Forum Discussion

Roman Mazanka's avatar
Roman Mazanka
Copper Contributor
Dec 12, 2016

RSASSA-PSS with provider-hosted add-ins

Dear community, we have problem with SharePoint provider-hosted add-in. Please, help us to solve it.

We usually use certificates with sha256RSA signature algorithm. But now we have case where our cutomer's policies allows using only RSASSA-PSS algorithm. When we try to install our add-in on site collection, there is the error occured:

Error Message: Invalid provider type specified.

 

Stack Trace:    at System.Security.Cryptography.Utils.CreateProvHandle(CspParameters parameters, Boolean randomKeyContainer)

   at System.Security.Cryptography.Utils.GetKeyPairHelper(CspAlgorithmType keyType, CspParameters parameters, Boolean randomKeyContainer, Int32 dwKeySize, SafeProvHandle& safeProvHandle, SafeKeyHandle& safeKeyHandle)

   at System.Security.Cryptography.RSACryptoServiceProvider.GetKeyPair()

   at System.Security.Cryptography.RSACryptoServiceProvider..ctor(Int32 dwKeySize, CspParameters parameters, Boolean useDefaultKeySize)

   at System.Security.Cryptography.X509Certificates.X509Certificate2.get_PrivateKey()

   at System.IdentityModel.Tokens.X509AsymmetricSecurityKey.get_PrivateKey()

   at System.IdentityModel.Tokens.X509AsymmetricSecurityKey.GetAsymmetricAlgorithm(String algorithm, Boolean privateKey)

   at Microsoft.IdentityModel.S2S.Tokens.X509AsymmetricSignatureProvider..ctor(X509AsymmetricSecurityKey x509Key)

   at Microsoft.IdentityModel.S2S.Tokens.SignatureProvider.Create(SigningCredentials signingCredentials)

   at Microsoft.IdentityModel.S2S.Tokens.JsonWebSecurityTokenHandler.Sign(String signingInput, SigningCredentials signingCredentials)

   at Microsoft.IdentityModel.S2S.Tokens.JsonWebSecurityTokenHandler.WriteTokenAsString(SecurityToken token)

   at AppNameWeb.TokenHelper.IssueToken(String sourceApplication, String issuerApplication, String sourceRealm, String targetApplication, String targetRealm, String targetApplicationHostName, Boolean trustedForDelegation, IEnumerable`1 claims, Boolean appOnly)

   at AppNameWeb.TokenHelper.GetS2SAccessTokenWithClaims(String targetApplicationHostName, String targetRealm, IEnumerable`1 claims)

   at AppNameWeb.TokenHelper.GetS2SClientContextWithWindowsIdentity(Uri targetApplicationUri, WindowsIdentity identity)

   at AppNameWeb.Services.AppEventReceiver.ProcessEvent(SPRemoteEventProperties properties).

 

Using certificate with sha256RSA algorithm add-in installs normally.

We tried to find sharepoint limitations about certificate signature algorithm, but it wasn't succeed. Please, tell me, where is the problem: is there sharepoint limitations or we use wrong method in our add-in?

Thanks!

sharepoint server
No RepliesBe the first to reply

Resources