Signature length not correct: got 257 but was expecting 256
See original GitHub issueHello, I’m getting the following error message from my IdP when its processing the signed AuthnRequest generated from Samlify on the Service Provider.
Signature length not correct: got 257 but was expecting 256
This is an example AuthnRequest:
<samlp:AuthnRequest
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="_a9a06995-8cda-4042-9b80-d66f1118033c" Version="2.0" IssueInstant="2018-11-07T01:43:40.028Z" Destination="https://mysite.com/saml/auth" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" AssertionConsumerServiceURL="https://localhost:7071/api/v1/saml/post/ac">
<saml:Issuer>https://localhost:7071/saml/metadata</saml:Issuer>
<ds:Signature
xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<ds:Reference URI="#_a9a06995-8cda-4042-9b80-d66f1118033c">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>2S1bBotRxtMZHGeHwHkPp98bvV1GioFmHxyYAe2erl0=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>UKSo4HYUyzjMD49G4CI8g1eEbECzWA2cs9YZTkm3Jt2FN8gM9OJ99GyEai7VInH4m0KsaStOjJWDhZokDwx/ifIcDKYLaopmVG/qo3CoCLzxXFvDHQjs4qMs/+qcKQRKkgzU2rOLOE/cu9wsyK9TPGxF8/w0IZN/t1LXy+9tLtbRDFSV5YkKm9oMTNpKZEI17ilg2yXTbY69BiJZP3u3Bd2Qj3CD6j6lEAiwMoRtr98U/ZWuQNk1f6lhtwCOyO/1i7ipsMRKVClX2DpqGS4E+ppyhs+hVcc7wNVpxHM6fCZp49CmfKmFylFpjxUyXRfq57/dLwk02bkzAfS1Yu1T/6c=</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>MIIDbTCCAlSgAwIBAgIBADANBgkqhkiG9w0BAQsFADBPMQswCQYDVQQGEwJ1czELMAkGA1UECAwCTlkxCzAJBgNVBAoMAkNOMSYwJAYDVQQDDB1jdGZkYXRhLWRldi5henVyZXdlYnNpdGVzLm5ldDAgFw0xODEwMTYwODQ3MDhaGA8yMTU1MDkwODA4NDcwOFowTzELMAkGA1UEBhMCdXMxCzAJBgNVBAgMAk5ZMQswCQYDVQQKDAJDTjEmMCQGA1UEAwwdY3RmZGF0YS1kZXYuYXp1cmV3ZWJzaXRlcy5uZXQwggEjMA0GCSqGSIb3DQEBAQUAA4IBEAAwggELAoIBAgC5mScqWHd8jXFnIvZ/lgv4TtpHCz+g+6d7DyqcNVy2ATMDpGm2r/JtjftWwb70ARF3vyyMiX4gK5HFjlxsruS+T5p/0zD8v6fQXoObgZYcSD+2bDRxVeZOTwh+MHu1wh6UOJvoZA0w8UmhJ1+4x4nA8B9LzN4YIiGeJdtUTfpraNoenn89YzN0p2FABLRCE3wh2b3Z37oXs4q3lHLxzohURZmiLQnIROOaeShtQ7wN0PXmF/7vUvpLCGtw8Kuk4SUlQQbeexyXLC6/LQKcHV+mgdZnFy/h5vR0HEZUmEBxI2TsbPHN369SqmdrlpAE09D420AW9tXGFGdJ1Cng9E2GEwIDAQABo1AwTjAdBgNVHQ4EFgQUYnwRAUL7TRRXEfHTGWcUm7VLxEcwHwYDVR0jBBgwFoAUYnwRAUL7TRRXEfHTGWcUm7VLxEcwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQIAFhLfssI9OLHOGNTE+gbrEG+YldlFk0zPC81SXhVqeSegpu/atN8aDeoVyaCIcx1ZPx7G29wvHNaBGGXAIQ3rKD4y2i0XyyGAUsN6FPksjloY1cbv1SX2eAGCiMSQNOOpO8QPCaRYkfArbuCQEAqOFNrRtdg2pQ8EL9+pdgOXylUYkxsWEt6mNOUEf5frr66fEeisqaB6sYgUBQTsdkd5PxZNXlclya7GkybjKS7Xzle398NubkntZGznQn7UqhmGc8NEx13MwV7KZBpM0B8I2X7iK3hnh6+1FhaAggWwgtZISAd4LRs13L919PyI+UUq4LawwRA2nHzApF9kFXJm3u4=</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>
<samlp:NameIDPolicy Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress" AllowCreate="false"/>
</samlp:AuthnRequest>
If you take a look at the signature, it does in fact appear to have a length of 257 instead of 256.
Interestingly, we have three environments utilizing the same code with samlify and the same IDP and only one environment has this issue. The environment that fails always fails, the environments that work always work.
Any thoughts/ideas on how to troubleshoot this?
Issue Analytics
- State:
- Created 5 years ago
- Comments:6 (4 by maintainers)
Top Results From Across the Web
SignatureException: Signature doesn't match or Signature ...
SignatureException: Signature doesn't match or Signature length not correct: got 256 but was expecting 512 Follow · Make sure there is no -Djsse....
Read more >RSA SignatureException: Signature length not correct
SignatureException: Signature length not correct: got 336 but was expecting 128 at sun.security.rsa.RSASignature.
Read more >Signature length not correct: got 256 but was expecting 128 ...
Getting "Security issue: Signature length not correct: got 256 but was expecting 128" since about one hour ago. 7530 views.
Read more >New src/share/classes/sun/security/rsa/RSASignature.java
getByteLength(publicKey)) { 189 throw new SignatureException("Signature length not correct: got " + 190 sigBytes.length + " but was expecting " + 191 ...
Read more >Signature length not correct: got 128 but was expecting 256
支付宝公钥(alipay_public_key)与sign不匹配。 Signature length not correct: got 257 but was expecting 256,表示签名长度不正确:得到257,但预期为256。
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
I worked around this, but I never resolved it.
I regenerated my SSL Certificates for the environment and the new certificates worked fine for that environment.
As I recall (This was awhile ago); I had to regenerate the certificate several times to finally get one that worked and one out of every 5 or so would still fail.
I moved on with one of the working certificates.
Ok, thanks for your update, then let me close this issue first.