2

I'm trying SampleOwinApplication of Kentor library for Saml 2 authentication. I'm trying to login by going to http://localhost:57294/AuthServices/SignIn?idp=http%3a%2f%2fstubidp.kentor.se%2fMetadata. When I try to log in I get a strange error:

The signing algorithm http://www.w3.org/2001/04/xmldsig-more#rsa-sha256 is weaker than the minimum accepted http://www.w3.org/2000/09/xmldsig#rsa-sha1.

It seems that this error appeared just in recent version (0.20.0) because I have tried that library before and I didn't see that error. Is it a bug or something is missing in configuration?

Aurimas Šimkus
  • 159
  • 10

1 Answers1

2

As described in this issue https://github.com/KentorIT/authservices/issues/672

The error message is incorrect. What it should say is

SHA256 signatures require the algorithm to be registered at the process level. Upgrade to .Net 4.6.2 or call Kentor.AuthServices.Configuration.Options.GlobalEnableSha256XmlSignatures() on startup to register."

Apparently you are receiving a SAML message signed using SHA256 but either you are not running .Net 4.6.2 or you haven't enabled it via the method above.

explunit
  • 18,967
  • 6
  • 69
  • 94
  • Actually I think that there is a bug in the v0.20.0 release that breaks `GlobalEnableSha256XmlSignatures`. But on .NET 4.6.2 it should work. – Anders Abel Mar 27 '17 at 08:43