XML signature fails to verify #31117
Labels
Comments
|
A quick glace to me suggests this is related to, or a duplicate of, #27500. |
maryamariyan
added
the
untriaged
|
Closing as duplicate of #27500. |
ghost
locked as resolved and limited conversation to collaborators
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
An XML signature in a SAML response fails to verify using System.Security.Cryptography.Xml.SignedXml.
I believe the XML signature should verify as it does when using a Java application.
The attached zip includes:
samlresponse-fails.xml - signed XML that fails to verify
samlresponse-verifies.xml - signed XML that does verify, for comparison
Program.cs - .NET Core console application demonstrating the problem
VerifySignature.java - Java application that can successfully verify the signatures for both files
The samlresponse-fails.xml includes a SAML response that's signed and a SAML assertion that's also signed. It's the SAML response signature that fails to verify in the .NET Core console application but does verify in the Java application.
The samlresponse-verifies.xml includes a SAML response that's signed and this verifies in both the .NET Core console application and the Java application.
The .NET Core console application was built using .NET Core 3.0 and System.Security.Cryptography.Xml v4.6.
dotnet --info
.NET Core SDK (reflecting any global.json):
Version: 3.0.100
Commit: 04339c3a26
Runtime Environment:
OS Name: Windows
OS Version: 10.0.18362
OS Platform: Windows
RID: win10-x64
Base Path: C:\Program Files\dotnet\sdk\3.0.100\
xml-signature-issue.zip
The text was updated successfully, but these errors were encountered: