ComponentSpace

Forums



SSO Errors after server patches


SSO Errors after server patches

Author
Message
Matt Olson
Matt Olson
Junior Member
Junior Member (61 reputation)Junior Member (61 reputation)Junior Member (61 reputation)Junior Member (61 reputation)Junior Member (61 reputation)Junior Member (61 reputation)Junior Member (61 reputation)Junior Member (61 reputation)Junior Member (61 reputation)

Group: Forum Members
Posts: 22, Visits: 115
Hello,

We did a server patch over the weekend and today, nobody can use the SAML login for our website.  There are two competing errors:

First:

2016-02-22 14:49:09.395 Global.asax Message: Exception of type 'System.Web.HttpUnhandledException' was thrown. Stack:  at System.Web.UI.Page.HandleError(Exception e)
 at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
 at System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
 at System.Web.UI.Page.ProcessRequest()
 at System.Web.UI.Page.ProcessRequest(HttpContext context)
 at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
 at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) Message: A valid SAML configuration hasn't been specified. Stack:  at ComponentSpace.SAML2.Configuration.SAMLConfiguration.GetCurrent()
 at ComponentSpace.SAML2.InternalSAMLServiceProvider..ctor()
 at Site.SAML.AssertionConsumerService.Page_Load(Object sender, EventArgs e) in f:\Builds\6\Site\SAML\AssertionConsumerService.aspx.cs:line 41
 at System.Web.UI.Control.OnLoad(EventArgs e)
 at System.Web.UI.Control.LoadRecursive()
 at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)


Second (Occurs only when app pool and site are freshly restarted):

Exception information:
  Exception type: SAMLCertificateException
  Exception message: The X.509 certificate could not be loaded from the file C:\inetpub\site\non_active_cert.pfx.
 at ComponentSpace.SAML2.Certificates.AbstractCertificateManager.LoadCertificateFromFile(String certificateFile, String certificatePassword)
 at ComponentSpace.SAML2.Certificates.CertificateManager.LoadCertificate(String certificateFile, String certificatePassword, String certificatePasswordKey, StoreLocation storeLocation, String certificateSerialNumber, String certificateThumbprint, String certificateSubject)
 at ComponentSpace.SAML2.Certificates.CertificateManager.LoadLocalCertificate(ProviderConfiguration providerConfiguration)
 at ComponentSpace.SAML2.Certificates.CertificateManager.Initialize(SAMLConfiguration samlConfiguration)
 at ComponentSpace.SAML2.Configuration.SAMLConfiguration.InitializeCertificateManager()
 at ComponentSpace.SAML2.Configuration.SAMLConfiguration.Load()
 at ComponentSpace.SAML2.Configuration.SAMLConfiguration.GetCurrent()
 at ComponentSpace.SAML2.InternalSAMLServiceProvider..ctor()
 at MIROnlineOrderingSystem_TierN.SAML.AssertionConsumerService.Page_Load(Object sender, EventArgs e) in f:\Builds\6\Site\SAML\AssertionConsumerService.aspx.cs:line 41
 at System.Web.UI.Control.OnLoad(EventArgs e)
 at System.Web.UI.Control.LoadRecursive()
 at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)



Swift assistance would be appreciated as this is a production site.
Tags
Matt Olson
Matt Olson
Junior Member
Junior Member (61 reputation)Junior Member (61 reputation)Junior Member (61 reputation)Junior Member (61 reputation)Junior Member (61 reputation)Junior Member (61 reputation)Junior Member (61 reputation)Junior Member (61 reputation)Junior Member (61 reputation)

Group: Forum Members
Posts: 22, Visits: 115
nulloverride - Monday, February 22, 2016
Hello,

We did a server patch over the weekend and today, nobody can use the SAML login for our website.  There are two competing errors:

First:

2016-02-22 14:49:09.395 Global.asax Message: Exception of type 'System.Web.HttpUnhandledException' was thrown. Stack:  at System.Web.UI.Page.HandleError(Exception e)
 at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
 at System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
 at System.Web.UI.Page.ProcessRequest()
 at System.Web.UI.Page.ProcessRequest(HttpContext context)
 at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
 at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) Message: A valid SAML configuration hasn't been specified. Stack:  at ComponentSpace.SAML2.Configuration.SAMLConfiguration.GetCurrent()
 at ComponentSpace.SAML2.InternalSAMLServiceProvider..ctor()
 at Site.SAML.AssertionConsumerService.Page_Load(Object sender, EventArgs e) in f:\Builds\6\Site\SAML\AssertionConsumerService.aspx.cs:line 41
 at System.Web.UI.Control.OnLoad(EventArgs e)
 at System.Web.UI.Control.LoadRecursive()
 at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)


Second (Occurs only when app pool and site are freshly restarted):

Exception information:
  Exception type: SAMLCertificateException
  Exception message: The X.509 certificate could not be loaded from the file C:\inetpub\site\non_active_cert.pfx.
 at ComponentSpace.SAML2.Certificates.AbstractCertificateManager.LoadCertificateFromFile(String certificateFile, String certificatePassword)
 at ComponentSpace.SAML2.Certificates.CertificateManager.LoadCertificate(String certificateFile, String certificatePassword, String certificatePasswordKey, StoreLocation storeLocation, String certificateSerialNumber, String certificateThumbprint, String certificateSubject)
 at ComponentSpace.SAML2.Certificates.CertificateManager.LoadLocalCertificate(ProviderConfiguration providerConfiguration)
 at ComponentSpace.SAML2.Certificates.CertificateManager.Initialize(SAMLConfiguration samlConfiguration)
 at ComponentSpace.SAML2.Configuration.SAMLConfiguration.InitializeCertificateManager()
 at ComponentSpace.SAML2.Configuration.SAMLConfiguration.Load()
 at ComponentSpace.SAML2.Configuration.SAMLConfiguration.GetCurrent()
 at ComponentSpace.SAML2.InternalSAMLServiceProvider..ctor()
 at MIROnlineOrderingSystem_TierN.SAML.AssertionConsumerService.Page_Load(Object sender, EventArgs e) in f:\Builds\6\Site\SAML\AssertionConsumerService.aspx.cs:line 41
 at System.Web.UI.Control.OnLoad(EventArgs e)
 at System.Web.UI.Control.LoadRecursive()
 at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)



Swift assistance would be appreciated as this is a production site.

OK, this seems to be the result of a reference to the LocalCertificateFile and LocalCertificatePassword in the ServiceProvider element of saml.config.  The cert in question was for our demo site, but this web application was functioning well enough all last week with no problems so I'm unsure why this would be an issue after patching the server. Regardless, commenting out the offending properties seemed to do the trick of getting everything working again...
ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
Could you please confirm that the certificate file C:\inetpub\site\non_active_cert.pfx exists?
Assuming it does, it may be that there's a permissions issue loading the PFX certificate file.
Please take a look at:
http://www.componentspace.com/Forums/29/Troubleshooting-Loading-X.509-Certificates
If there's still an issue, please enable SAML trace and send the generated log file to [email protected] mentioning this post.
http://www.componentspace.com/Forums/17/Enabing-SAML-Trace


Regards
ComponentSpace Development
ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
Out posts crossed. As your site is the service provider and assuming you're not sending signed SAML authn requests or require the SAML assertion to be posted then the LocalCertificateFile is not required and can be removed from the SAML configuration.


Regards
ComponentSpace Development
Matt Olson
Matt Olson
Junior Member
Junior Member (61 reputation)Junior Member (61 reputation)Junior Member (61 reputation)Junior Member (61 reputation)Junior Member (61 reputation)Junior Member (61 reputation)Junior Member (61 reputation)Junior Member (61 reputation)Junior Member (61 reputation)

Group: Forum Members
Posts: 22, Visits: 115
good to have that confirmed, thanks for the super-quick response!
GO


Similar Topics


Execution: 0.000. 2 queries. Compression Enabled.
Login
Existing Account
Email Address:


Password:


Select a Forum....












Forums, Documentation & Knowledge Base - ComponentSpace


Search