Open ritocesura opened 1 year ago
After investigating a little further, it seems that the error message is a good indicator of what is going wrong.
SigningAlgorithm http://www.w3.org/2007/05/xmldsig-more#sha256-rsa-MGF1
is used to get the corresponding DigestAlgorithm, which should be http://www.w3.org/2001/04/xmlenc#sha256
.
The GetCorrespondingDigestAlgorithm
method tries to get a DigestAlgorithm ending with "MGF1" which fails:
https://github.com/Sustainsys/Saml2/blob/3bedefb049c338132cd380da9d0200ed727d0859/legacy/Sustainsys.Saml2.Metadata/Helpers/XmlHelpers.cs#L586-L598
Is there a possibility to either (1) set the DigestAlgorithm in the config or (2) change the way the Digest-Algorithm is determined?
The external Idp does not allow for any other Signing- or DigestAlgorithms.
This is a scenario that is new to me. There is no way to handle this in the 1.x or 2.x versions. However, I would be happy to include it in 3.x. The code for XML signature handling is available in the develop
branch so it's possible to have look at how to improve it.
Hello @ritocesura, I have the same problem. Do you have any solution?
Sustainsys.Saml2.AspNetCore2 Version 2.9.0
The SAML configuration of the service provider looks as follows:
I need the AuthnRequest to be signed with PS256 (sha256-rsa-MGF1). But when the application tries to sign, the following exception is thrown:
System.InvalidOperationException: Unable to find a digest algorithm for the signing algorithm http://www.w3.org/2007/05/xmldsig-more#sha256-rsa-MGF1
Can you kindly guide me on what else I need to configure to have my AuthnRequest signed with PS256 algorithm?