ComponentSpace

Forums



Exception - A signing key is required to generate an XML signature


Exception - A signing key is required to generate an XML signature

Author
Message
Chandresh Sanghavi
Chandresh Sanghavi
New Member
New Member (16 reputation)New Member (16 reputation)New Member (16 reputation)New Member (16 reputation)New Member (16 reputation)New Member (16 reputation)New Member (16 reputation)New Member (16 reputation)New Member (16 reputation)

Group: Forum Members
Posts: 13, Visits: 63
Hi,

I get above exception while calling InitiateSSO (for IDP initiated SSO). I have explained the problem statement below:

We are letting our clients to SSO into some of our services. For this, we have been using the database to store the store the SSO configuration and Cert Data for Client (mostly IDP) and us (SP).
I am writing a test tool to test out selected client's SSO request coming to our code of Service Provider module.
Here is the sequence:
1) User A logs in to Test Tool
2) User selects Client for SSO configuration from the UI page (Name, flags opted etc)
3) Tool finds the CER file for selected client and creates SAML configurations for LocalIDP and Partner SP
      // Cert Info is loaded thru ICertificationManager Interface method as shown below
       public class SSOTestCertificateManager : ICertificateManager
      {
                // All other interface methods are not required except following
                public IList<X509Certificate2> GetLocalIdentityProviderSignatureCertificates(string configurationID, string partnerSPName)
                {
                          // Load Cert binary data from Database
                }
       }

           // Adding Local Identity Provider  
           var samlConfiguration.LocalIdentityProviderConfiguration = new LocalIdentityProviderConfiguration() {
                 Name = NameOfIDP;  // Cert Attributes are loaded using above code
           }  
          
          //  Adding Partner Service Provider 
          samlConfiguration.AddPartnerServiceProvider(
                new PartnerServiceProviderConfiguration() {
                       // Set all required attributes including Name and Assertion Url and the flags
               });
             SAMLController.Configuration = SSOTestConfiguration;
              SAMLController.CertificateManager = SSOTestCertificateManager;

            // Finally calling InitiateSSO as below
           SAMLIdentityProvider.InitiateSSO(Response, SSOUserId,  attributes, BaseUrl,  partnerSP,  partnerSP);

After calling this, I get an exception as  "A signing key is required to generate an XML signature"  with stack trace as below
at ComponentSpace.SAML2.Utility.XmlSignature.Generate(XmlElement xmlElement, String elementId, AsymmetricAlgorithm signingKey, KeyInfo keyInfo, SignedXml signedXml, String inclusiveNamespacesPrefixList, String digestMethod, String signatureMethod)
 at ComponentSpace.SAML2.Utility.XmlSignature.Generate(XmlElement xmlElement, String elementId, AsymmetricAlgorithm signingKey, X509Certificate2Collection x509Certificates, SignedXml signedXml, String inclusiveNamespacesPrefixList, String digestMethod, String signatureMethod)

Please note - The Client's CER file has been successfully added in database CERT Store Table and it is being used in the GetLocalIdentityProviderSignatureCertificates call as above.
If I set the SignAssertion = false, all work fine..but I do want to set it as true. 
Any suggestions ?
ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
Signatures are generated using the private key associated with the certificate. The local identity provider certificate you're returning is the certificate/public key only. It doesn't include a private key. This is the difference between a CER file, which contains the certificate and public key only, and a PFX file which also includes the private key.

You won't be able to test this with your clients' CER files and they shouldn't provide you their PFX files. However, you can test this with your own PFX file. You can generate a self-signed PFX file as described in our Certificate Guide.

https://www.componentspace.com/Forums/9349/Certificate-Guide


Regards
ComponentSpace Development
GO


Similar Topics


Execution: 0.000. 1 query. Compression Enabled.
Login
Existing Account
Email Address:


Password:


Select a Forum....












Forums, Documentation & Knowledge Base - ComponentSpace


Search