Search code examples
certificatesamlsaml-2.0adfssignature

MSIS7093: The message is not signed with expected signature algorithm. (But it is)

I have an ADFS that trusts a SP.

I added the signature verification certificate for my relying party trust but I get the following error:

MSIS7093: MSIS7093: The message is not signed with expected signature algorithm. Message is signed with signature algorithm http://www.w3.org/2000/09/xmldsig#rsa-sha1. Expected signature algorithm http://www.w3.org/2001/04/xmldsig-more#rsa-sha256

It seems pretty clear, but not coherent with the actual context: the signature verification certificate is generated by SHA-256, not SHA-1.

If I follow right the error message and change the secure hash algorithm from SHA-256 to SHA-1, it works and I can perform the SSO authentication. But I'm not happy with that, for two reasons:

  • SHA1 is not safe anymore
  • I don't know why I should set the secure hash algorithm to SHA-1 when the certificate used is actually in SHA-256.

The certificate was generated using openssl:

openssl req -x509 -nodes -sha256 -days 365 -newkey rsa:2048 -keyout samlkratos.key -out samlkratos.crt

Does anyone have any idea why that happens?

Solution

  • The hash of the certificate is not really related to the hash being used to has the data.

    For instance when XML is signed, the canonical XML is hashed using one of a number of supported hash algorithms. The XML is then updated with the Signature Algorithm like http://www.w3.org/2000/09/xmldsig#rsa-sha1 to tel the server that this is the algorithm that was used.

    In the server side there is often a setting at the IdP where the Signature Algorithm is specified. Essentially telling the IdP that it should be validating the request with a specific algorithm

    If you are sending sha1 and the error is that it was expecting sha256 there is a mismatch and the SP (the application) likely needs to have the setting changed.

    You can normally se what is being sent from the browser with a SAML decoder plugin.

    Again it depends what the SP application is configured to send and what the IdP is configured to accept (if applicable) and has very litly to do with the certificate (the RSA in rsa-sha256) requires a RSA based certificae but the has can be a number of things as long as the combination is supported (example a DSA certificate cannot support sha512 since the specification does not allow it)