Hi,
I was getting the below error for .net 4.6.1 and ComponentSpace.dll -2.8.3.0 even after updating the existing valid certificate with “Microsoft Enhanced RSA and AES Cryptographic Provider” with sha 256 using openssl.
3112/32: 19-09-2017 16:56:35: Generating an XML signature.
3112/32: 19-09-2017 16:56:35: XML signature method: http://www.w3.org/2001/04/xmldsig-more#rsa-sha256.
3112/32: 19-09-2017 16:56:35: XML digest method: http://www.w3.org/2001/04/xmlenc#sha256.
3112/32: 19-09-2017 16:56:35: Inclusive namespace prefix list: #default samlp saml ds xs xsi.
3112/32: 19-09-2017 16:56:35: XML element ID: _6be1c323-c2d0-4b74-bca4-61c58fdd8993.
3112/32: 19-09-2017 16:56:35: The signing key type is RSACng.
3112/32: 19-09-2017 16:56:35: The signing key’s associated cryptographic service provider supports SHA-256 signatures.
3112/32: 19-09-2017 16:56:35: Exception: ComponentSpace.SAML2.Exceptions.SAMLSignatureException: Failed to generate the XML signature. —> System.NotSupportedException: Method is not supported.
at System.Security.Cryptography.RSA.DecryptValue(Byte[] rgb)
at System.Security.Cryptography.RSAPKCS1SignatureFormatter.CreateSignature(Byte[] rgbHash)
at System.Security.Cryptography.AsymmetricSignatureFormatter.CreateSignature(HashAlgorithm hash)
at System.Security.Cryptography.Xml.SignedXml.ComputeSignature()
at ComponentSpace.SAML2.Utility.XmlSignature.Generate(XmlElement xmlElement, String elementId, AsymmetricAlgorithm signingKey, KeyInfo keyInfo, SignedXml signedXml, String inclusiveNamespacesPrefixList, String digestMethod, String signatureMethod)
— End of inner exception stack trace —
3112/32: 19-09-2017 16:56:35: at ComponentSpace.SAML2.Utility.XmlSignature.Generate(XmlElement xmlElement, String elementId, AsymmetricAlgorithm signingKey, KeyInfo keyInfo, SignedXml signedXml, String inclusiveNamespacesPrefixList, String digestMethod, String signatureMethod)
at ComponentSpace.SAML2.Utility.XmlSignature.Generate(XmlElement xmlElement, String elementId, AsymmetricAlgorithm signingKey, X509Certificate2Collection x509Certificates, SignedXml signedXml, String inclusiveNamespacesPrefixList, String digestMethod, String signatureMethod)
at ComponentSpace.SAML2.Utility.XmlSignature.Generate(XmlElement xmlElement, String elementId, AsymmetricAlgorithm signingKey, X509Certificate2 x509Certificate, SignedXml signedXml, String inclusiveNamespacesPrefixList, String digestMethod, String signatureMethod)
at ComponentSpace.SAML2.Protocols.SAMLMessageSignature.Generate(XmlElement xmlElement, AsymmetricAlgorithm signingKey, X509Certificate2 x509Certificate, String inclusiveNamespacesPrefixList, String digestMethod, String signatureMethod)
at ComponentSpace.SAML2.InternalSAMLServiceProvider.CreateAuthnRequest(SSOOptions ssoOptions, String assertionConsumerServiceUrl, String singleSignOnServiceUrl)
at ComponentSpace.SAML2.InternalSAMLServiceProvider.InitiateSSO(HttpResponse httpResponse, String relayState, String partnerIdP, SSOOptions ssoOptions, String assertionConsumerServiceUrl, String singleSignOnServiceUrl)
at ComponentSpace.SAML2.SAMLServiceProvider.InitiateSSO(HttpResponse httpResponse, String relayState, String partnerIdP)
Then,
Updated to .Net 4.6.2 version and also updated the Authentication Polices to Form Authentication still facing following error under “Event handler” of ADFS admin
Exception details:
Microsoft.IdentityServer.RequestFailedException: MSIS7065: There are no registered protocol handlers on path /adfs/ls/ to process the incoming request.
at Microsoft.IdentityServer.Web.PassiveProtocolListener.OnGetContext(WrappedHttpListenerContext context)
Other details:
saml.config
<PartnerIdentityProvider Name=“<a href=“http://domain.com/adfs/services/trust””>http://domain.com/adfs/services/trust"</a><br/>Description=“ADFS”<br/>SignAuthnRequest="true"
SignLogoutRequest=“true”
WantSAMLResponseSigned=“true”
WantAssertionSigned=“false”
WantAssertionEncrypted=“false”
WantLogoutResponseSigned=“false”
SingleSignOnServiceBinding=“urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST”
SingleSignOnServiceUrl=“<a href=“https://domain.com/adfs/ls/” “>https://domain.com/adfs/ls/”
…>
<ServiceProvider Name=“urn:componentspace:Name”
Description=“Connect”
AssertionConsumerServiceUrl=”~/WebForm1.aspx"
…>
Please help me to resolve this issue.
We have occasionally seen issues with SHA-256 signature generation on older operating systems (ie prior to Windows 2012 R2).
Installing .NET 4.6.2 or above often resolves these issues.
There are a number of possible causes of the MSIS7065 error in ADFS.
Please take a look at section 10.4 of our Developer Guide PDF.
Ensure that your ADFS configuration is correct.
If there’s still an issue, please enable SAML trace and send the generated log file to support@componentspace.com.
https://www.componentspace.com/Forums/17/Enabing-SAML-Trace
Also include screenshots of the relying party property tabs in ADFS.