Home
  •  

Weak Signature Algorithm Error

Microsoft.ActiveDirectoryFederationServices.2016.TokenIssuanceWeakSignatureAlgorithmErrorRule (Rule)

Knowledge Base article:

Summary

The token that was used to authenticate the user or the request is signed with the expected signature algorithm.

Causes

The token that is used to authenticate the user is signed using a weaker signature algorithm than expected.

Resolutions

Verify that the claims provider is configured to accept tokens with the expected signature algorithm. To resolve this issue, you can use either the Windows PowerShell cmdlets for AD FS, or the AD FS snap-in to reconfigure the signature algorithm. For cmdlet update, use the SignatureAlgorithm parameter with the Set-ADFSClaimsProviderTrust cmdlet. For a Microsoft Management Console (MMC)-based update, you can modify the signature algorithm property on the Advanced tab of the claims provider trust properties.

Element properties:

TargetMicrosoft.ActiveDirectoryFederationServices.2016.TokenIssuance
CategorySecurityHealth
EnabledTrue
Event_ID372
Alert GenerateTrue
Alert SeverityWarning
Alert PriorityNormal
RemotableTrue
Alert Message
Weak Signature Algorithm Error
The token that was used to authenticate the user or the request is signed with the signature algorithm '{0}' which is not the expected signature algorithm '{1}'. Check the Alert Context tab for event details.
Event Log$Target/Host/Host/Property[Type="Microsoft.ActiveDirectoryFederationServices.2016.FederationServer"]/ADFSEventLog$

Member Modules:

ID Module Type TypeId RunAs 
DS DataSource Microsoft.Windows.EventProvider Default
Alert WriteAction System.Health.GenerateAlert Default

Source Code:

<Rule ID="Microsoft.ActiveDirectoryFederationServices.2016.TokenIssuanceWeakSignatureAlgorithmErrorRule" Enabled="true" Target="Microsoft.ActiveDirectoryFederationServices.2016.TokenIssuance" ConfirmDelivery="true" Remotable="true" Priority="Normal" DiscardLevel="100">

  <Category>SecurityHealth</Category>

  <DataSources>

    <DataSource ID="DS" TypeID="Windows!Microsoft.Windows.EventProvider">

      <ComputerName>$Target/Host/Host/Host/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$</ComputerName>

      <LogName>$Target/Host/Host/Property[Type="Microsoft.ActiveDirectoryFederationServices.2016.FederationServer"]/ADFSEventLog$</LogName>

      <Expression>

        <And>

          <Expression>

            <SimpleExpression>

              <ValueExpression>

                <XPathQuery Type="UnsignedInteger">EventDisplayNumber</XPathQuery>

              </ValueExpression>

              <Operator>Equal</Operator>

              <ValueExpression>

                <Value Type="UnsignedInteger">372</Value>

              </ValueExpression>

            </SimpleExpression>

          </Expression>

          <Expression>

            <RegExExpression>

              <ValueExpression>

                <XPathQuery Type="String">PublisherName</XPathQuery>

              </ValueExpression>

              <Operator>MatchesMOM2005RegularExpression</Operator>

              <Pattern>(^AD FS$)</Pattern>

            </RegExExpression>

          </Expression>

        </And>

      </Expression>

    </DataSource>

  </DataSources>

  <WriteActions>

    <WriteAction ID="Alert" TypeID="Health!System.Health.GenerateAlert">

      <Priority>1</Priority>

      <Severity>1</Severity>

      <AlertOwner/>

      <AlertMessageId>$MPElement[Name="Microsoft.ActiveDirectoryFederationServices.2016.TokenIssuanceWeakSignatureAlgorithmErrorRule.AlertMessage"]$</AlertMessageId>

      <AlertParameters>

        <AlertParameter1>$Data/Params/Param[2]$</AlertParameter1>

        <AlertParameter2>$Data/Params/Param[3]$</AlertParameter2>

      </AlertParameters>

      <Suppression>

        <SuppressionValue>$Data/Params/Param[1]$</SuppressionValue>

      </Suppression>

      <Custom1/>

      <Custom2/>

      <Custom3/>

      <Custom4/>

      <Custom5/>

      <Custom6/>

      <Custom7/>

      <Custom8/>

      <Custom9/>

      <Custom10/>

    </WriteAction>

  </WriteActions>

</Rule>