You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We're encountering an error when validating SAML responses from our Identity Provider (Amazon). The error occurs due to an unsupported canonicalization method used in the SAML signature.
Error Message
Illegal canonicalization method http://www.w3.org/2001/10/xml-exc-c14n#WithComments used in signature.
Stack Trace
ITfoxtec.Identity.Saml2.Cryptography.InvalidSignatureException: Illegal canonicalization method http://www.w3.org/2001/10/xml-exc-c14n#WithComments used in signature.
at ITfoxtec.Identity.Saml2.Cryptography.Saml2SignedXml.CheckSignature()
at ITfoxtec.Identity.Saml2.Saml2Request.ValidateXmlSignature(XmlElement xmlElement)
at ITfoxtec.Identity.Saml2.Saml2Request.ValidateXmlSignature(SignatureValidation documentValidationResult)
at ITfoxtec.Identity.Saml2.Saml2Request.Read(String xml, Boolean validate, Boolean detectReplayedTokens)
at ITfoxtec.Identity.Saml2.Saml2Response.Read(String xml, Boolean validate, Boolean detectReplayedTokens)
at ITfoxtec.Identity.Saml2.Saml2AuthnResponse.Read(String xml, Boolean validate, Boolean detectReplayedTokens)
at ITfoxtec.Identity.Saml2.Saml2PostBinding.Read(HttpRequest request, Saml2Request saml2RequestResponse, String messageName, Boolean validate, Boolean detectReplayedTokens)
at ITfoxtec.Identity.Saml2.Saml2PostBinding.UnbindInternal(HttpRequest request, Saml2Request saml2RequestResponse, String messageName)
at ITfoxtec.Identity.Saml2.Saml2Binding.Unbind(HttpRequest request, Saml2Response saml2Response)
at MyProject.Areas.Saml.AcsController.AssertionConsumerService()
Environment
ITfoxtec.Identity.Saml2 Library Version: 4.10.8.0
.NET Framework Version: 4.7
Current Behavior
The SAML response validation fails due to the use of a canonicalization method that includes XML comments (http://www.w3.org/2001/10/xml-exc-c14n#WithComments).
Expected Behavior
The SAML response should use the standard canonicalization method without comments (http://www.w3.org/2001/10/xml-exc-c14n#), allowing successful validation.
Possible Solutions
Update the Identity Provider's SAML configuration to use the standard canonicalization method.
Modify the ITfoxtec.Identity.Saml2 library to support or ignore this canonicalization method.
Implement a custom signature validation method that can handle this canonicalization method.
Questions
Is there a configuration option in the ITfoxtec.Identity.Saml2 library to allow this canonicalization method?
Is there a recommended approach to handle this situation when the IdP configuration cannot be changed?
Any insights or suggestions on how to resolve this issue would be greatly appreciated. Thank you!
The text was updated successfully, but these errors were encountered:
Description
We're encountering an error when validating SAML responses from our Identity Provider (Amazon). The error occurs due to an unsupported canonicalization method used in the SAML signature.
Error Message
Illegal canonicalization method http://www.w3.org/2001/10/xml-exc-c14n#WithComments used in signature.
Stack Trace
Environment
Current Behavior
The SAML response validation fails due to the use of a canonicalization method that includes XML comments (
http://www.w3.org/2001/10/xml-exc-c14n#WithComments
).Expected Behavior
The SAML response should use the standard canonicalization method without comments (
http://www.w3.org/2001/10/xml-exc-c14n#
), allowing successful validation.Possible Solutions
Questions
Any insights or suggestions on how to resolve this issue would be greatly appreciated. Thank you!
The text was updated successfully, but these errors were encountered: