AndersAbel
commented
1 month ago It looks like the reference of the signature is not pointing to the correct node. The Saml2 spec has some strict rules XML Signature processing and this library is very strict about that validation. Could you please check where in the XML structure the signature node is, what the value of the reference is and what node has that ID.
NunoCruzSW
I am using this to integrate witha customer SSO in SMAL but I am getting the following execution
Sustainsys.Saml2.Exceptions.InvalidSignatureException: Incorrect reference on Xml signature. The reference must be to the root element of the element containing the signature. at Sustainsys.Saml2.XmlHelpers.ValidateReference(SignedXml signedXml, XmlElement xmlElement, String mininumDigestAlgorithm) at Sustainsys.Saml2.XmlHelpers.ValidateSignedInfo(SignedXml signedXml, XmlElement xmlElement, String minIncomingSignatureAlgorithm) at Sustainsys.Saml2.XmlHelpers.IsSignedByAny(XmlElement xmlElement, IEnumerable
1 signingKeys, Boolean validateCertificate, String minimumSigningAlgorithm) at Sustainsys.Saml2.Saml2P.Saml2Response.<>c__DisplayClass60_0.<ValidateSignature>b__0(XmlElement a) at System.Linq.Enumerable.Any[TSource](IEnumerable1 source, Func`2 predicate) at Sustainsys.Saml2.Saml2P.Saml2Response.ValidateSignature(IOptions options, IdentityProvider idp) at Sustainsys.Saml2.Saml2P.Saml2Response.CreateClaims(IOptions options, IdentityProvider idp)+MoveNext()looking at the source code and the XML it seems like the URI on the response is pointing to the Response ID and not the Assertion ID
I am not an expert to say what is wrong or not, but seems like the signature reference is trying to refer the response not the assertion element. Is this a valid scenario? there's any assumption made by the library that misses the possibility of the URI points to the Response ID ?