Forums, Documentation & Knowledge Base - ComponentSpace

Certificate error when running in Docker container


https://componentspace.com/forums/Topic9891.aspx

By andreasn - 4/2/2019

We are trying out your SAML component for .Net Core and we get this exception when loading the certificate.

It works fine when running the code in Windows developer machine, but in a Docker container (running Linux) it throws this exception.

Certificate is read from database as byte array and converted into Base64 string.

Do you know a solution to this problem?

Is it possible to pass a byte array certificate or X509Certificate2 instance into IdP configuration?

Exception:

The X.509 certificate could not be loaded from the string. - error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error

at ComponentSpace.Saml2.Certificates.CertificateLoader.LoadCertificateFromStringAsync(String certificateString, String certificatePassword)
 at ComponentSpace.Saml2.Certificates.AbstractCachedCertificateLoader.LoadCertificateFromStringAsync(String certificateString, String certificatePassword)
 at ComponentSpace.Saml2.Certificates.CertificateManager.LoadCertificatesAsync(IList`1 certificates, CertificateUse certificateUse)
 at ComponentSpace.Saml2.Certificates.CertificateManager.GetPartnerIdentityProviderSignatureCertificatesAsync(String configurationID, String partnerIdentityProviderName)
 at ComponentSpace.Saml2.SamlServiceProvider.GetPartnerProviderSignatureCertificatesAsync(Boolean precondition)
 at ComponentSpace.Saml2.SamlServiceProvider.VerifySamlAssertionSignatureAsync(AssertionListItem assertionListItem)
 at ComponentSpace.Saml2.SamlServiceProvider.GetSamlAssertionAsync(SamlResponse samlResponse)
 at ComponentSpace.Saml2.SamlServiceProvider.ProcessSamlResponseAsync(XmlElement samlResponseElement)
 at ComponentSpace.Saml2.SamlServiceProvider.ReceiveSsoAsync()

--- Inner exception stack trace ---
 at Internal.Cryptography.Pal.CertificatePal.FromBlob(Byte[] rawData, SafePasswordHandle password, X509KeyStorageFlags keyStorageFlags)
 at System.Security.Cryptography.X509Certificates.X509Certificate..ctor(Byte[] rawData, String password, X509KeyStorageFlags keyStorageFlags)
 at System.Security.Cryptography.X509Certificates.X509Certificate2..ctor(Byte[] rawData, String password, X509KeyStorageFlags keyStorageFlags)
 at ComponentSpace.Saml2.Certificates.CertificateLoader.LoadCertificateFromStringAsync(String certificateString, String certificatePassword)
By ComponentSpace - 3/2/2021

Just store the base-64 string. This can be stored as an nvarchar.

Another option is to store the base-64 string directly in the SAML configuration (eg appsettings.json). For more information, refer to our Configuration Guide and Certificate Guide.

https://www.componentspace.com/Forums/8234/Configuration-Guide

https://www.componentspace.com/Forums/8238/Certificate-Guide