search

jitbit / AspNetSaml

Very simple SAML 2.0 consumer module for ASP.NET/C#
https://www.jitbit.com
Apache License 2.0
361 stars 118 forks source link

SignatureDescription could not be created for the signature algorithm supplied #63

Closed CalvinPangch closed 2 years ago

CalvinPangch commented 2 years ago

I could get the SAML response,

when hit the code samlResponse.IsValid(), then i got the error message as below :

SignatureDescription could not be created for the signature algorithm suppliedSystem.Security.Cryptography.CryptographicException: SignatureDescription could not be created for the signature algorithm supplied. at System.Security.Cryptography.Xml.SignedXml.CheckSignedInfo(AsymmetricAlgorithm key) at System.Security.Cryptography.Xml.SignedXml.CheckSignature(AsymmetricAlgorithm key) at System.Security.Cryptography.Xml.SignedXml.CheckSignature(X509Certificate2 certificate, Boolean verifySignatureOnly) at Testing.Security.SAML.SSOSignIn.Response.IsValid()

could you please help. Thank you.

alex-jitbit commented 2 years ago

Which .NET version you're on?

CalvinPangch commented 2 years ago

.NetFramework 4.5.2

CalvinPangch commented 2 years ago

I had comment the code signedXml.CheckSignature(_certificate, true) and its work as expected .

do we really need the checkSignature ? what will happen if we don't checkSignature ?

alex-jitbit commented 2 years ago
  1. Please consider upgrading to 4.7.2 or later
  2. Yes you do need it otherwise how do you verify that the response is really from the real provider, not a MITM attacker
CalvinPangch commented 2 years ago

I had solved the issue. just add this line. CryptoConfig.AddAlgorithm(typeof(RSAPKCS1SHA256SignatureDescription), "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256");

the solution can be found in below links : https://stackoverflow.com/questions/16728558/signed-xml-signature-verification-for-sso-saml-using-sha256

Thank you.