Hi, my code to verify SAML2 metadata with SAMLMetadataSignature.Verify works on most servers.
However, on one server Verify returns ‘false’, for valid metadata that is verified fine on other servers with the same software.
On a machine where verify fails, the logs say
4084/9: 9/6/2024 12:26:38 PM: ComponentSpace.Saml2, Version=7.1.0.0, Culture=neutral, PublicKeyToken=16647a1283418145, .NET v4.8 build, Evaluation.
4084/9: 9/6/2024 12:26:38 PM: CLR: 4.0.30319.42000, OS: Microsoft Windows NT 10.0.19045.0, Culture: English (United States), Machine ..
4084/9: 9/6/2024 12:26:38 PM: Enabling support for RSA PSS signatures.
4084/9: 9/6/2024 12:26:38 PM: Enabling support for EC DSA SHA-2 signatures.
4084/9: 9/6/2024 12:26:38 PM: Verifying the XML signature.
4084/9: 9/6/2024 12:26:38 PM: Failed to verify the XML signature.
4084/9: 9/6/2024 12:26:38 PM: Signed XML: <md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" ..>..</md:EntityDescriptor>.
4084/9: 9/6/2024 12:26:38 PM: The X.509 certificate with subject name CN=.. is embedded in the XML signature.
4084/9: 9/6/2024 12:26:38 PM: The verifying key type is RSACryptoServiceProvider.
4084/9: 9/6/2024 12:26:38 PM: The verifying key's associated cryptographic service provider is "".
Anyone seen this behavior? Is it that the associated provider cannot be found?
As far as I can see, permissions are ok on Crypto/RSA/MachineKeys
Running certutil -csplist shows the same CSP list as on a server where verify works.