Signature is invalid error on SAML integration

Hi,

I am getting “Signature is invalid” error on SAML integration with okta idp. I have created my own SP .net core 2.1 application using ITfoxtec SAML 2.0 open source tool.
I have followed all the steps given in link below but getting “Signature is invalid” on following highlighted line (binding.Unbind(Request.ToGenericHttpRequest(), saml2AuthnResponse);).

Reference link: https://developer.okta.com/blog/2020/10/23/how-to-authenticate-with-saml-in-aspnet-core-and-csharp

  [HttpPost]
    public async Task<IActionResult> AssertionConsumerService()
    {
        var binding = new Saml2PostBinding();
        var saml2AuthnResponse = new Saml2AuthnResponse(config);
        
        binding.ReadSamlResponse(Request.ToGenericHttpRequest(), saml2AuthnResponse);
        if (saml2AuthnResponse.Status != Saml2StatusCodes.Success)
        {
            throw new AuthenticationException($"SAML Response status: {saml2AuthnResponse.Status}");
        }

        **binding.Unbind(Request.ToGenericHttpRequest(), saml2AuthnResponse);**
        await saml2AuthnResponse.CreateSession(HttpContext,claimsTransform: (claimsPrincipal) => ClaimsTransform.Transform(claimsPrincipal));

        var returnUrl = binding.GetRelayStateQuery()[relayStateReturnUrl];
        return Redirect(string.IsNullOrWhiteSpace(returnUrl) ? Url.Content("~/") : returnUrl);
    }

Any help will be appreciated.

Hi, is the SAML response received successfully from Okta at this point?
is the same issue encountered if you create a new okta app and update the metadata in your appsettings.json file?

Hi,

The issue is resolved now.
The problem was with wrong SignatureAlgorithm used in appsettings, after changing to below signature algorithm the issue is resolved.
“http://www.w3.org/2000/09/xmldsig#rsa-sha1”

Thanks.

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.