Hi,

I’m utilizing high-level API and while calling SAMLServiceProvider.ReceiveSSO function, I got the following error…

The data to be decrypted exceeds the maximum for this modulus of 128 bytes.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.Security.Cryptography.CryptographicException: The data to be decrypted exceeds the maximum for this modulus of 128 bytes.

I’m trying to encrypt/decrypt with the public key RSA (2048 bits). Any idea?

Regards

This can occur when attempting to decrypt the SAML assertion.
The most likely cause is that either the IdP used the wrong public key to encrypt the assertion or the SP used the wrong private key to decrypt the assertion.
Please ensure the CER file you provided to the IdP to perform the encryption corresponds to the LocalCertificateFile PFX you have configured in your saml.config.

You’re welcome.

I matched both public and private key on our test server and it works fine, but from client site they got this error message… What could be wrong? Thank you.

Error occurred while decoding OAEP padding

This almost invariably means the wrong key is being used.
Are they trying to decrypt the SAML assertion? I thought they were the identity provider?
If you can encrypt with the public key and then decrypt with the private key on your test server then this indicates everything is ok.
It sounds like your client is using the wrong key.
I suggest sending your results to them and getting them to double check the key they’re using.

They are the identity provider calling our service provider. I kept telling them the same thing but they finally got the right public key! Thanks!

Thanks for the update. I’m glad they finally configured the right public key.