Subject: SAML .Net Core issue
Date: 2018-03-15 16:47:42
From: jmazens
Source: saml-net-core-issue
----------------------------------------------------------------------

Hello,

We are trying the library for « ASP.NET Core » for managing SAML v2 requests for one of our customer. We are currently using the 2.0.4 version and before purchasing a license we have done some tests with the IdP of our customer and the signature verification is failing. We don’t know why because, the SAML response seems correct.

We encounter this error :

    Connection id "0HLC4UKQ45CMS", Request id "OHLC4UKQ45CMS:00000002": An unhandled exception was thrown by the application.
    System.AggregateException: One or more errors occurred. (An error occurred attempting to verify the XML signature.) ---> ComponentSpace.Saml2.Exceptions.SamlSignatureException: An error occurred attempting to verify the XML signature. ---> System.Security.Cryptography.CryptographicException: Root element must be KeyValue element in namepsace http://www.w3.org
    /2000/09/xmldsig#

I give you the following SAML answer that is forwarded from the IDP.

     xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
    Destination="http://precrewing-e760-d.epaas.eu.test.corp/services/login/token/return"
    ID="ID_ff572062-8b2d-4dfe-b815-0c3d1b9ded33"
    InResponseTo="_bea33fa0-ffbd-4d78-8ad6-fb36703c4378"
    IssueInstant="2018-03-08T13:05:22.039Z" Version="2.0"> xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://secure-auth-i.epaas.intra.corp/auth/realms/testIntRealm xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/> URI="#ID_ff572062-8b2d-4dfe-b815-0c3d1b9ded33"> Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>7/hFbYgC9kTG3 qBtlCG9Bb9/Qk/RpiYIvYXd6vmsAk=OBXlhPxw/XS1SmOnYlGpi sH99bz5gpDlXj/HWeVdgHutv5xw/h/0P1PPtAv tWH4lND/l7tuA2nj/RkdFhAwbT37HmeUvHRRsmaVZ21TD ZcgVP1f6oueYeTbRSoKKyiW0fyJ xJTmkHi6qqhMbV0Rzg5u7VDWywICWs7px1iHKfVckXOplxq54HScTas2Jrw42//s2hjZI/MCMNV5qrOJHThVw6BEKM Ytq5F1XgLGy0jFGZnRLH2p37NqTgPI naEwaKB4LCjtYrRjMaZ2vLehNUDYqy7m3kJBO6WbkLyrYvjH1Nqbg0w9Ww8k9ZWDsXwh8UVh4Omx8BUUbraOQ==iErez1VZQDbKS0ueHElQZOnVKbqyhJlVpSe7Z_QWeu4MIICqzCCAZMCBgFdhI23qzANBgkqhkiG9w0BAQsFADAZMRcwFQYDVQQDDA5BaXJidXNJbnRSZWFsbTAeFw0xNzA3MjcxNDU2MDZaFw0yNzA3MjcxNDU3NDZaMBkxFzAVBgNVBAMMDkFpcmJ1c0ludFJlYWxtMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkp7TUA0Td6T5Ow4v9yYEjy1jgpkSDXLm8hwocj47BeYIg7qVKltFUi5s18csFjLKQBV/eKFFYcnGJiY6j  4eKT85PhXJj2/9nDhzwmz4HmPD8GgoE8Co3Q/EhfAeQoSezXozDXEn/DjijDX8u4wS3YZPwKRVggOu5ivpXYXdEOxg3Ye sBMnyV82Vnqq7ynjHWfxg8vniILEYAnodK7xTvnt6GB3vJFTPxNvK3SK/4pCPa4tDelWSxSqq7GVaR4a1be/LzXkDUceBWPpnV1J ff3OFKp28DBErg0/leLepQFzkE87SrTvsZs5vdvIMxiqdE1CfRgP zULMK3wDaVwIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQBcd9XrhCD8XS3akaehlZSYHoeQSoN5P2Rznag39oCqeCoPiA1zwif63gM047eL8nm6nHXymxoxRFf666IupH8P3fmAG32pI4Joc77lhsKvFPwxKtNvOE8rkhrqqOvKsG3cVLkJznWmOQZWYjG2n2lx7Yn2hIt5rkhlqae1zwHZ2v0MiYxy/f7QiNLigC HUQtp7Ecy2vjgyT GgCGhppRpOySVXax1O7Q xhHWL9IQQJy8g olqITasXES0NlgQrgZz/WXHA DHMj2IV9MfCXerjhsau2NJ6W2yWM3exx0Pw7V7FAEk7f/hiXfUZePWeeZBYseQGrrC/bj/Gph4do kp7TUA0Td6T5Ow4v9yYEjy1jgpkSDXLm8hwocj47BeYIg7qVKltFUi5s18csFjLKQBV/eKFFYcnGJiY6j  4eKT85PhXJj2/9nDhzwmz4HmPD8GgoE8Co3Q/EhfAeQoSezXozDXEn/DjijDX8u4wS3YZPwKRVggOu5ivpXYXdEOxg3Ye sBMnyV82Vnqq7ynjHWfxg8vniILEYAnodK7xTvnt6GB3vJFTPxNvK3SK/4pCPa4tDelWSxSqq7GVaR4a1be/LzXkDUceBWPpnV1J ff3OFKp28DBErg0/leLepQFzkE87SrTvsZs5vdvIMxiqdE1CfRgP zULMK3wDaVw==AQAB Value="urn:oasis:names:tc:SAML:2.0:status:Success"/> xmlns="urn:oasis:names:tc:SAML:2.0:assertion"
    ID="ID_8ccb9ba4-93d6-4918-bdf9-cccbee1f2ffd"
    IssueInstant="2018-03-08T13:05:22.038Z" Version="2.0"
    xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"> xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://secure-auth-i.epaas.intra.corp/auth/realms/testIntRealm Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
    xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">ng4eeb4 Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"> NotOnOrAfter="2018-03-08T13:10:20.038Z"
    Recipient="http://precrewing-e760-d.epaas.eu.test.corp/services/login/token/return"/> NotBefore="2018-03-08T13:05:20.038Z"
    NotOnOrAfter="2018-03-08T13:06:20.038Z">http://precrewing-e760-d.epaas.eu.test.corp AuthnInstant="2018-03-08T13:05:22.039Z"
    SessionIndex="ca07cd1e-533b-49b7-8efb-5bc62820ec03">urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified FriendlyName="email" Name="urn:oid:1.2.840.113549.1.9.1"
    NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"> xmlns:xs="http://www.w3.org/2001/XMLSchema"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:type="xs:string">bruno.laoueille@soprasteria.com FriendlyName="givenName" Name="urn:oid:2.5.4.42"
    NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"> xmlns:xs="http://www.w3.org/2001/XMLSchema"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:type="xs:string">Bruno FriendlyName="surname" Name="urn:oid:2.5.4.4"
    NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"> xmlns:xs="http://www.w3.org/2001/XMLSchema"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:type="xs:string">LAOUEILLE Name="Role"
    NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"> xmlns:xs="http://www.w3.org/2001/XMLSchema"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:type="xs:string">manage-account Name="Role"
    NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"> xmlns:xs="http://www.w3.org/2001/XMLSchema"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:type="xs:string">uma_authorization Name="Role"
    NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"> xmlns:xs="http://www.w3.org/2001/XMLSchema"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:type="xs:string">user Name="Role"
    NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"> xmlns:xs="http://www.w3.org/2001/XMLSchema"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:type="xs:string">view-profile

It seems that the XML format is not well managed in the KeyInfo tag. Do you think it’s normal ? Is it a problem of the library or our configuration ? 

Thank you in advance for your help

----------------------------------------------------------------------

Note: This question has been asked on the Q&A forum of Thang Dang's fraudulent ComponentPro brand
If you purchased anything from ComponentPro, you have been scammed. Contact the payment processor
who sold you the license and ask for your money back.

Back to ComponentPro Q&A Forum Index