Ping Identity - Message digest incorrect when encrypted assertion used

I'm currently working on a single sign-on implementation using the ComponentPro SAML library with a vendor that uses Ping Identity as their SSO provider. The code is pretty basic, we're creating a SAML2 Response object, creating an assertion with a few attributes and encrypting it, signing the response last and then posting it. The issue we're having however is Ping is rejecting the response saying the expected message digest does not match the actual message digest. We're basically stuck at this point, Ping is doing some investigation but their initial feedback is that there is something wrong with the signing. During our investigation of the issue with the vendor we found the generated response is accepted by Ping if we don't use message level encryption. It's not an option to forego message level encryption however, that was just to try to help narrow the issue. Wondering if anyone else has run into this situation or knows of anything that could be of help as we're completely stuck at this point. Thanks!
asked 6/3/2019 6:44:47 PM
  That would be helpful for us to investigate this one if we know the code snippet, certificate signing algo SHA-1 or SHA-2, and encryption algo used in your code. sysadmin 6/25/2019 6:48:31 AM
  We have added this one for investigation. If it's a bug we will update it on our next release. sysadmin 7/22/2019 4:46:05 PM
add a comment

0 Answers

Your Answer

Not the answer you're looking for? Browse other questions tagged saml mvc or ask your own question.