Decryption of SAML Token Fails: Failed to decrypt xml.

Hi. I'm trying to integrate the SAML tools into my project but I've run into a case where the decrypt of an assertion fails every time. If I encrypt tokens with ComponentPro, then it works. But when I use the same key with th encrypter at SAMLTools.com, ComponentPro will not decrypt. So here's the SAML token: https://fakeurl:443 https://fakeurl:443 xxxxxxx https://sso.example.com/client/cust urn:oasis:names:tc:SAML:2.0:ac:classes:Password 55555555555 Here Are the public and private keys for my Cert(This is a self-signed cert): -----BEGIN PRIVATE KEY----- MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBANZMEJ43RE4R2P+v BVQsjFHTbyuCEQgssCTRdoYR670ocHtMIQo9yMbAVhRw2P9Yz90SLH0ui158VNog kBDDlYr5dnZ36bxZPCYebgJYp4EcMw5wEn3DwVqBTSWJg4GkytWgnQbDzFlyg6pl a/8mRzVdp2r3Z55thhA6S+VPOP/PAgMBAAECgYEAxuY61l69iyiNnGM6MvJWGux/ 1oYWgNvZcZLoy29+ukb6f7YdRIAsBi0muDo1bmtkIvBnUpkMylnj98EZdjXSaUMO Od/1yYtChOpPljCx/z/EpgHtoj/QCE8s/mgJCSE558JzDYb4Ss8YMAnSS3RGZ7W2 XpfbfzbNMd6ubt24xoECQQD9nclN8KvpvzyZbq1tLO+/1Lis7orJYCnXqnGMFX4N y9xFzUMQyu71A6rTvxHENXnXWVtLQIEpMclxkfktWWwfAkEA2E+srvLp0CaIzXvn YKUkYnaEvHEd94ZpC1Hf7FyvwxbXTB7EpnkeGTjTiewADvNDLOOQ2ZR1FQGRBiud dvj2UQJAD8rwiyLugZq/+knzELZYo5hqe5JLICkV0fEyKuf3toI4UDxs7bHFWYqF 67OdNpuh37AXyELXCCqqgaD2ZEWKPwJAErbh88jkXbPXxh9gJ0ZiXXpvhXYr54xj bi1JOEPUmQZS3i0TSmvUJM57zsTyRFjbiPivQYPMlWKrT2Nanj5v4QJBAM8Ej1EB 1tMOtP1P9BGkgogJpajEBg2ZIJyom94MfdfiCxJWFX0MxO2A+02eiuJy71UbAKmy Mzf/hwQRvIY+kZE= -----END PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIICzjCCAjegAwIBAgIBADANBgkqhkiG9w0BAQ0FADCBgzELMAkGA1UEBhMCdXMx EDAOBgNVBAgMB0dlb3JnaWExGDAWBgNVBAoMD1BheUdvIFV0aWxpdGllczEdMBsG A1UEAwwUcWEucGF5Z29lbGVjdHJpYy5jb20xEzARBgNVBAcMCkFscGhhcmV0dGEx FDASBgNVBAsMC0RldmVsb3BtZW50MB4XDTE5MDMyMjE3MzczMVoXDTI5MDMxOTE3 MzczMVowgYMxCzAJBgNVBAYTAnVzMRAwDgYDVQQIDAdHZW9yZ2lhMRgwFgYDVQQK DA9QYXlHbyBVdGlsaXRpZXMxHTAbBgNVBAMMFHFhLnBheWdvZWxlY3RyaWMuY29t MRMwEQYDVQQHDApBbHBoYXJldHRhMRQwEgYDVQQLDAtEZXZlbG9wbWVudDCBnzAN BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA1kwQnjdEThHY/68FVCyMUdNvK4IRCCyw JNF2hhHrvShwe0whCj3IxsBWFHDY/1jP3RIsfS6LXnxU2iCQEMOVivl2dnfpvFk8 Jh5uAlingRwzDnASfcPBWoFNJYmDgaTK1aCdBsPMWXKDqmVr/yZHNV2navdnnm2G EDpL5U84/88CAwEAAaNQME4wHQYDVR0OBBYEFL6UL/tUmVHoOa22gVifuiIzslh3 MB8GA1UdIwQYMBaAFL6UL/tUmVHoOa22gVifuiIzslh3MAwGA1UdEwQFMAMBAf8w DQYJKoZIhvcNAQENBQADgYEAeL7FRJDmO3N70R6T0sLiBOE/Xn1iu7DI/+T8s2A0 4D6zGgzNzcq54NJhKzU3jW52ZfF9GcA8vLTsaZ0AjE/3Yc8c3Av5eqvm1HlpzTiE XtO2tEHCCqJ7D8Bw0T+pqpVYeLfXZcxf8+Lew6wNDD1DcJOdjU8tTDbKfTB+ine4 0vE= -----END CERTIFICATE----- I go to https://www.samltool.com/encrypt.php , Plug in the above SAML Token, Use the PublicCert as posted above, and select RSA_OAEP_MGF1P for Key Encryption, and select AES128_CBC for the data encryption, Tag to replace: saml:Assertion, Tag with Encrypted data: saml:EncryptedAssertion When I encrypt I get the following result: https://fakeurl:443 hbB4l9B2ULwMJ3huXbcHfAZrq8J6Vn8FH17p1ujLSA4MrFpQvBgLCx8JvDiWR7SFLJo7DRImXGsZB+JfacU4hG45E1q7ghjjADgCXAXGdESVrtc3/7YAkHaVtagXGlGjUAVXs74LAHaMuZT2p0L3JvaT08BTTrMgdd9c2Mei8Rc= 7c+UcndH26vz2S+s+mSE2sJ+JOdTtE0mK+lP++kNKMJBz+K5X0J7EOzh3bx2zTTZIcrH5Lox0T9W+y+c7eeUbH5gugoK/BI2HbXLt05NLSCQCgO5xLyCffjKsiPFlf7TO/iOL9S+dONvuNIFfxRawoA5bvNWJU1D1B4QkVUcXOPzXxZXrMEjOka7ol6wRQxhaVOg7yCPGfej6bIaaySEFl2PhorQUsG+YLrCl0ZUlNttp/B3cHP1MSwqbiLbuEDClSfxrXS+/IbiGIAzpIk7MBhOoD2RXRcNCZ8YMIHss47rQL5lkKFSxpuJ4yGvx4a8EVRhvmsoTKKim6ItoUAJbhNXoEkzLS6iKe3LO0SwhsOtN5L/y/5ilYN5aso4u1tK3Q9AIu8fPyIudd7DEXLzndiyxDTBfBTwgEh34v4+5Bpts5/COmuyiSdMDJZfWZ/s2Zx23BIX1gXq5PQcD9KmuNvQ2Mw4rhX8RLkhEZHALxtEItFBcvxHVMdmzS2SWVFA1sNUUC074mZpCQnVfbnombjt+vnDoDxjx1WoO5mqVAumUJ8zmFGNmrhKaALMOCKyQ/3Z57DEnoQIt0I8pU5I9u9a/Kon/EF+quFiuW5YUl/5J7LIu5JXac3Pa9F1cS4aUgcVqZz19JIPXxGf7AwYywsXtl2AUmWN7qPd1buL8HvWj5b3GGxghw2oBogWt64JZb5evRCaBGsTLUa8OL7qWGCjARDfujthVhm/AvwErPiwpVLllMtJyK1WrNSCrUCyFeazAjtmX+cdwDn2YQYrSVV+yJVsZEtXOEJS/HZuLtHjQnPWqnCjX2Rin2FNfLPJ80zDboNEE4xgCYWLhnF8Xp4L0/dt3+MB81LZX1lb8c6H40QsHYZSg9jNT71SUm0wf2JvT91NutiJGvBrJEmvFVY1IL7zDsaDfZMm3wZ+8uUEIwYJz3s/jkBwk9HDtV5YJSJJgEN5HTxNhec+/Gboy8LP61yBOlQHXisJjANAweYQiDvnG+0NLsYKJhsZbze8TFukR7/3lJvvPi4M5Z1DUHuWjL466o09k8okoQRax7hiXNCMj895sJBgwG7rQqukfJJaZOc3zEouyWvdXqQ6/G+OhaxIJCOVfwbVDwW0tw0XQP0YVLz5LOv04FJh+Lck+fdGVXJ1oqz39Ygy05a1bVWwpBbnZ77QOsiHhO3EVVpIKW+s+jXCEY3LoH/fB4uNQty34BJG5EDqOZcixvFxpavuNHNkElSZD8FVMZkR7OruBca37xCRiZr22f6curJg8v7RV/Ps0T/h2JAPJd511UlyfqBz49QnMAqOAMLfaOXLgGwd5fZhdn2gv0nfQ0nw8aRVLyb/YAUhRcvjhLCtCNxwwvhIxTiuE1HUSuPXYakdJ1u+Ks16Hgb13qCAx38bnpGlotvRzo6yVylWgUGF/UUBxIj5UdrstVN8YNu/BhYItm7grn5KRfdXwsNPVOB+GrP/c0cgsYFCxw3pQ9syjKsKGmpt6Jg3CDbuCXCnre4hfK20SYW4JYeV8Cq6CW4057p53Qfl2DjhfUdxQdMZKPqacXpz/WpK8Z/0hyyO/tlJiYy4Q3KEGv8mA4a/0kCifEAzWar6r26UbWdfRZvJLLh9sVrKbfEWaO1EoTnQ5DAQ+rJ4y3rXwstWlGhpLqXcWshNsgkzb0Vn5RUsYorv6f9mzs1Yr25g9SbnlLrymSxS2oWc5i59suaYr907rhd+RuXnvjxAmuJ+xrw/J5Tg6t14KNH+7Ecu5HmEXLkEqYqALRy5S9YRa6yr2lX5CSD4YzzbAwJyJGNqqpmCfPDKMwNdUg6ps3A7cUAylQ1cuI7M3oiWETqkAvjmka5gt0XAfpLpCb0KXdoBtcJwI9ej09WMzyIWlwh37rjvrcNWy3r7WLG1hPaIa4OVP0RMy082AHzqSt1LrjwEr39e/zBRSgtBVGxKrHBoag29HzhDB65beIcolWL3K0ReOxVK2Sg/tMfpSW0JeBa1JS2iYyATjBv7ITYN6wuljMG9JVeUm+0= When I take that result and run the following code: var samlResponse = new ComponentPro.Saml2.Response(doc.DocumentElement); EncryptedAssertion encryptedAssertion = samlResponse.GetEncryptedAssertions()[0]; var myCert = new X509Certificate2("qa.pfx");//Same cert as used above, just in pfx format // Decrypt the encrypted assertion. var assertion = encryptedAssertion.Decrypt(myCert); That throws an exception: Type: ComponentPro.Saml.SamlException Message: Failed to decrypt xml. Inner Exception: NULL StackTrace: at ComponentPro.Saml.SamlUtil.Decrypt(XmlElement encryptedElement, XmlNodeList encryptedKeysNodeList, AsymmetricAlgorithm keyDecryptingKey, EncryptionMethod keyEncryptionMethod, EncryptionMethod dataEncryptionMethod) at ComponentPro.Saml.SamlUtil.Decrypt(XmlElement encryptedElement, XmlNodeList encryptedKeysNodeList, X509Certificate2 x509Certificate, EncryptionMethod keyEncryptionMethod, EncryptionMethod dataEncryptionMethod) at ComponentPro.Saml2.EncryptedAssertion.DecryptToXmlElement(X509Certificate2 x509Certificate, EncryptionMethod keyEncryptionMethod, EncryptionMethod dataEncryptionMethod) at ComponentPro.Saml2.EncryptedAssertion.Decrypt(X509Certificate2 x509Certificate, EncryptionMethod keyEncryptionMethod, EncryptionMethod dataEncryptionMethod) at ComponentPro.Saml2.EncryptedAssertion.Decrypt(X509Certificate2 x509Certificate) at XMLEncrypt.TestComponentPro.DecryptXMLFile(String xml, String certCN) in C:\\Users\\... How do I coerce the SAML tool to decrypt this Assertion? For the record, https://www.samltool.com/decrypt.php is fully capable of decrypting the pasted encrypted assertion only needing the private key. What am I missing? What can I do? Thank you.

We use .NET classes to encrypt/decrypt the messages. The encryption method `rsa-oaep-mgf1p` is not yet supported. If you want to generate a self-generated cert using `PowerShell`, please follow the steps in this topic: https://support.jetglobal.com/hc/en-us/articles/235636308-How-To-Create-a-SHA-256-Self-Signed-Certificate