Receiving error: SignatureDescription could not be created for the signature algorithm supplied

SAML for ASP.NET
1

Hi,
I am getting the following error when processing a SAML response from an IdP (Windows Azure Active Directory):

ComponentSpace.SAML2 Verbose: 0 : 2:05:28 PM: Verifying the SAML response signature.
ComponentSpace.SAML2 Verbose: 0 : 2:05:28 PM: Exception: ComponentSpace.SAML2.Exceptions.SAMLSignatureException: Failed to verify the XML signature. —> System.Security.Cryptography.CryptographicException: SignatureDescription could not be created for the signature algorithm supplied.
at System.Security.Cryptography.Xml.SignedXml.CheckSignedInfo(AsymmetricAlgorithm key)
at System.Security.Cryptography.Xml.SignedXml.CheckSignature(AsymmetricAlgorithm key)
at ComponentSpace.SAML2.Utility.XmlSignature.Verify(XmlElement xmlElement, AsymmetricAlgorithm signingKey, SignedXml signedXml)
— End of inner exception stack trace —

The SAML Response has this:
ds:SignedInfo
<ds:CanonicalizationMethod Algorithm=“<a href=“http://www.w3.org/2001/10/xml-exc-c14n#”/”>http://www.w3.org/2001/10/xml-exc-c14n#“/>
<ds:SignatureMethod Algorithm=”<a href=“http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/">http://www.w3.org/2001/04/xmldsig-more#rsa-sha256”/>
<ds:Reference URI=“#_87dbabf5-6d48-46ba-81fe-cd8856bf90fc”>
ds:Transforms
<ds:Transform Algorithm=“<a href=“http://www.w3.org/2000/09/xmldsig#enveloped-signature"/">http://www.w3.org/2000/09/xmldsig#enveloped-signature”/>
<ds:Transform Algorithm=”<a href=“http://www.w3.org/2001/10/xml-exc-c14n#“/”>http://www.w3.org/2001/10/xml-exc-c14n#”/>
</ds:Transforms>
<ds:DigestMethod Algorithm="<a href=“http://www.w3.org/2001/04/xmlenc#sha256"/">http://www.w3.org/2001/04/xmlenc#sha256”/>
ds:DigestValueA9LAnkf4UreplLhq88rNVA2WOZnlZ0VurCrp98yUO7A=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>

This seems to work with other IdP which has sha1 as signature algorithm. Any help in resolving is greatly appreciated.
This is happening on a Windows 2008 Server R2 running .net 4.5

Regards,
Vj


2

You need to enable SHA-256 support on your system. Please see the following article for information on supporting SHA-256.

http://www.componentspace.com/Forums/30/SHA256-XML-Signature-Support

3

Excellent. This solved my issue. Thank you.
Regards,
Vj