ComponentPro.Saml : Invalid Algorithm specified error for assertion.Sign() method
Hi Team,
We are using ComponentPro.Saml dll to generate the SAML response XML. While signing it with SHA256 algorithm we are getting below error
**Assembly: ComponentPro.Saml, Version=7.2.40.234**
**Code**
assertion.Sign(idpCert, "http://www.w3.org/2001/04/xmlenc#sha256", "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256");
**Error:**
Inner Exception: Invalid Alogorithm Specified
Stack Strace:
at System.Security.Cryptography.CryptographicException.ThrowCryptographicException(Int32 hr)
at System.Security.Cryptography.Utils.SignValue(SafeKeyHandle hKey, Int32 keyNumber, Int32 calgKey, Int32 calgHash, Byte[] hash, Int32 cbHash, ObjectHandleOnStack retSignature)
at System.Security.Cryptography.Utils.SignValue(SafeKeyHandle hKey, Int32 keyNumber, Int32 calgKey, Int32 calgHash, Byte[] hash)
at System.Security.Cryptography.RSACryptoServiceProvider.SignHash(Byte[] rgbHash, Int32 calgHash)
at ComponentPro.Saml.PrefixSignedXml.ComputeSignature()
at ComponentPro.Saml.SamlUtil.ComputeSignature(XmlElement xmlElement, String elementId, AsymmetricAlgorithm signingKey, KeyInfo keyInfo, PrefixSignedXml signedXml, String inclusiveNamespacesPrefixList, String digestMethod, String signatureMethod)
However **assertion.Sign(idpCert)** works fine. Not sure issue is with our .pfx file or any configuration is missing in my code.
Please suggest.
asked 2/16/2021 3:29:13 PM
add a comment
Finally I got it working. I referred below link
https://www.componentspace.com/Forums/1623/SAMLSignatureException-Failed-to-generate-XML-signature-Invalid-algorithm-specified
answered 2/25/2021 5:29:40 PM
Hi Martin, I found that my .pfx file has a "http://www.w3.org/2000/09/xmldsig#rsa-sha1" signature algorithm in the private key object. Do you think this is the issue ? It should be "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" ?
answered 2/25/2021 3:10:29 PM
I think it would be better if you provide more context in your code.
Please refer to https://doc.componentpro.com/ComponentPro-Saml/working-with-sha-256 to work with SHA-256.
Hope this helps
answered 2/17/2021 1:54:47 AM
| Hi Martin, Thanks for the response. I have gone through the link which you have shared. I am also following the steps mentioned in it. Please find below code which is throwing an error. public void SignSamlSHA256(Response samlResponse, SamlSignOption signOption, X509Certificate2 idpCert) { var sha256DigestMethod = "http://www.w3.org/2001/04/xmlenc#sha256"; var sha256SignatureMethod = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"; CryptoConfig.AddAlgorithm(typeof(RSAPKCS1SHA256SignatureDescription), sha256SignatureMethod); try { switch (signOption) { case SamlSignOption.SignSamlAssertion: foreach (Assertion assertion in samlResponse.Assertions) { assertion.Sign(idpCert, sha256DigestMethod, sha256SignatureMethod); //THIS LINE IS THROWING ERROR } break; case SamlSignOption.SignSamlResponse: samlResponse.Sign(idpCert, sha256DigestMethod, sha256SignatureMethod); //THIS LINE IS THROWING ERROR break; case SamlSignOption.SignAll: foreach (Assertion assertion in samlResponse.Assertions) { assertion.Sign(idpCert, sha256DigestMethod, sha256SignatureMethod); //THIS LINE IS THROWING ERROR } samlResponse.Sign(idpCert, sha256DigestMethod, sha256SignatureMethod); //THIS LINE IS THROWING ERROR break; default: samlResponse.Sign(idpCert, sha256DigestMethod, sha256SignatureMethod); break; } } catch (Exception e) { Console.WriteLine(e); throw; } } pjoshi 2/18/2021 3:53:41 PM | |
| Hi Martin, I found that my .pfx file has a "http://www.w3.org/2000/09/xmldsig#rsa-sha1" signature algorithm in the private key object. Do you think this is the issue ? It should be "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" ? pjoshi 2/25/2021 2:37:28 PM |