When receiving the authentication request from the SP I call the ReceiveAuthnRequest but it raises the error:
The authentication request signature failed to verify
at
if (!SAMLMessageSignature.Verify(authnRequestXml, x509Certificate))
The most likely cause of the signature failing to verify is that the wrong X.509 certificate is being used.
Please double check with the SP that you are using the correct certificate.
As an experiment, if you set the second parameter (ie x509Certificate) to null, does the signature verification succeed?
Setting the second parameter to null means the certificate embedded in the signature, if any, is used.
If that works then it confirms you are using the wrong certificate.
If there’s still an issue, please enable SAML trace and send the generated log file as an email attachment to support@componentspace.com mentioning this topic.
http://www.componentspace.com/Forums/17/Enabing-SAML-Trace
[quote][/quote]
The most likely cause of the signature failing to verify is that the wrong X.509 certificate is being used.
Please double check with the SP that you are using the correct certificate.
As an experiment, if you set the second parameter (ie x509Certificate) to null, does the signature verification succeed?
Setting the second parameter to null means the certificate embedded in the signature, if any, is used.
If that works then it confirms you are using the wrong certificate.
If there's still an issue, please enable SAML trace and send the generated log file as an email attachment to support@componentspace.com mentioning this topic.
http://www.componentspace.com/Forums/17/Enabing-SAML-Trace
Please double check with the SP that you are using the correct certificate.
As an experiment, if you set the second parameter (ie x509Certificate) to null, does the signature verification succeed?
Setting the second parameter to null means the certificate embedded in the signature, if any, is used.
If that works then it confirms you are using the wrong certificate.
If there's still an issue, please enable SAML trace and send the generated log file as an email attachment to support@componentspace.com mentioning this topic.
http://www.componentspace.com/Forums/17/Enabing-SAML-Trace
Thanks for responding. Yeah I think that may be the case. Going to che.ck it out.
You’re welcome.
This is a follow up for the same issue.
I am under the assumption that the following:
if (!SAMLMessageSignature.Verify(authnRequestXml, x509Certificate))
{
throw new ArgumentException("The authentication request signature failed to verify.");
}
authnRequest = new AuthnRequest(authnRequestXml);
uses the authentication request coming from the SP and matches it with the X509Certificate from the Idp (but this is where it fails).
If that is the case, what is being used within the SP authentication request as part of the verification process?
The authn request sent by the SP will always be signed using the SP’s private key.
The IdP will verify the signature using the SP’s public key. The X.509 certificate includes the public key.
So, when calling SAMLMessageSignature.Verify to verify the authn request signature, you should pass in as a parameter the SP’s X.509 certificate.
[quote][/quote]
The authn request sent by the SP will always be signed using the SP's private key.
The IdP will verify the signature using the SP's public key. The X.509 certificate includes the public key.
So, when calling SAMLMessageSignature.Verify to verify the authn request signature, you should pass in as a parameter the SP's X.509 certificate.
The IdP will verify the signature using the SP's public key. The X.509 certificate includes the public key.
So, when calling SAMLMessageSignature.Verify to verify the authn request signature, you should pass in as a parameter the SP's X.509 certificate.
Thanks.
The authentication is now working.
The process fails at :
IdentityProvider.SendSAMLResponseByHTTPPost(Response, ssoState.assertionConsumerServiceURL, samlResponseXml, ssoState.relayState);
with error
"Failed to send SAML response by HTTP post"
Please enable SAML trace and send the generated log file as an email attachment to support@componentspace.com mentioning this topic.
http://www.componentspace.com/Forums/17/Enabing-SAML-Trace