I am using SAML2.Core library for decrypting incoming SAML assertions. It was working fine in my local environment and when I pushed the code to server decryption failed. After looking into the logs we are getting the foolwing Error
System.InvalidOperationException: This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms.
Generated: Mon, 22 Oct 2018 07:41:40 GMT
System.InvalidOperationException: This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms.
at System.Security.Cryptography.RijndaelManaged..ctor()
at SAML2.Saml20EncryptedAssertion.GetKeyInstance(String algorithm)
at SAML2.Saml20EncryptedAssertion.ToSymmetricKey(XmlElement encryptedKeyElement, String keyAlgorithm)
at SAML2.Saml20EncryptedAssertion.Decrypt()
at WebHost.Utilities.FederationHelper.DecryptAssertion(String responseCipher) in C:\WorkArea\PPSSource\QA\Source\PPSWeb\IdentityServer3\Source\WebHost\Utilities\FederationHelper.cs:line 263
at WebHost.Utilities.FederationHelper.DecodeAssertion(String rawAssertion) in C:\WorkArea\PPSSource\QA\Source\PPSWeb\IdentityServer3\Source\WebHost\Utilities\FederationHelper.cs:line 38
When I gone through the source code, In Saml20Encryptedassertion.cs class GetKeyInstance() method it was using RijndaelManaged class which is not FIPS compliant. Then after some research I replaced the RijndaelManaged with AesCryptoServiceProvider() it works fine.
I have put this here since I didn't find much on the internet about this. Hope some one will benifit out of it.
I am using SAML2.Core library for decrypting incoming SAML assertions. It was working fine in my local environment and when I pushed the code to server decryption failed. After looking into the logs we are getting the foolwing Error
System.InvalidOperationException: This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms. Generated: Mon, 22 Oct 2018 07:41:40 GMT
System.InvalidOperationException: This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms. at System.Security.Cryptography.RijndaelManaged..ctor() at SAML2.Saml20EncryptedAssertion.GetKeyInstance(String algorithm) at SAML2.Saml20EncryptedAssertion.ToSymmetricKey(XmlElement encryptedKeyElement, String keyAlgorithm) at SAML2.Saml20EncryptedAssertion.Decrypt() at WebHost.Utilities.FederationHelper.DecryptAssertion(String responseCipher) in C:\WorkArea\PPSSource\QA\Source\PPSWeb\IdentityServer3\Source\WebHost\Utilities\FederationHelper.cs:line 263 at WebHost.Utilities.FederationHelper.DecodeAssertion(String rawAssertion) in C:\WorkArea\PPSSource\QA\Source\PPSWeb\IdentityServer3\Source\WebHost\Utilities\FederationHelper.cs:line 38
When I gone through the source code, In Saml20Encryptedassertion.cs class GetKeyInstance() method it was using RijndaelManaged class which is not FIPS compliant. Then after some research I replaced the RijndaelManaged with AesCryptoServiceProvider() it works fine.
I have put this here since I didn't find much on the internet about this. Hope some one will benifit out of it.
Can you guys put this into next release?
Thanks