Signature is invalid when executing Unbind in AssertionConsumerService

Question

I implement a SAML service provider that is integrated with the Danish Unilogin IDP. I follow the example: https://github.com/ITfoxtec/ITfoxtec.Identity.Saml2/tree/master/test/TestWebAppCore When the AssertionConsumerService is executed (in the Unilogin test environment) I get the following exception:

ITfoxtec.Identity.Saml2.Cryptography.InvalidSignatureException: at ITfoxtec.Identity.Saml2.Saml2Request.ValidateXmlSignature (ITfoxtec.Identity.Saml2, Version=4.8.0.0, Culture=neutral, PublicKeyToken=2dd6b1fbf7645f92) at ITfoxtec.Identity.Saml2.Saml2Request.Read (ITfoxtec.Identity.Saml2, Version=4.8.0.0, Culture=neutral, PublicKeyToken=2dd6b1fbf7645f92) at ITfoxtec.Identity.Saml2.Saml2Response.Read (ITfoxtec.Identity.Saml2, Version=4.8.0.0, Culture=neutral, PublicKeyToken=2dd6b1fbf7645f92) at ITfoxtec.Identity.Saml2.Saml2AuthnResponse.Read (ITfoxtec.Identity.Saml2, Version=4.8.0.0, Culture=neutral, PublicKeyToken=2dd6b1fbf7645f92) at ITfoxtec.Identity.Saml2.Saml2PostBinding.Read (ITfoxtec.Identity.Saml2, Version=4.8.0.0, Culture=neutral, PublicKeyToken=2dd6b1fbf7645f92) at ITfoxtec.Identity.Saml2.Saml2PostBinding.UnbindInternal (ITfoxtec.Identity.Saml2, Version=4.8.0.0, Culture=neutral, PublicKeyToken=2dd6b1fbf7645f92) at ITfoxtec.Identity.Saml2.Saml2Binding`1.Unbind (ITfoxtec.Identity.Saml2, Version=4.8.0.0, Culture=neutral, PublicKeyToken=2dd6b1fbf7645f92) at Nebb.IdentityServer.Web.Controllers.AuthController+d__5.MoveNext (Nebb.IdentityServer.Web, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null: /src/source/Nebb.IdentityServer.Web/Controllers/AuthController.cs:72)

I use the following parameters:

CertificateValidationMode = none

RevocationMode = NoCheck

IdPMetadataFile = https://viden.stil.dk/download/attachments/65503525/et-broker-IdP-metadata.xml?version=7&modificationDate=1578661325000&api=v2

score 0 · Answer 1 · answered May 11 '22 at 18:41

0

I have connected the ITfoxtec Identity SAML 2.0 component to the Danish Unilogin IdP with success.

Are you configuring the component by loading the Unilogin IdP metadata or doing the configuration yourself?

Is the response encrypted and the saml2Configuration.DecryptionCertificate not configured? Configured like this: https://github.com/ITfoxtec/ITfoxtec.Identity.Saml2/blob/master/test/TestWebAppCoreNemLogin3Sp/Startup.cs#L34

answered May 11 '22 at 18:41

Anders Revsgaard

3,636
1
9
25

Do you know what is the entry point for the external test entrypoint for uniLogin SAML? I cannot find this information anywhere – lucasbbs Apr 11 '23 at 23:07
Your signature validation error can be connected to the error resolved in https://github.com/ITfoxtec/ITfoxtec.Identity.Saml2/releases/tag/4.8.6 – Anders Revsgaard Apr 12 '23 at 14:03
To connect an application to UniLogin in danich https://viden.stil.dk/display/OFFSKOLELOGIN/Tilslut+tjeneste – Anders Revsgaard Apr 12 '23 at 14:04
Thanks, Anders... But I just don't know what to do with the xml file after we give it a name (like this infrasup-98765_test_saml_metadata.xml) – lucasbbs Apr 18 '23 at 14:17
As I remember you have to contact support to send the metadata file. – Anders Revsgaard Apr 19 '23 at 08:47

Signature is invalid when executing Unbind in AssertionConsumerService

1 Answers1