Hello,
I am currently testing the ComponentSpace library to connect my Web application to an Azure AD for testing pupose. After reading the documentation, I am trying to implement the connection with the given example (ExampleServiceProvider - WebForm).
However I am facing the “The SAML assertion signature failed to verify” error message during the assertion (in the callback page AssertionConsumerService.aspx). Here is the log :
4872/27: 11/06/2020 14:23:27: The X.509 certificate with subject name CN=accounts.accesscontrol.windows.net and serial number XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX is embedded in the XML signature.
4872/27: 11/06/2020 14:23:27: The verifying key type is RSACryptoServiceProvider.
4872/27: 11/06/2020 14:23:27: The verifying key’s associated cryptographic service provider is “”.
4872/27: 11/06/2020 14:23:27: Exception: ComponentSpace.SAML2.Exceptions.SAMLSignatureException: The SAML assertion signature failed to verify.
4872/27: 11/06/2020 14:23:28: at ComponentSpace.SAML2.InternalSAMLServiceProvider.VerifySAMLAssertionSignature(Object samlAssertion)
at ComponentSpace.SAML2.InternalSAMLServiceProvider.GetSAMLAssertion(SAMLResponse samlResponse, XmlElement samlResponseElement)
at ComponentSpace.SAML2.InternalSAMLServiceProvider.ProcessSAMLResponse(XmlElement samlResponseElement, Boolean& isInResponseTo, String& authnContext, String& userName, SAMLAttribute[]& attributes)
at ComponentSpace.SAML2.InternalSAMLServiceProvider.ReceiveSSO(HttpRequest httpRequest, Boolean& isInResponseTo, String& partnerIdP, String& authnContext, String& userName, SAMLAttribute[]& attributes, String& relayState)
at ComponentSpace.SAML2.SAMLServiceProvider.ReceiveSSO(HttpRequest httpRequest, Boolean& isInResponseTo, String& partnerIdP, String& authnContext, String& userName, IDictionary& attributes, String& relayState)
at ExampleServiceProvider.SAML.AssertionConsumerService.Page_Load(Object sender, EventArgs e) in D:\Downloads\ComponentSpace\SAML for .NET\Examples\SSO\WebForms\ExampleServiceProvider\SAML\AssertionConsumerService.aspx.cs:line 23
at System.Web.Util.CalliEventHandlerDelegateProxy.Callback(Object sender, EventArgs e)
at System.Web.UI.Control.OnLoad(EventArgs e)
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
at System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
at System.Web.UI.Page.ProcessRequest()
at System.Web.UI.Page.ProcessRequestWithNoAssert(HttpContext context)
at System.Web.UI.Page.ProcessRequest(HttpContext context)
at ASP.saml_assertionconsumerservice_aspx.ProcessRequest(HttpContext context) in c:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\vs\32e6c620\2f2da05c\App_Web_cjho2sgs.2.cs:line 0
at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at System.Web.HttpApplication.ExecuteStepImpl(IExecutionStep step)
at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
at System.Web.HttpApplication.PipelineStepManager.ResumeSteps(Exception error)
at System.Web.HttpApplication.BeginProcessRequestNotification(HttpContext context, AsyncCallback cb)
at System.Web.HttpRuntime.ProcessRequestNotificationPrivate(IIS7WorkerRequest wr, HttpContext context)
at System.Web.Hosting.PipelineRuntime.ProcessRequestNotificationHelper(IntPtr rootedObjectsPointer, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags)
at System.Web.Hosting.PipelineRuntime.ProcessRequestNotification(IntPtr rootedObjectsPointer, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags)
Any help is appreciated, Thanks.
Please check that the correct partner certificate is configured. The log includes the certificate that’s embedded in the signature. This should be the certificate specified in your SAML configuration.
“The X.509 certificate with subject name CN=accounts.accesscontrol.windows.net and serial number XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX is embedded in the XML signature.”
If there’s still an issue, please send the complete log file as an email attachment to support@componentspace.com mentioning your forum post.