I have a SharePoint 2013 site and have been using SHA1 for some time. Now, we need to switch to SHA256 and am unable to verify assertion or response/message signatures. I can run the code on a non-SharePoint server (IIS 7) with successful results (signature validated). I could not find anything specific to SharePoint in the forums, but I wouldn’t think I am the first (especially with SP2013). Is SharePoint running an insufficient version of .NET for SHA256 even though .NET 4.5 is installed?
I know we are running an old version of ComponentSpace.SAML2.dll, but I would rather not have to upgrade to your current version and have to deploy new code. Comfort level/laziness/confidence… All the same.
Any help is appreciated.
ComponentSpace.SAML2.dll Version: 2.4.0.9
Windows Server 2008 R2 Standard, Service Pack 1
.NET Max Version Installed: 4.5.50938
ComponentSpace.SAML2 Verbose: 0 : 2:50:50 PM: Exception: ComponentSpace.SAML2.SAMLSignatureException: Failed to verify the XML signature. —> System.Security.Cryptography.CryptographicException: SignatureDescription could not be created for the signature algorithm supplied.
at System.Security.Cryptography.Xml.SignedXml.CheckSignedInfo(AsymmetricAlgorithm key)
at System.Security.Cryptography.Xml.SignedXml.CheckSignature(AsymmetricAlgorithm key)
at ComponentSpace.SAML2.XmlSignature.Verify(XmlElement xmlElement, AsymmetricAlgorithm signingKey, SignedXml signedXml)
The “SignatureDescription could not be created for the signature algorithm supplied” means that SHA-256 isn’t supported.
Ideally you should upgrade to the latest SAML2 version which includes support for SHA-256.
Are you able to upgrade to .NET 4.6.2? If so, please try this first.