ComponentSpace

Forums



Unexpected Exception in ReceiveSsoAsync


Unexpected Exception in ReceiveSsoAsync

Author
Message
rshillington
rshillington
New Member
New Member (6 reputation)New Member (6 reputation)New Member (6 reputation)New Member (6 reputation)New Member (6 reputation)New Member (6 reputation)New Member (6 reputation)New Member (6 reputation)New Member (6 reputation)

Group: Forum Members
Posts: 4, Visits: 16
I'm testing on my mac, running .NET Core SDK version 2.2.105 on Max OS 10.14
I'm using OKTA as the Identity Provider, and I believe I have configured the app in OKTA correctly.
after logging into OKTA and pressing the button for my app in the my applications, i'm redirected to https://5001://localhost/samlassertionconsumerservice as expected.
According to the logs the X.509 certificate is loaded from disk (this is the cert that I received from OKTA when I setup the App)
However I then get the following error.
Could it be a config setting in my SXML exception of my appsettings.json?

nterop+AppleCrypto+AppleCommonCryptoCryptographicException: One or more parameters passed to a function were not valid. at Interop.AppleCrypto.X509Export(X509ContentType contentType, SafeCreateHandle cfPassphrase, IntPtr[] certHandles)
at Interop.AppleCrypto.X509ExportPfx(IntPtr[] certHandles, SafePasswordHandle exportPassword)
at Internal.Cryptography.Pal.StorePal.AppleCertificateExporter.ExportPkcs12(SafePasswordHandle password)
at Internal.Cryptography.Pal.StorePal.AppleCertificateExporter.Export(X509ContentType contentType, SafePasswordHandle password)
at System.Security.Cryptography.X509Certificates.X509Certificate.Export(X509ContentType contentType, String password)
at System.Security.Cryptography.X509Certificates.X509Certificate.Export(X509ContentType contentType)
at ComponentSpace.Saml2.Certificates.AbstractCachedCertificateLoader.AddCertificateToCacheAsync(String key, X509Certificate2 x509Certificate)
at ComponentSpace.Saml2.Certificates.AbstractCachedCertificateLoader.LoadCertificateFromFileAsync(String certificateFile, String certificatePassword)
at ComponentSpace.Saml2.Certificates.CertificateManager.LoadCertificatesAsync(IList`1 certificates, CertificateUse certificateUse)
at ComponentSpace.Saml2.Certificates.CertificateManager.GetPartnerIdentityProviderSignatureCertificatesAsync(String configurationID, String partnerIdentityProviderName)
at ComponentSpace.Saml2.SamlServiceProvider.GetPartnerProviderSignatureCertificatesAsync(Boolean precondition)
at ComponentSpace.Saml2.SamlServiceProvider.VerifySamlResponseSignatureAsync(XmlElement samlResponseElement)
at ComponentSpace.Saml2.SamlServiceProvider.ProcessSamlResponseAsync(XmlElement samlResponseElement)
at ComponentSpace.Saml2.SamlServiceProvider.ReceiveSsoAsync()
at WebApi.SamlController.AssertionConsumerService() in /WebApi/Controllers/SamlController.cs:line 65
at Microsoft.AspNetCore.Mvc.Internal.ActionMethodExecutor.TaskOfIActionResultExecutor.Execute(IActionResultTypeMapper mapper, ObjectMethodExecutor executor, Object controller, Object[] arguments)
at System.Threading.Tasks.ValueTask`1.get_Result()
at Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker.InvokeActionMethodAsync()
at Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker.InvokeNextActionFilterAsync()
at Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker.Rethrow(ActionExecutedContext context)
at Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted)
at Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker.InvokeInnerFilterAsync()
at Microsoft.AspNetCore.Mvc.Internal.ResourceInvoker.InvokeNextResourceFilter()
at Microsoft.AspNetCore.Mvc.Internal.ResourceInvoker.Rethrow(ResourceExecutedContext context)
at Microsoft.AspNetCore.Mvc.Internal.ResourceInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted)
at Microsoft.AspNetCore.Mvc.Internal.ResourceInvoker.InvokeFilterPipelineAsync()
at Microsoft.AspNetCore.Mvc.Internal.ResourceInvoker.InvokeAsync()
at Microsoft.AspNetCore.Routing.EndpointMiddleware.Invoke(HttpContext httpContext)
at Microsoft.AspNetCore.Routing.EndpointRoutingMiddleware.Invoke(HttpContext httpContext)
at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
at Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddleware.Invoke(HttpContext context)

rshillington
rshillington
New Member
New Member (6 reputation)New Member (6 reputation)New Member (6 reputation)New Member (6 reputation)New Member (6 reputation)New Member (6 reputation)New Member (6 reputation)New Member (6 reputation)New Member (6 reputation)

Group: Forum Members
Posts: 4, Visits: 16
I should add that I've now tested the same code on a Linux setup, and I don't get the exception, so now I'm thinking it may be something to do with certificate management with macOS?  Suggestions?
ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (2.9K reputation)ComponentSpace Development (2.9K reputation)ComponentSpace Development (2.9K reputation)ComponentSpace Development (2.9K reputation)ComponentSpace Development (2.9K reputation)ComponentSpace Development (2.9K reputation)ComponentSpace Development (2.9K reputation)ComponentSpace Development (2.9K reputation)ComponentSpace Development (2.9K reputation)

Group: Administrators
Posts: 2K, Visits: 4.6K
I think you're right. By default we cache certificates in memory and it looks like the X509Certificate.Export method is failing.
You can turn off certificate caching by adding the following to the ConfigureServices method of your application's startup. 


using ComponentSpace.Saml2.Certificates;

// Use the standard certificate loader rather than the default cached certificate loader.
services.TryAddTransient<ICertificateLoader, CertificateLoader>();

// Add SAML SSO services.
services.AddSaml(Configuration.GetSection("SAML"));



Let me know how that goes.

Regards
ComponentSpace Development
dik_deviant
dik_deviant
New Member
New Member (1 reputation)New Member (1 reputation)New Member (1 reputation)New Member (1 reputation)New Member (1 reputation)New Member (1 reputation)New Member (1 reputation)New Member (1 reputation)New Member (1 reputation)

Group: Forum Members
Posts: 1, Visits: 1
ComponentSpace - 6/4/2019
I think you're right. By default we cache certificates in memory and it looks like the X509Certificate.Export method is failing.
You can turn off certificate caching by adding the following to the ConfigureServices method of your application's startup. 


using ComponentSpace.Saml2.Certificates;

// Use the standard certificate loader rather than the default cached certificate loader.
services.TryAddTransient<ICertificateLoader, CertificateLoader>();

// Add SAML SSO services.
services.AddSaml(Configuration.GetSection("SAML"));



Let me know how that goes.

I had exactly the same problem. Also on a Mac.
This solution does solve the problem.
Thanks.
ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (2.9K reputation)ComponentSpace Development (2.9K reputation)ComponentSpace Development (2.9K reputation)ComponentSpace Development (2.9K reputation)ComponentSpace Development (2.9K reputation)ComponentSpace Development (2.9K reputation)ComponentSpace Development (2.9K reputation)ComponentSpace Development (2.9K reputation)ComponentSpace Development (2.9K reputation)

Group: Administrators
Posts: 2K, Visits: 4.6K
Thanks for the confirmation.

Regards
ComponentSpace Development
GO


Similar Topics


Execution: 0.000. 2 queries. Compression Enabled.
Login
Existing Account
Email Address:


Password:


Social Logins

Select a Forum....









ComponentSpace Forums


Search