Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Error: PEM_read_bio_PUBKEY failed

See original GitHub issue

We have an error when our AssertionConsumerServiceURL is called by an indentity provider using Azure AD (it works fine for our other clients, not sure whether or not it’s linked to Azure).

Error: PEM_read_bio_PUBKEY failed
    at Error (native)
    at Verify.verify (crypto.js:311:23)
    at RSASHA256.verifySignature (/home/git/backend/node_modules/xml-crypto/lib/signed-xml.js:137:24)
    at SignedXml.validateSignatureValue (/home/git/backend/node_modules/xml-crypto/lib/signed-xml.js:273:20)
    at SignedXml.checkSignature (/home/git/backend/node_modules/xml-crypto/lib/signed-xml.js:261:13)
    at SAML.validateSignature (/home/git/backend/node_modules/passport-saml/lib/passport-saml/saml.js:498:14)
    at /home/git/backend/node_modules/passport-saml/lib/passport-saml/saml.js:545:17
    at _fulfilled (/home/git/backend/node_modules/passport-saml/node_modules/q/q.js:794:54)
    at self.promiseDispatch.done (/home/git/backend/node_modules/passport-saml/node_modules/q/q.js:823:30)
    at Promise.promise.promiseDispatch (/home/git/backend/node_modules/passport-saml/node_modules/q/q.js:756:13)
    at /home/git/backend/node_modules/passport-saml/node_modules/q/q.js:516:49
    at flush (/home/git/backend/node_modules/passport-saml/node_modules/q/q.js:110:17)
    at _combinedTickCallback (internal/process/next_tick.js:67:7)
    at process._tickDomainCallback (internal/process/next_tick.js:122:9)

The error is thrown by xml-crypto in the function “verify-signature”

var crypto = require("crypto");
var verifySignature = function(str, key, signatureValue) {
  var verifier = crypto.createVerify("RSA-SHA256");
  verifier.update(str);
  var res = verifier.verify(key, signatureValue, 'base64');
  return res
};

I was able to reproduce the error with the arguments passed:

var str = '<ds:SignedInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:CanonicalizationMethod><ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"></ds:SignatureMethod><ds:Reference URI="#_55ead485-2e18-4a0d-996e-8c1e42ffa49c"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"></ds:Transform><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:Transform></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"></ds:DigestMethod><ds:DigestValue>nj39d54JP9LU4xUgqUa5uzJ7W/xzDAzXadgUy37Yunk=</ds:DigestValue></ds:Reference></ds:SignedInfo>';
var key = '-----BEGIN CERTIFICATE-----\n' +
'MxXh1Tdvj9Wx5VOV4WVunP81al6yvYwRph5F1CPgKRA=\n' +
'-----END CERTIFICATE-----\n';
var signatureValue = 'QhszIs1jyIQ/b+4kuAxoKNqmU2zk1Gwlzdc0N4V54pkrv+gPwautZMLZEcQCFq9Qt6Xb5oKZHA43OwQfy0kBO1Fy88XlpDu9D5o23pzddZh3x9p0OSjTLA6ycSUYftCKPoTRtIq1AJ9QcmahISPPWA89Vp5hpw2gwuyQsZYXVep8PZJFdlXf+jh35KJq0WOH+4UVRWHoYU5THHE9H7rKqlXzEma+jb78KWF/aNltRFS2yW0UT3bsYE0CKiJp/MokNB51IztwZYqueGBD2A2IcFF+PAq4cnwSzqIZ5sXCVWUSm6lQupyxA67nIA/asJ//WbYozCePSQKFaBNVJEz1Pg==';

Any idea how to fix it?

Issue Analytics

  • State:closed
  • Created 7 years ago
  • Comments:7

github_iconTop GitHub Comments

1reaction
louis-sannacommented, Jun 26, 2017

@GGross5213 I don’t remember exactly, but I managed to fix it with the function convertCertificate: https://github.com/auth0/node-jsonwebtoken/issues/68

0reactions
jorg1pianocommented, Dec 15, 2020

@mategvo any luck? Ran into the same issue. Works locally, but not on the server

Read more comments on GitHub >

github_iconTop Results From Across the Web

Error in Verify(): PEM_read_bio_PUBKEY · Issue #68 - GitHub
I had this issue with the error message [Error: PEM_read_bio_PUBKEY failed] and it turned out to be a simple issue of having inlined...
Read more >
Verify a RS256 jwt on node PEM_read_bio_PUBKEY failed
I keep getting the error: PEM_read_bio_PUBKEY failed. While auth0 has documentation to do so, it assumes you are using express which I'm not ......
Read more >
How to use JWT Verify card ? "Module - Okta Support
But it does not work and we always gets this error message "Module: PEM_read_bio_PUBKEY failed". That message is related to field "Key" ...
Read more >
Auth0 as SAML 2.0 IdP with signing asserts
Error: PEM_read_bio_PUBKEY failed​​ We have an error when our AssertionConsumerServiceURL is called by an indentity provider using Azure AD (it ...
Read more >
pem - OpenSSL
The DSA_PUBKEY functions process a DSA public key using a DSA structure. The public key is encoded using a SubjectPublicKeyInfo structure and an...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Support HTTP-Redirect binding for IdP to SP SLO

Next page

Call for new maintainer