SAML logins are failing with the error 'Invalid algorithm specified'

Question 1

Recently we've had two cases of SAML authentications failing in version 13.1.3 with a 500 server error message and the message 'Invalid algorithm specified' showing in the logs. In both cases the SHA256 hashing algorithm was being used.

Question 2

The problem was solved in both cases, by re-importing the site's SSL certificate after it'd been modified to specify the 'Microsoft Enhanced RSA and AES Cryptographic Provider' as the CSP.

This can be done using the OpenSSL command,

openssl pkcs12 –export –in cert.pem –inkey key.pem –CSP "Microsoft Enhanced RSA and AES Cryptographic Provider" –out certAndKey.pfx

It can also be done using the certutil command.

EDT Support · Answer 1 · 2021-04-23T00:16:40+0000

The problem was solved in both cases, by re-importing the site's SSL certificate after it'd been modified to specify the 'Microsoft Enhanced RSA and AES Cryptographic Provider' as the CSP.

This can be done using the OpenSSL command,

openssl pkcs12 –export –in cert.pem –inkey key.pem –CSP "Microsoft Enhanced RSA and AES Cryptographic Provider" –out certAndKey.pfx

It can also be done using the certutil command.

SAML logins are failing with the error 'Invalid algorithm specified'

Please log in or register to add a comment.

Please log in or register to answer this question.

1 Answer

Please log in or register to add a comment.

Categories