CertificateSP);
XmlElement artifactResponseXml = ArtifactResolver.SendRequestReceiveResponse(spArtifactResponderURL, artifactResolveXml);
Error In SP log files :-
System.Security.Cryptography.Xml.SignedXml Information: 10 : [SignedMessage#032b080e, Signing] Calculating signature with key RSACryptoServiceProvider#“te-600958fa-5361-42a5-80e2-45c64f62a85d” using signature description RSAPKCS1SHA256SignatureDescription, hash algorithm SHA256Cng, and asymmetric signature formatter RSAPKCS1SignatureFormatter.
ComponentSpace.SAML2 Verbose: 0 : 8952/19: 6/18/2018 7:48:32 PM: XML signature method: http://www.w3.org/2001/04/xmldsig-more#rsa-sha256.
ComponentSpace.SAML2 Verbose: 0 : 8952/19: 6/18/2018 7:48:32 PM: XML digest method: http://www.w3.org/2001/04/xmlenc#sha256.
ComponentSpace.SAML2 Verbose: 0 : 8952/19: 6/18/2018 7:48:32 PM: Inclusive namespace prefix list: #default samlp saml ds xs xsi.
ComponentSpace.SAML2 Verbose: 0 : 8952/19: 6/18/2018 7:48:32 PM: XML element ID: _0b011535-c70f-44eb-87c0-4d53ca4589e1.
ComponentSpace.SAML2 Verbose: 0 : 8952/19: 6/18/2018 7:48:32 PM: The signing key type is RSACryptoServiceProvider.
ComponentSpace.SAML2 Verbose: 0 : 8952/19: 6/18/2018 7:48:32 PM: The signing key’s associated cryptographic service provider, “Microsoft Enhanced Cryptographic Provider v1.0”, doesn’t support SHA-256 signatures.
ComponentSpace.SAML2 Verbose: 0 : 8952/19: 6/18/2018 7:48:32 PM: Exception: ComponentSpace.SAML2.Exceptions.SAMLSignatureException: Failed to generate the XML signature. —> System.Security.Cryptography.CryptographicException: Invalid algorithm specified.
at System.Security.Cryptography.CryptographicException.ThrowCryptographicException(Int32 hr)
at System.Security.Cryptography.Utils.SignValue(SafeKeyHandle hKey, Int32 keyNumber, Int32 calgKey, Int32 calgHash, Byte[] hash, Int32 cbHash, ObjectHandleOnStack retSignature)
at System.Security.Cryptography.Utils.SignValue(SafeKeyHandle hKey, Int32 keyNumber, Int32 calgKey, Int32 calgHash, Byte[] hash)
at System.Security.Cryptography.RSACryptoServiceProvider.SignHash(Byte[] rgbHash, Int32 calgHash)
at System.Security.Cryptography.RSAPKCS1SignatureFormatter.CreateSignature(Byte[] rgbHash)
at System.Security.Cryptography.AsymmetricSignatureFormatter.CreateSignature(HashAlgorithm hash)
at System.Security.Cryptography.Xml.SignedXml.ComputeSignature()
at ComponentSpace.SAML2.Utility.XmlSignature.Generate(XmlElement xmlElement, String elementId, AsymmetricAlgorithm signingKey, KeyInfo keyInfo, SignedXml signedXml, String inclusiveNamespacesPrefixList, String digestMethod, String signatureMethod) in C:\Sandboxes\ComponentSpace\SAMLv20\Library\Utility\XmlSignature.cs:line 545
— End of inner exception stack trace —
You will need to update your PFX file to specify the correct cryptographic service provider associated with the private key.
Please refer to the following forum article which describes using openssl to update your PFX file.
https://www.componentspace.com/Forums/1578/SHA256-and-Converting-the-Cryptographic-Service-Provider-Type