I am trying to authenticate with a PingFederate Idp. I am using asp.net mvc4 which provides wsfed via the Identity and access tool. It appears I am getting the saml assertion back fine. The Idp does require that the certificate is present and confirmed on the SP. I have the certificate from the Idp and installed it in trusted roots. I am using this line in web.config to have it look in trusted roots.
<certificateValidation certificateValidationMode="ChainTrust" / >
This is the exact error I am getting from my asp.net:
Crypto algorithm 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha512' not supported in this context.
If it is finding the correct cert and just can't do sha512, what are my options?
SHA512 isn't supported out of the box for .NET applications (don't ask me why). It can be enabled on a per application basis. See https://stackoverflow.com/a/21435041/280222.
This should work if pingfederate picks up the global algorithm list, but I've not worked with pingfederate myself so I'm not sure of the solution.