SignatureDescription could not be created for the signature algorithm supplied.

adaml · February 28, 2017, 8:44am

Hi All,

My site is being accessed via ADFS (Idp) to my Assertion Consumer Service.aspx (SP). This is working fine with SHA-1 but when I updated my certificate to SHA-256 (SHA-2) I get the below error.

“SignatureDescription could not be created for the signature algorithm supplied.”

- My site is using ASP .NET 4.0 (32 bit)
- My DLL version is 2.6.0.2 (ComponentSpace)

http://www.componentspace.com/Forums/30/SHA256-XML-Signature-Support

“.NET 4.0 Framework Support
For .NET 4.0 and above, SHA-256, SHA-384 and SHA-512 support is, for the most part, built into the .NET framework. The only requirement is to register the cryptographic algorithm which is done automatically if using the .NET 4.0 version of the ComponentSpace.SAML2 DLL.”

Based on your documentation I would not need to make any changes for this combination to work. Is there anything I should change or test?

- Adam

ComponentSpace · February 28, 2017, 2:50pm

Hi Adam
This support was added in v2.6.0.8. Sorry for the confusion.
Please contact support@componentspace.com, mentioning this topic, to discuss upgrade options.

adaml · March 1, 2017, 6:31am

Is there a manual fix I can apply to the server?

We just bought a license for Component Space DLL’s why would they have given us old DLL’s?

- Adam

ComponentSpace · March 1, 2017, 5:14pm

Hi Adam
Our records indicate your company purchased a license in 2015 prior to support for SHA-256 being added to the product.
I’ve emailed you as well.

vaibhav.goyal · March 2, 2017, 5:34am

I have a similar issue, environment details are as follows
Component Space File Version 2.5.0.12
Application Server : Windows Server 2012 R2
Application ASP.NETVersion : ASP.NET 4.5.2
saml.config :

<PartnerIdentityProvider
Name=“<a href=“http://fs.xyz.com/adfs/services/trust””>http://fs.xyz.com/adfs/services/trust"
SignAuthnRequest=“true”
WantSAMLResponseSigned=“false”
WantAssertionSigned=“true”
WantAssertionEncrypted=“false”
UseEmbeddedCertificate=“true”
SingleSignOnServiceUrl=“<a href=“https://fs.xyz.com/adfs/ls””>https://fs.xyz.com/adfs/ls"
DigestMethod=“<a href=“http://www.w3.org/2001/04/xmlenc#sha256"”>http://www.w3.org/2001/04/xmlenc#sha256”
SignatureMethod=“<a href=“http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"”>http://www.w3.org/2001/04/xmldsig-more#rsa-sha256” />

But same component space file and saml.config works fine when the application is deployed on Windows 10.

-Vaibhav Goyal

ComponentSpace · March 2, 2017, 1:49pm

Hi Vaibhav

SAML2 DLL v2.6.0.8 or later
.NET framework v4.0 or later
for generation, the private key must specify the correct cryptographic service provider (CSP)

http://www.componentspace.com/Forums/1578/SHA256-and-Converting-the-Cryptographic-Service-Provider-Type

It looks like you’re using an earlier version of the product.
Please email us to discuss upgrade options.

adaml · March 3, 2017, 7:55am

[quote]

ComponentSpace - 3/1/2017

Hi Adam
Our records indicate your company purchased a license in 2015 prior to support for SHA-256 being added to the product.
I've emailed you as well.

[/quote]

After upgrading to 2.6.0.19 I get the below error.

Any idea how to fix.
---

One or more configuration XML schema validation errors occurred.

Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: ComponentSpace.SAML2.Exceptions.SAMLSchemaValidationException: One or more configuration XML schema validation errors occurred.

Stack Trace:

[SAMLSchemaValidationException: One or more configuration XML schema validation errors occurred.]

ComponentSpace.SAML2.Configuration.SchemaValidator.ValidateConfiguration(XmlDocument xmlDocument) +541

ComponentSpace.SAML2.Configuration.SAMLConfigurationFile.Load(String fileName) +139

ComponentSpace.SAML2.SAMLController.Initialize() +166

ComponentSpace.SAML2.SAMLController.GetCurrentConfiguration() +25

ComponentSpace.SAML2.InternalSAMLServiceProvider..ctor() +11

ComponentSpace.SAML2.SAMLServiceProvider.ReceiveSSO(HttpRequest httpRequest, Boolean& isInResponseTo, String& partnerIdP, String& userName, IDictionary& attributes, String& relayState) +40

Ais.Sentry.View.Web.SAML.AssertionConsumerService.Page_Load(Object sender, EventArgs e) +184

System.Web.Util.CalliEventHandlerDelegateProxy.Callback(Object sender, EventArgs e) +51

System.Web.UI.Control.OnLoad(EventArgs e) +95

System.Web.UI.Control.LoadRecursive() +59

System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +2952

ComponentSpace · March 3, 2017, 1:50pm

Under the Examples\Utility folder you’ll find a ValidateConfig project. You can run this to get more detail about the errors.
Alternatively, you’re welcome to email your saml.config to us and we can update it for you.
The most likely issue is that you’re missing either the or grouping elements we introduced.
You’ll see examples of this in the saml.config files for the ExampleIdentityProvider and ExampleServiceProvider projects.