The SAML response signature failed to verify

SAML for ASP.NET
1
  1. Config PartnerIdentityProviderConfiguration
    + WantAssertionSigned = true
    + WantSAMLResponseSigned = true
    + WantAssertionEncrypted = false
    + SAMLWantLogoutResponseSigned = true
    2. I created an account on portal.azure
    3. Login via new account,
    4. After successful login, the system will call SAMLServiceProvider.ReceiveSSO
    and now the ReceiveSSO function will return the error The SAML response signature failed to verify

    I missing something configured?
    Or where is the problem?
    if you know please just help me.
    Thanks

    Note: that some old accounts still work fine.
2

You’re better not specifying WantAssertionSigned or WantSAMLResponseSigned and instead relying on the WantAssertionOrResponseSigned flag which defaults to true. WantAssertionOrResponseSigned requires that either the SAML response or SAML assertion is signed.

If you’re using Azure AD as the IdP, note that by default it signs the SAML assertion only.

If there’s still an issue, please enable SAML trace and send the generated log file as an email attachment to support@componentspace.com.

https://www.componentspace.com/Forums/17/Enabing-SAML-Trace

3
[quote]
ComponentSpace - 5/15/2023
You're better not specifying WantAssertionSigned or WantSAMLResponseSigned and instead relying on the WantAssertionOrResponseSigned flag which defaults to true. WantAssertionOrResponseSigned requires that either the SAML response or SAML assertion is signed.

If you're using Azure AD as the IdP, note that by default it signs the SAML assertion only.

If there's still an issue, please enable SAML trace and send the generated log file as an email attachment to support@componentspace.com.

https://www.componentspace.com/Forums/17/Enabing-SAML-Trace
[/quote]

sorry, but I have not found WantAssertionOrResponseSigned in PartnerIdentityProviderConfiguration.

using System.Security.Cryptography.X509Certificates;
using System.Xml;
using ComponentSpace.SAML2.Utility;

namespace ComponentSpace.SAML2.Configuration
{
public class PartnerIdentityProviderConfiguration : PartnerProviderConfiguration
....
}
chrome-extension://bpggmmljdiliancllaapiggllnkbjocb/logo/48.png
4

It sounds like you’re using an older version of the product.

If so, simply set WantSAMLResponseSigned to false and WantAssertionSigned to true.

5
[quote]
ComponentSpace - 5/15/2023
It sounds like you're using an older version of the product.

If so, simply set WantSAMLResponseSigned to false and WantAssertionSigned to true.
[/quote]

Thanks, I will try.
6

If there are still issues, please send a SAML log file to support@componentspace.com mentioning your form post.