Hi Team,
I’m using the licensed library of Component Space (ComponentSpace.SAML2.dll v3.7.0). My server runs on ASP.NET Core 3.1. We have been trying to integrate your library in our project to support SAML 2.0 requests.
I have tried our application with 2 providers ADFS & Okta. The API’s we use are InitiateSsoAsync() and ReceiveSsoAsync(). This works perfectly when the server is running in Windows, Ubuntu and MicroK8s (Running on Ubuntu). When I run this inside a pod on AWS EKS, ReceiveSsoAsync() is throwing an exception as follows
131 ~ 2021-12-14 10:18:29 @ GlobalHelper::CurrentDomain_FirstChanceException::0 - Interop+Crypto+OpenSslCryptographicException - error:04065072:rsa routines:rsa_ossl_private_decrypt:padding check failed
131 ~ 2021-12-14 10:18:29 @ at System.Security.Cryptography.RSAOpenSsl.TryDecrypt(SafeRsaHandle key, ReadOnlySpan data, Span destination, RsaPadding rsaPadding, RsaPaddingProcessor rsaPaddingProcessor, Int32& bytesWritten)
131 ~ 2021-12-14 10:18:29 @ GlobalHelper::CurrentDomain_FirstChanceException::0 - ComponentSpace.Saml2.Exceptions.SamlEncryptionException - An error occurred attempting to decrypt the XML. ~ caused by ~ Interop+Crypto+OpenSslCryptographicException - error:04065072:rsa routines:rsa_ossl_private_decrypt:padding check failed
131 ~ 2021-12-14 10:18:29 @ at ComponentSpace.Saml2.XmlSecurity.Encryption.XmlEncryption.Decrypt(XmlElement encryptedElement, IEnumerable encryptedKeyElements, AsymmetricAlgorithm keyDecryptingKey, String keyEncryptionAlgorithm, String dataEncryptionAlgorithm)
131 ~ 2021-12-14 10:18:29 @ GlobalHelper::CurrentDomain_FirstChanceException::0 - ComponentSpace.Saml2.Exceptions.SamlEncryptionException - Failed to decrypt XML. ~ caused by ~ ComponentSpace.Saml2.Exceptions.SamlEncryptionException - An error occurred attempting to decrypt the XML. ~ caused by ~ Interop+Crypto+OpenSslCryptographicException - error:04065072:rsa routines:rsa_ossl_private_decrypt:padding check failed
131 ~ 2021-12-14 10:18:29 @ at ComponentSpace.Saml2.SamlProvider.DecryptXml(XmlElement encryptedElement, IEnumerable encryptedKeyElements, AsymmetricAlgorithm keyDecryptingKey, String keyEncryptionAlgorithm, String dataEncryptionAlgorithm)
131 ~ 2021-12-14 10:18:29 @ GlobalHelper::CurrentDomain_FirstChanceException::0 - ComponentSpace.Saml2.Exceptions.SamlEncryptionException - Failed to decrypt XML. ~ caused by ~ ComponentSpace.Saml2.Exceptions.SamlEncryptionException - An error occurred attempting to decrypt the XML. ~ caused by ~ Interop+Crypto+OpenSslCryptographicException - error:04065072:rsa routines:rsa_ossl_private_decrypt:padding check failed
131 ~ 2021-12-14 10:18:29 @ at ComponentSpace.Saml2.SamlServiceProvider.DecryptSamlAssertionAsync(AssertionListItem assertionListItem)
131 ~ 2021-12-14 10:18:29 @ GlobalHelper::CurrentDomain_FirstChanceException::0 - ComponentSpace.Saml2.Exceptions.SamlEncryptionException - Failed to decrypt XML. ~ caused by ~ ComponentSpace.Saml2.Exceptions.SamlEncryptionException - An error occurred attempting to decrypt the XML. ~ caused by ~ Interop+Crypto+OpenSslCryptographicException - error:04065072:rsa routines:rsa_ossl_private_decrypt:padding check failed
131 ~ 2021-12-14 10:18:29 @ at ComponentSpace.Saml2.SamlServiceProvider.DecryptSamlAssertionAsync(AssertionListItem assertionListItem)
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
131 ~ 2021-12-14 10:18:29 @ GlobalHelper::CurrentDomain_FirstChanceException::0 - ComponentSpace.Saml2.Exceptions.SamlEncryptionException - Failed to decrypt XML. ~ caused by ~ ComponentSpace.Saml2.Exceptions.SamlEncryptionException - An error occurred attempting to decrypt the XML. ~ caused by ~ Interop+Crypto+OpenSslCryptographicException - error:04065072:rsa routines:rsa_ossl_private_decrypt:padding check failed
131 ~ 2021-12-14 10:18:29 @ at ComponentSpace.Saml2.SamlServiceProvider.DecryptSamlAssertionAsync(AssertionListItem assertionListItem)
at ComponentSpace.Saml2.SamlServiceProvider.GetSamlAssertionAsync(SamlResponse samlResponse)
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
131 ~ 2021-12-14 10:18:29 @ GlobalHelper::CurrentDomain_FirstChanceException::0 - ComponentSpace.Saml2.Exceptions.SamlEncryptionException - Failed to decrypt XML. ~ caused by ~ ComponentSpace.Saml2.Exceptions.SamlEncryptionException - An error occurred attempting to decrypt the XML. ~ caused by ~ Interop+Crypto+OpenSslCryptographicException - error:04065072:rsa routines:rsa_ossl_private_decrypt:padding check failed
131 ~ 2021-12-14 10:18:29 @ at ComponentSpace.Saml2.SamlServiceProvider.DecryptSamlAssertionAsync(AssertionListItem assertionListItem)
at ComponentSpace.Saml2.SamlServiceProvider.GetSamlAssertionAsync(SamlResponse samlResponse)
at ComponentSpace.Saml2.SamlServiceProvider.ProcessSamlResponseAsync(XmlElement samlResponseElement, String relayState)
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
131 ~ 2021-12-14 10:18:29 @ GlobalHelper::CurrentDomain_FirstChanceException::0 - ComponentSpace.Saml2.Exceptions.SamlEncryptionException - Failed to decrypt XML. ~ caused by ~ ComponentSpace.Saml2.Exceptions.SamlEncryptionException - An error occurred attempting to decrypt the XML. ~ caused by ~ Interop+Crypto+OpenSslCryptographicException - error:04065072:rsa routines:rsa_ossl_private_decrypt:padding check failed
131 ~ 2021-12-14 10:18:29 @ at ComponentSpace.Saml2.SamlServiceProvider.DecryptSamlAssertionAsync(AssertionListItem assertionListItem)
at ComponentSpace.Saml2.SamlServiceProvider.GetSamlAssertionAsync(SamlResponse samlResponse)
at ComponentSpace.Saml2.SamlServiceProvider.ProcessSamlResponseAsync(XmlElement samlResponseElement, String relayState)
at ComponentSpace.Saml2.SamlServiceProvider.ReceiveSsoAsync()
131 ~ 2021-12-14 10:18:29 @ GlobalHelper::CurrentDomain_FirstChanceException::0 - ComponentSpace.Saml2.Exceptions.SamlEncryptionException - Failed to decrypt XML. ~ caused by ~ ComponentSpace.Saml2.Exceptions.SamlEncryptionException - An error occurred attempting to decrypt the XML. ~ caused by ~ Interop+Crypto+OpenSslCryptographicException - error:04065072:rsa routines:rsa_ossl_private_decrypt:padding check failed
131 ~ 2021-12-14 10:18:29 @ at ComponentSpace.Saml2.SamlServiceProvider.DecryptSamlAssertionAsync(AssertionListItem assertionListItem)
at ComponentSpace.Saml2.SamlServiceProvider.GetSamlAssertionAsync(SamlResponse samlResponse)
at ComponentSpace.Saml2.SamlServiceProvider.ProcessSamlResponseAsync(XmlElement samlResponseElement, String relayState)
at ComponentSpace.Saml2.SamlServiceProvider.ReceiveSsoAsync()
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
131 ~ 2021-12-14 10:18:29 @ PlutoApp.Middleware.Windows.SAML+d__14::MoveNext::0 - ComponentSpace.Saml2.Exceptions.SamlEncryptionException - Failed to decrypt XML. ~ caused by ~ ComponentSpace.Saml2.Exceptions.SamlEncryptionException - An error occurred attempting to decrypt the XML. ~ caused by ~ Interop+Crypto+OpenSslCryptographicException - error:04065072:rsa routines:rsa_ossl_private_decrypt:padding check failed
131 ~ 2021-12-14 10:18:29 @ at ComponentSpace.Saml2.SamlServiceProvider.DecryptSamlAssertionAsync(AssertionListItem assertionListItem)
at ComponentSpace.Saml2.SamlServiceProvider.GetSamlAssertionAsync(SamlResponse samlResponse)
at ComponentSpace.Saml2.SamlServiceProvider.ProcessSamlResponseAsync(XmlElement samlResponseElement, String relayState)
at ComponentSpace.Saml2.SamlServiceProvider.ReceiveSsoAsync()
at HandleSAMLResponse(String id, ISamlServiceProvider samlServiceProvider)
I tried two ways of passing the ADFS certificate.
- In AbstractSamlConfigurationResolver → GetLocalServiceProviderConfigurationAsync() → localServiceProviderConfiguration.LocalCertificates = new List() { new Certificate() { String = cert.Item1, Password = cert.Item2 } };
- Implement ICertificateManager methods GetLocalServiceProviderSignatureCertificatesAsync() and GetLocalServiceProviderEncryptionCertificatesAsync()
This code works fine with ASP.NET where we had used the licensed version of your library.
I also checked the OpenSSL version of my Linux machine & AWS EKS pod. Linux machine running on OpenSSL 1.1.1f 31 Mar 2020 whereas the pod was running OpenSSL 1.1.1d 10 Sep 2019
I also went through another question posted on the forum. But wasn’t sure if my issue was identical.
https://www.componentspace.com/forums/9891/Certificate-error-when-running-in-Docker-container
Request your team to help us out resolve this issue as its impacting our release.
Regards,
Aster Veigas