If an XML signature includes , the following exception can occur.
System.Security.Cryptography.CryptographicException: Root element must be KeyValue
element in namepsace http://www.w3.org/2000/09/xmldsig#
at System.Security.Cryptography.Xml.RSAKeyValue.LoadXml(XmlElement value)
at System.Security.Cryptography.Xml.KeyInfo.LoadXml(XmlElement value)
at System.Security.Cryptography.Xml.Signature.LoadXml(XmlElement value)
at System.Security.Cryptography.Xml.SignedXml.LoadXml(XmlElement value)
at ComponentSpace.Saml2.XmlSecurity.Signature.XmlSignature.Verify(XmlElement signedElement
Typically XML signatures include an rather than an so in most cases this bug isn’t triggered.
The bug is in System.Security.Cryptography.Xml.
The fix is part of the .NET Core 2.1 release.
Refer to:
https://github.com/dotnet/corefx/issues/22229
https://github.com/dotnet/corefx/issues/24375
https://github.com/dotnet/corefx/commit/4913a996526cbf79f7bf11ca79928ff7ebd1eade#diff-d817c6a73672cbdddd4ef5f80f4012a0
The workaround is to include the following, or a later release, in the application’s project file.