Subject: unable to verify XML signature with sha256 hash
Date: 2013-12-13 17:54:09
From: Chris Fedor
Source: unable-verify-xml-signature-sha256-hash
----------------------------------------------------------------------

this is error:
An Error occurredComponentPro.Saml.SamlException: Unable to verify the XML signature. ---> System.Security.Cryptography.CryptographicException: SignatureDescription could not be created for the signature algorithm supplied. at System.Security.Cryptography.Xml.SignedXml.CheckSignedInfo(AsymmetricAlgorithm key) at System.Security.Cryptography.Xml.SignedXml.CheckSignature(AsymmetricAlgorithm key) at System.Security.Cryptography.Xml.SignedXml.CheckSignatureReturningKey(AsymmetricAlgorithm& signingKey) at ComponentPro.Saml.SignableSamlObject.c_P7H(KeyInfo c_NYQ, SignedXml c_B0Q) --- End of inner exception stack trace --- at ComponentPro.Saml.SignableSamlObject.c_P7H(KeyInfo c_NYQ, SignedXml c_B0Q) at ComponentPro.Saml.SignableSamlObject.c_P7H(X509Certificate2 c_RYQ, SignedXml c_B0Q) at consumerservice.Page_Load(Object sender, EventArgs e) in C:\inetpub\wwwroot\saml\consumerservice.aspx.vb:line 32

 

This is code taken right from sample:
[code lang='vb']

Dim samlResponse As ComponentPro.Saml2.Response = ComponentPro.Saml2.Response.Create(Request)


            'Is it signed?
            If samlResponse.IsSigned() Then

                Dim fileName As String = Path.Combine(HttpRuntime.AppDomainAppPath, "tokensigningcert.cer")
                Dim cert1 As X509Certificate2 = New X509Certificate2(fileName)

                ' Validate the SAML response with the certificate.
                If (Not samlResponse.Validate(cert1)) Then
                    Throw New ApplicationException("SAML response signature is not valid.")
                End If
            End If

[/code]

 

Could problem be 256 hash of SAML response? and if so, what is correct way to verify signature?

---------------------------------------------------------------------- Note: This question has been asked on the Q&A forum of Thang Dang's fraudulent ComponentPro brand If you purchased anything from ComponentPro, you have been scammed. Contact the payment processor who sold you the license and ask for your money back. Back to ComponentPro Q&A Forum Index