Unsupported Signature

Question

Unsupported Signature

Closed this issue 2 years ago · 4 comments

Hello,
I try to send an Saml request to IDP, that accept SignatureMethod http://www.w3.org/2007/05/xmldsig-more#sha256-rsa-MGF1.
But unfortunately, there is no possibility to send a request with this SignatureMethod http://www.w3.org/2007/05/xmldsig-more#sha256-rsa-MGF1. Is there any workaround, or a solution for it?
The request should containt this part as:
<ds:SignatureMethod Algorithm="http://www.w3.org/2007/05/xmldsig-more#sha256-rsa-MGF1" />

Thanks!

Answer 1 · 2022-05-25T10:48:40.000Z

I've never seen anything like it.. What IDP requires that? And what SP are you using?

Answer 2 · 2022-05-25T11:26:34.000Z

I've never seen anything like it.. What IDP requires that? And what SP are you using?

I use symfony 5 and lightsaml for sending the saml request.
I need to send AuthnRequest to Elster, this is a the German Tax office. My users muss to be authenticated trough Elster. Elster required this signature. I asked Support, and they told me, that with Java it could be made easylly, and they have no clue about PHP.

I tried to find a solution, but unfortunately I didn't find anything yet.

Answer 3 · 2022-05-25T16:50:07.000Z

It's really strange for them to support just one algorithm.. Any way, if openssl supports the algorithm, you could for this library and add the algorithm-identifiers... It might work out-of-the-box, but it's far from ideal.

Answer 4 · 2022-06-24T12:54:45.000Z

@tvdijen Thank you very much for your help. Unfortunately openssl doesn't support the algorithm. But finally I found a solution :)
I needed to fork a copy and I add my changes.