You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
An XML signature in a SAML response fails to verify using System.Security.Cryptography.Xml.SignedXml.
I believe the XML signature should verify as it does when using a Java application.
The attached zip includes:
samlresponse-fails.xml - signed XML that fails to verify
samlresponse-verifies.xml - signed XML that does verify, for comparison
Program.cs - .NET Core console application demonstrating the problem
VerifySignature.java - Java application that can successfully verify the signatures for both files
The samlresponse-fails.xml includes a SAML response that's signed and a SAML assertion that's also signed. It's the SAML response signature that fails to verify in the .NET Core console application but does verify in the Java application.
The samlresponse-verifies.xml includes a SAML response that's signed and this verifies in both the .NET Core console application and the Java application.
The .NET Core console application was built using .NET Core 3.0 and System.Security.Cryptography.Xml v4.6.
An XML signature in a SAML response fails to verify using System.Security.Cryptography.Xml.SignedXml.
I believe the XML signature should verify as it does when using a Java application.
The attached zip includes:
samlresponse-fails.xml - signed XML that fails to verify
samlresponse-verifies.xml - signed XML that does verify, for comparison
Program.cs - .NET Core console application demonstrating the problem
VerifySignature.java - Java application that can successfully verify the signatures for both files
The samlresponse-fails.xml includes a SAML response that's signed and a SAML assertion that's also signed. It's the SAML response signature that fails to verify in the .NET Core console application but does verify in the Java application.
The samlresponse-verifies.xml includes a SAML response that's signed and this verifies in both the .NET Core console application and the Java application.
The .NET Core console application was built using .NET Core 3.0 and System.Security.Cryptography.Xml v4.6.
dotnet --info
.NET Core SDK (reflecting any global.json):
Version: 3.0.100
Commit: 04339c3a26
Runtime Environment:
OS Name: Windows
OS Version: 10.0.18362
OS Platform: Windows
RID: win10-x64
Base Path: C:\Program Files\dotnet\sdk\3.0.100\
xml-signature-issue.zip
The text was updated successfully, but these errors were encountered: