SAML 2.0 support with Elliptic Curve Cryptography (ECC) Certificates

Question

We have added SAML 2.0 support for our application with Identity Provider as Microsoft Azure.

Our Service Provider has Elliptic Curve Cryptography (ECC) Certificate. The metadata having certificate is imported in Azure. When we try to login with Azure, we get error: “AADSTS75005: The request is not a valid SAML 2.0 protocol message or contains invalid or potentially dangerous characters.”. When we replace the certificate with RSA, login works fine.

Can anyone please suggest if I am missing something or currently we do not have support for ECC with Azure?

Answer 1

Hi @sannav

Thank you for reaching us!
I understand that you have imported the Elliptic Curve Cryptography (ECC) Certificate to Azure and got an error AADSTS75005 while trying to log in with Azure. When you replaced the certificate with RSA, you were able to log in successfully.

Currently, Microsoft Azure AD does not support ECC certificates for SAML 2.0 authentication. It supports RSA certificates. To resolve this issue, you needed to use an RSA certificate instead of an ECC certificate for your Service Provider.

The error AADSTS75005 states that the request you sent to Azure AD for SAML-based single sign-on is not valid.

I hope this answer helps! If you have any further questions, please feel free to ask.

Reference: https://learn.microsoft.com/en-us/troubleshoot/azure/active-directory/error-code-aadsts75005-not-a-valid-saml-request

https://learn.microsoft.com/en-us/entra/identity/hybrid/connect/how-to-connect-fed-saml-idp

https://learn.microsoft.com/en-us/entra/identity/enterprise-apps/certificate-signing-options

Thanks,

Akhilesh.

Please "Accept the answer" if the information helped you. This will help us and others in the community as well.