Hi All,
My site is being accessed via ADFS (Idp) to my Assertion Consumer Service.aspx (SP). This is working fine with SHA-1 but when I updated my certificate to SHA-256 (SHA-2) I get the below error.
“SignatureDescription could not be created for the signature algorithm supplied.”
- My site is using ASP .NET 4.0 (32 bit)
- My DLL version is 2.6.0.2 (ComponentSpace)
http://www.componentspace.com/Forums/30/SHA256-XML-Signature-Support
“.NET 4.0 Framework Support
For .NET 4.0 and above, SHA-256, SHA-384 and SHA-512 support is, for the most part, built into the .NET framework. The only requirement is to register the cryptographic algorithm which is done automatically if using the .NET 4.0 version of the ComponentSpace.SAML2 DLL.”
Based on your documentation I would not need to make any changes for this combination to work. Is there anything I should change or test?
- Adam
Hi Adam
This support was added in v2.6.0.8. Sorry for the confusion.
Please contact support@componentspace.com, mentioning this topic, to discuss upgrade options.
Is there a manual fix I can apply to the server?
We just bought a license for Component Space DLL’s why would they have given us old DLL’s?
- Adam
Hi Adam
Our records indicate your company purchased a license in 2015 prior to support for SHA-256 being added to the product.
I’ve emailed you as well.
I have a similar issue, environment details are as follows
Component Space File Version 2.5.0.12
Application Server : Windows Server 2012 R2
Application ASP.NETVersion : ASP.NET 4.5.2
saml.config :
<PartnerIdentityProvider
Name=“<a href=“http://fs.xyz.com/adfs/services/trust””>http://fs.xyz.com/adfs/services/trust"
SignAuthnRequest=“true”
WantSAMLResponseSigned=“false”
WantAssertionSigned=“true”
WantAssertionEncrypted=“false”
UseEmbeddedCertificate=“true”
SingleSignOnServiceUrl=“<a href=“https://fs.xyz.com/adfs/ls””>https://fs.xyz.com/adfs/ls"
DigestMethod=“<a href=“http://www.w3.org/2001/04/xmlenc#sha256"”>http://www.w3.org/2001/04/xmlenc#sha256”
SignatureMethod=“<a href=“http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"”>http://www.w3.org/2001/04/xmldsig-more#rsa-sha256” />
But same component space file and saml.config works fine when the application is deployed on Windows 10.
-Vaibhav Goyal
Hi Vaibhav
- SAML2 DLL v2.6.0.8 or later
- .NET framework v4.0 or later
- for generation, the private key must specify the correct cryptographic service provider (CSP)
It looks like you’re using an earlier version of the product.
Please email us to discuss upgrade options.
After upgrading to 2.6.0.19 I get the below error.
Any idea how to fix.
---
One or more configuration XML schema validation errors occurred.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: ComponentSpace.SAML2.Exceptions.SAMLSchemaValidationException: One or more configuration XML schema validation errors occurred.
Stack Trace:
[SAMLSchemaValidationException: One or more configuration XML schema validation errors occurred.] ComponentSpace.SAML2.Configuration.SchemaValidator.ValidateConfiguration(XmlDocument xmlDocument) +541 ComponentSpace.SAML2.Configuration.SAMLConfigurationFile.Load(String fileName) +139 ComponentSpace.SAML2.SAMLController.Initialize() +166 ComponentSpace.SAML2.SAMLController.GetCurrentConfiguration() +25 ComponentSpace.SAML2.InternalSAMLServiceProvider..ctor() +11 ComponentSpace.SAML2.SAMLServiceProvider.ReceiveSSO(HttpRequest httpRequest, Boolean& isInResponseTo, String& partnerIdP, String& userName, IDictionary& attributes, String& relayState) +40 Ais.Sentry.View.Web.SAML.AssertionConsumerService.Page_Load(Object sender, EventArgs e) +184 System.Web.Util.CalliEventHandlerDelegateProxy.Callback(Object sender, EventArgs e) +51 System.Web.UI.Control.OnLoad(EventArgs e) +95 System.Web.UI.Control.LoadRecursive() +59 System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +2952 |
Under the Examples\Utility folder you’ll find a ValidateConfig project. You can run this to get more detail about the errors.
Alternatively, you’re welcome to email your saml.config to us and we can update it for you.
The most likely issue is that you’re missing either the or grouping elements we introduced.
You’ll see examples of this in the saml.config files for the ExampleIdentityProvider and ExampleServiceProvider projects.