Intermittent SAML Signature validation issue

Question

We have SAML signature validation issue in production. Everything was working fine until this morning. We are getting the following error:

"Failed to validate the SAML assertion signature"

With some digging, we found out that some of the SSO requests were failing on SAMLAssertionSignature.Verify()

The X509 certificate is sent as part of the message. They are exactly the same between the success and failure scenarios.

The exception we are getting is

ComponentSpace.SAML2.Exceptions.SAMLSignatureException: Failed to verify the XML signature. ---> System.Security.Cryptography.CryptographicException: Object was not found

The only thing happened between yesterday and today is installation of windows update.

Could this be related to that? Anyone had this issue before?

Answer 1

We got this issue resolved. Thanks to ComponentSpace for their quick response. bartonjs, your guess is right on all 3. Windows update for .Net 4.6.2 started the issue. We had to rollback the update. Even though ComponentSpace was quick with response and their suggestion, we could not try that out right away, as we had to wait for maintenance window. We tried the following last night and it worked

1. Created user profile for the Application Pool account. We had it setup with a domain user that never logged into that box. So, had to generate that profile.
2. Updated IIS setting "Load User Profile" to True.
3. Installed windows updates for .Net 4.6.2, that we rolled back earlier.

Everything is working fine now.

FYI: The updates that caused this issue are

1. Update for Microsoft .NET Framework 4.6.2 (KB3205379)
2. Security Update for Microsoft .NET Framework 4.6.2 (KB3204805)

Thank you for your assistance.