ComponentPro.Saml : Invalid Algorithm specified error for assertion.Sign() method

0
Hi Team, We are using ComponentPro.Saml dll to generate the SAML response XML. While signing it with SHA256 algorithm we are getting below error **Assembly: ComponentPro.Saml, Version=7.2.40.234** **Code** assertion.Sign(idpCert, "http://www.w3.org/2001/04/xmlenc#sha256", "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"); **Error:** Inner Exception: Invalid Alogorithm Specified Stack Strace: at System.Security.Cryptography.CryptographicException.ThrowCryptographicException(Int32 hr) at System.Security.Cryptography.Utils.SignValue(SafeKeyHandle hKey, Int32 keyNumber, Int32 calgKey, Int32 calgHash, Byte[] hash, Int32 cbHash, ObjectHandleOnStack retSignature) at System.Security.Cryptography.Utils.SignValue(SafeKeyHandle hKey, Int32 keyNumber, Int32 calgKey, Int32 calgHash, Byte[] hash) at System.Security.Cryptography.RSACryptoServiceProvider.SignHash(Byte[] rgbHash, Int32 calgHash) at ComponentPro.Saml.PrefixSignedXml.ComputeSignature() at ComponentPro.Saml.SamlUtil.ComputeSignature(XmlElement xmlElement, String elementId, AsymmetricAlgorithm signingKey, KeyInfo keyInfo, PrefixSignedXml signedXml, String inclusiveNamespacesPrefixList, String digestMethod, String signatureMethod) However **assertion.Sign(idpCert)** works fine. Not sure issue is with our .pfx file or any configuration is missing in my code. Please suggest.
 
asked 2/16/2021 3:29:13 PM
add a comment

3 Answers

0
Finally I got it working. I referred below link https://www.componentspace.com/Forums/1623/SAMLSignatureException-Failed-to-generate-XML-signature-Invalid-algorithm-specified
 
answered 2/25/2021 5:29:40 PM
add a comment
0
Hi Martin, I found that my .pfx file has a "http://www.w3.org/2000/09/xmldsig#rsa-sha1" signature algorithm in the private key object. Do you think this is the issue ? It should be "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" ?
 
answered 2/25/2021 3:10:29 PM
add a comment
0
I think it would be better if you provide more context in your code. Please refer to https://doc.componentpro.com/ComponentPro-Saml/working-with-sha-256 to work with SHA-256. Hope this helps
 
answered 2/17/2021 1:54:47 AM
  Hi Martin, Thanks for the response. I have gone through the link which you have shared. I am also following the steps mentioned in it. Please find below code which is throwing an error. public void SignSamlSHA256(Response samlResponse, SamlSignOption signOption, X509Certificate2 idpCert) { var sha256DigestMethod = "http://www.w3.org/2001/04/xmlenc#sha256"; var sha256SignatureMethod = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"; CryptoConfig.AddAlgorithm(typeof(RSAPKCS1SHA256SignatureDescription), sha256SignatureMethod); try { switch (signOption) { case SamlSignOption.SignSamlAssertion: foreach (Assertion assertion in samlResponse.Assertions) { assertion.Sign(idpCert, sha256DigestMethod, sha256SignatureMethod); //THIS LINE IS THROWING ERROR } break; case SamlSignOption.SignSamlResponse: samlResponse.Sign(idpCert, sha256DigestMethod, sha256SignatureMethod); //THIS LINE IS THROWING ERROR break; case SamlSignOption.SignAll: foreach (Assertion assertion in samlResponse.Assertions) { assertion.Sign(idpCert, sha256DigestMethod, sha256SignatureMethod); //THIS LINE IS THROWING ERROR } samlResponse.Sign(idpCert, sha256DigestMethod, sha256SignatureMethod); //THIS LINE IS THROWING ERROR break; default: samlResponse.Sign(idpCert, sha256DigestMethod, sha256SignatureMethod); break; } } catch (Exception e) { Console.WriteLine(e); throw; } } pjoshi 2/18/2021 3:53:41 PM
  Hi Martin, I found that my .pfx file has a "http://www.w3.org/2000/09/xmldsig#rsa-sha1" signature algorithm in the private key object. Do you think this is the issue ? It should be "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" ? pjoshi 2/25/2021 2:37:28 PM
add a comment

Your Answer

Not the answer you're looking for? Browse other questions tagged saml or ask your own question.