IdentityModel / AuthorizationServer

Sample implementation of an OAuth2 Authorization Server
Other
281 stars 136 forks source link

Crypto algorithm 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256' not supported in this context. #244

Open nzpcmad opened 9 years ago

nzpcmad commented 9 years ago

Have AS setup and have got the Code Flow client working.

Then I thought that I would use this client to talk to OAuth2 as implemented in ADFS Server 2012 R2 i.e. ADFS 3.0. (i.e. AS no longer involved).

Set it all up with Set-ADFSClient and got it working all the way down to "Call service". The error I get is:

Response status code does not indicate success: 401 (Unauthorized.).

Turning on WebAPI logging I see:

HTTP Authentication: Exception while validating the token: System.IdentityModel.Tokens.SecurityTokenValidationException: Jwt10316: Signature validation failed. Keys tried: 'System.IdentityModel.Tokens.InMemorySymmetricSecurityKey'. Exceptions caught: 'System.InvalidOperationException: Jwt10532: SymmetricSecurityKey.GetKeyedHashAlgorithm( 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256' ) threw and exception. SymmetricSecurityKey: 'System.IdentityModel.Tokens.InMemorySymmetricSecurityKey' SignatureAlgorithm: 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256', check to make sure the SignatureAlgorithm is supported. Exception: 'System.InvalidOperationException: Crypto algorithm 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256' not supported in this context.

Any ideas?

nzpcmad commented 9 years ago

Also note:

I changed ADFS to SHA-1 but then I got the AFS error:

System.ArgumentException: signingCredentials.DigestAlgorithm must be SHA-256 at Microsoft.IdentityModel.Tokens.JSON.SignatureProvider.Create(SigningCredentials