Weak Signature Algorithm Error in SAML Request

Microsoft.ActiveDirectoryFederationServices20.TokenIssuanceSAMLRequestUnsupportedSignatureAlgorithmRule (Rule)

Knowledge Base article:

Summary

The token that was used to authenticate the user or the request is signed with the expected signature algorithm.

Causes

The signature algorithm for the partner is not configured correctly.

Resolutions

Verify that signature algorithm for the partner is configured as expected. Use the information in this event to correct the signature algorithm.

Element properties:

Target

Microsoft.ActiveDirectoryFederationServices20.TokenIssuance

Category

SecurityHealth

Enabled

True

Event_ID

378

Alert Generate

True

Alert Severity

Warning

Alert Priority

Normal

Remotable

True

Alert Message

Weak Signature Algorithm Error In SAML Request

The token that was used to authenticate the user or the request is signed with the signature algorithm '{0}' which is not the expected signature algorithm '{1}'. Check the Alert Context tab for event details.

Event Log

$Target/Host/Host/Property[Type="Microsoft.ActiveDirectoryFederationServices20.FederationServer"]/ADFSEventLog$

Member Modules:

ID	Module Type	TypeId	RunAs
DS	DataSource	Microsoft.Windows.EventProvider	Default
Alert	WriteAction	System.Health.GenerateAlert	Default

Source Code:

<Rule ID="Microsoft.ActiveDirectoryFederationServices20.TokenIssuanceSAMLRequestUnsupportedSignatureAlgorithmRule" Enabled="true" Target="Microsoft.ActiveDirectoryFederationServices20.TokenIssuance" ConfirmDelivery="true" Remotable="true" Priority="Normal" DiscardLevel="100">

  <Category>SecurityHealth</Category>

  <DataSources>

    <DataSource ID="DS" TypeID="Windows!Microsoft.Windows.EventProvider">

      <ComputerName>$Target/Host/Host/Host/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$</ComputerName>

      <LogName>$Target/Host/Host/Property[Type="Microsoft.ActiveDirectoryFederationServices20.FederationServer"]/ADFSEventLog$</LogName>

      <Expression>

        <And>

          <Expression>

            <SimpleExpression>

              <ValueExpression>

                <XPathQuery Type="UnsignedInteger">EventDisplayNumber</XPathQuery>

              </ValueExpression>

              <Operator>Equal</Operator>

              <ValueExpression>

                <Value Type="UnsignedInteger">378</Value>

              </ValueExpression>

            </SimpleExpression>

          </Expression>

          <Expression>

            <RegExExpression>

              <ValueExpression>

                <XPathQuery Type="String">PublisherName</XPathQuery>

              </ValueExpression>

              <Operator>MatchesMOM2005RegularExpression</Operator>

              <Pattern>(^AD FS$)|(^AD FS 2.0$)</Pattern>

            </RegExExpression>

          </Expression>

        </And>

      </Expression>

    </DataSource>

  </DataSources>

  <WriteActions>

    <WriteAction ID="Alert" TypeID="Health!System.Health.GenerateAlert">

      <Priority>1</Priority>

      <Severity>1</Severity>

      <AlertOwner/>

      <AlertMessageId>$MPElement[Name="Microsoft.ActiveDirectoryFederationServices20.TokenIssuanceSAMLRequestUnsupportedSignatureAlgorithmRule.AlertMessage"]$</AlertMessageId>

      <AlertParameters>

        <AlertParameter1>$Data/Params/Param[1]$</AlertParameter1>

        <AlertParameter2>$Data/Params/Param[2]$</AlertParameter2>

      </AlertParameters>

      <Suppression>

        <SuppressionValue>$Data/EventDisplayNumber$</SuppressionValue>

      </Suppression>

      <Custom1/>

      <Custom2/>

      <Custom3/>

      <Custom4/>

      <Custom5/>

      <Custom6/>

      <Custom7/>

      <Custom8/>

      <Custom9/>

      <Custom10/>

    </WriteAction>

  </WriteActions>

</Rule>