'InvalidSignatureException: Signature is invalid

I am trying to use ITFoxtec-saml with Auth0 as IdP. But on ACS, I am getting following error:

ITfoxtec.Identity.Saml2.Cryptography.InvalidSignatureException: Signature is invalid.
   at ITfoxtec.Identity.Saml2.Saml2Request.ValidateXmlSignature(SignatureValidation documentValidationResult) in C:\Documents\Repos\ITfoxtec.Identity.Saml2-master\ITfoxtec.Identity.Saml2-master\src\ITfoxtec.Identity.Saml2\Request\Saml2Request.cs:line 237
   at ITfoxtec.Identity.Saml2.Saml2Request.Read(String xml, Boolean validateXmlSignature) in C:\Documents\Repos\ITfoxtec.Identity.Saml2-master\ITfoxtec.Identity.Saml2-master\src\ITfoxtec.Identity.Saml2\Request\Saml2Request.cs:line 204
   at ITfoxtec.Identity.Saml2.Saml2Response.Read(String xml, Boolean validateXmlSignature) in C:\Documents\Repos\ITfoxtec.Identity.Saml2-master\ITfoxtec.Identity.Saml2-master\src\ITfoxtec.Identity.Saml2\Request\Saml2Response.cs:line 66
   at ITfoxtec.Identity.Saml2.Saml2AuthnResponse.Read(String xml, Boolean validateXmlSignature) in C:\Documents\Repos\ITfoxtec.Identity.Saml2-master\ITfoxtec.Identity.Saml2-master\src\ITfoxtec.Identity.Saml2\Request\Saml2AuthnResponse.cs:line 214
   at ITfoxtec.Identity.Saml2.Saml2PostBinding.Read(HttpRequest request, Saml2Request saml2RequestResponse, String messageName, Boolean validateXmlSignature) in C:\Documents\Repos\ITfoxtec.Identity.Saml2-master\ITfoxtec.Identity.Saml2-master\src\ITfoxtec.Identity.Saml2\Bindings\Saml2PostBinding.cs:line 106
   at ITfoxtec.Identity.Saml2.Saml2PostBinding.UnbindInternal(HttpRequest request, Saml2Request saml2RequestResponse, String messageName) in C:\Documents\Repos\ITfoxtec.Identity.Saml2-master\ITfoxtec.Identity.Saml2-master\src\ITfoxtec.Identity.Saml2\Bindings\Saml2PostBinding.cs:line 96
   at ITfoxtec.Identity.Saml2.Saml2Binding`1.Unbind(HttpRequest request, Saml2Response saml2Response) in C:\Documents\Repos\ITfoxtec.Identity.Saml2-master\ITfoxtec.Identity.Saml2-master\src\ITfoxtec.Identity.Saml2\Bindings\Saml2Binding.cs:line 70
   at TestWebAppCore.Controllers.AuthController.AssertionConsumerService() in C:\Documents\Repos\ITfoxtec.Identity.Saml2-master\ITfoxtec.Identity.Saml2-master\test\TestWebAppCore\Controllers\AuthController.cs:line 58
saml-2.0auth0itfoxtec-identity-saml2


Solution 1:[1]

The ITFoxtec Identity SAML 2.0 component should accept the signature if it is valid. I do not know about problems validading Auth0 tokens.

To debug you can check if the signature algorithm and the certificate is correct. And maybe also try to set the certificate validation mode to none and the revocation mode to no check.

Configuration example:

  "Saml2": {
    ...
    "SignatureAlgorithm": "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256",
    "CertificateValidationMode": "None",
    "RevocationMode": "NoCheck"
    ...
  }

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1

Related Questions

Logging into SAML/Shibboleth authenticated server using python

Howto disable signature verification in Spring Security SAML 5.6.1?

How to specify CryptoComply algorithm provider in new Spring SAML2?

SAML Attribute Mapping for Aws Cognito - Signup or Signin works but not both

SAML SP Metadata XML SSO, Recipient and Destination URLs

SAML2 Authentication using ASP.NET with ADFS Federation meta data

Receiving an HTTP 400 BAD REQUEST from SAML2 Response

Is NameId required? saml2 itfoxtec-identity-saml2

how to generate AndroidManifest.xml from a react-native app created with react-native init

AWS Cognito in place of Keycloak [closed]

Using multiple authentication providers in C# .net core

AWS User is not authorized to access this resource

Why is auth0 recommending not to store tokens in localStorage?

How to get List of users and total from Auth0 using Python

Undefined Auth0 dependencies