Ping Identity - Message digest incorrect when encrypted assertion used

I'm currently working on a single sign-on implementation using the ComponentPro SAML library with a vendor that uses Ping Identity as their SSO provider. The code is pretty basic, we're creating a SAML2 Response object, creating an assertion with a few attributes and encrypting it, signing the response last and then posting it. The issue we're having however is Ping is rejecting the response saying the expected message digest does not match the actual message digest. We're basically stuck at this point, Ping is doing some investigation but their initial feedback is that there is something wrong with the signing. During our investigation of the issue with the vendor we found the generated response is accepted by Ping if we don't use message level encryption. It's not an option to forego message level encryption however, that was just to try to help narrow the issue. Wondering if anyone else has run into this situation or knows of anything that could be of help as we're completely stuck at this point. Thanks!
asked 6/3/2019 6:44:47 PM
  It looks like ComponentPro is in fact incorrectly calculating the message digest. I recently tried an evaluation of another SAML library and no longer am running into this problem. I have also received no response what so ever from ComponentPro after emailing them about this directly. smcgillha 6/11/2019 12:06:57 PM
add a comment

0 Answers

Your Answer

Not the answer you're looking for? Browse other questions tagged saml mvc or ask your own question.