1

I have a web application that I am configuring to work with an SSO system. The SSO system is correctly redirecting to my consumer service URL, but I am getting an error on my back end code.

System.Security.Cryptography.CryptographicException: SignatureDescription could not be created for the signature algorithm supplied.

The error is associated with the following line:

status &= signedXml.CheckSignature(certificate.cert, true);

I know it has something to do with the application being unable to verify the validity of the signature, but I am not sure why. I have the X509 certificate typed in correctly.

I am using ASP.NET MVC framework and IIS for my web server.

The code I am using is an implementation of the SAML ASP.NET library found at: https://developers.onelogin.com/saml/c-and-aspnet

D. Jones
  • 13
  • 3
  • What version of .NET are you using? I've seen this error when older version of the .NET Framework try to process a SHA256 signed SAML response and the old version only understood SHA1. – vcsjones Jul 13 '18 at 17:14
  • According to the .NET Framework release notes, the `SignedXml` class did not get support for SHA256 until the .NET Framework 4.6.2. If you are using a prior version of the .NET Framework and signed XML is using SHA256, then that is your issue. https://learn.microsoft.com/en-us/dotnet/framework/whats-new/#v46 – vcsjones Jul 13 '18 at 17:26
  • This is your exact issue, with solution : https://stackoverflow.com/questions/19620970/sha256-signing-stops-working-in-net-4-5 – Wiktor Zychla Jul 13 '18 at 19:11
  • @vcsjones I checked my version of .NET and it was 4.0. I will try updating and see if that resolves the issue. – D. Jones Jul 16 '18 at 18:00
  • @WiktorZychla Thank you for the link! I will look into that post a bit more. – D. Jones Jul 16 '18 at 18:01
  • There's unfortunately an opposite of the one above, if you are on 4.7.1. Take a look here https://www.wiktorzychla.com/2018/07/net-471-and-higher-no-longer-supports.html. – Wiktor Zychla Jul 17 '18 at 08:11

0 Answers0