Subject: Signing SAML Request with SHA 256 not working
Date: 2021-05-19 20:00:00
From: Christian
Source: signing-saml-request-sha-256-not-working
----------------------------------------------------------------------

We have a certificate with Signature Algorithm = sha256RSA

The SamlRequest of ComponentPro ignores the sha256 "signature algorithm" and creates a SAMLRequest with SHA 1:

> Example URL created by ComponentPro: https://adfs.mycompany.com/adfs/ls/?SAMLRequest=...SigAlg=...rsa-sha1...

> But the request should be like: https://adfs.mycompany.com/adfs/ls/?SAMLRequest=...SigAlg=...rsa-sha256...

Does anybody have a solution how to use SHA256 or what is wrong here?
This is our source code:

    var sha256DigestMethod = "http://www.w3.org/2001/04/xmlenc#sha256";
    var sha256SignatureMethod = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256";
    CryptoConfig.AddAlgorithm(typeof(RSAPKCS1SHA256SignatureDescription), sha256SignatureMethod);
    	
    X509Certificate2 cert = new X509Certificate2(Path.Combine(HttpRuntime.AppDomainAppPath, SPKeyFile), SPKeyPassword, X509KeyStorageFlags.MachineKeySet);
    AuthnRequest authnRequest = new AuthnRequest();
    authnRequest.Destination = ServiceConfig.SpServiceUrl;
    authnRequest.Issuer = new Issuer(ServiceConfig.Issuer);
    authnRequest.ForceAuthn = false;
    AuthnRequest.NameIdPolicy = new NameIdPolicy(null, null, true);
    authnRequest.Sign(x509Certificate, "http://www.w3.org/2001/04/xmlenc#sha256", "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256");

----------------------------------------------------------------------

Note: This question has been asked on the Q&A forum of Thang Dang's fraudulent ComponentPro brand
If you purchased anything from ComponentPro, you have been scammed. Contact the payment processor
who sold you the license and ask for your money back.

Back to ComponentPro Q&A Forum Index