ComponentSpace

Forums



SamlCertificateException ... The X.509 certificate could not be loaded from the file ... failed to...


SamlCertificateException ... The X.509 certificate could not be loaded...

Author
Message
courtney
courtney
New Member
New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)

Group: Awaiting Activation
Posts: 2, Visits: 18
We are testing the latest .Net Core SSO component to upgrade from an old ASP.NET version.

Loading our PFX file is throwing an error:

2022-09-01 16:31:43,779 ERROR ComponentSpace.Saml2.SamlServiceProvider.MoveNext [0] - MESSAGE: Initiation of SSO to the partner identity provider has failed.

ComponentSpace.Saml2.Exceptions.SamlCertificateException: The X.509 certificate could not be loaded from the file C:\inetpub\wwwroot\PBI\wwwroot\Certificates\GraspDataSSO.pfx.
---> ComponentSpace.Saml2.Exceptions.SamlCertificateException: The X.509 certificate with subject name E=*****, CN=*****, OU=*****, O=*****, L=*****, S=CA, C=US, serial number ***** and thumbprint ***** failed to validate.
 at ComponentSpace.Saml2.Certificates.CertificateLoader.ValidateCertificate(X509Certificate2 x509Certificate)
 at ComponentSpace.Saml2.Certificates.CertificateLoader.LoadCertificateFromFileAsync(String certificateFile, String certificatePassword)
 --- End of inner exception stack trace ---
 at ComponentSpace.Saml2.Certificates.CertificateLoader.LoadCertificateFromFileAsync(String certificateFile, String certificatePassword)
 at ComponentSpace.Saml2.Certificates.AbstractCachedCertificateLoader.LoadCertificateFromFileAsync(String certificateFile, String certificatePassword)
 at ComponentSpace.Saml2.Certificates.CertificateManager.LoadCertificatesAsync(IList`1 certificates, CertificateUse certificateUse)
 at ComponentSpace.Saml2.Certificates.CertificateManager.GetLocalServiceProviderCertificatesAsync(LocalServiceProviderConfiguration localServiceProviderConfiguration, PartnerIdentityProviderConfiguration partnerIdentityProviderConfiguration, CertificateUse certificateUse)
 at ComponentSpace.Saml2.SamlServiceProvider.GetLocalProviderSignatureCertificatesAsync(Boolean precondition)
 at ComponentSpace.Saml2.SamlServiceProvider.SendAuthnRequestAsync(XmlElement authnRequestElement, String relayState, String singleSignOnServiceUrl)
 at ComponentSpace.Saml2.SamlServiceProvider.InitiateSsoAsync(String partnerName, String relayState, ISsoOptions ssoOptions)


The PFX loads with the old SSO component.  Windows recognizes it as a valid certificate.  I have tried using a .CER export of the same certificate and I get the same error.

Can you recommend any things for me to try to help me figure out why the file "failed to validate"?  What is it validating against?

Thanks
Courtney

ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.2K reputation)ComponentSpace Development (4.2K reputation)ComponentSpace Development (4.2K reputation)ComponentSpace Development (4.2K reputation)ComponentSpace Development (4.2K reputation)ComponentSpace Development (4.2K reputation)ComponentSpace Development (4.2K reputation)ComponentSpace Development (4.2K reputation)ComponentSpace Development (4.2K reputation)

Group: Administrators
Posts: 3K, Visits: 10K
Hi Courtney,

By default we check whether the certificate has expired. 

This check can be disabled at application start-up as follows.


using ComponentSpace.Saml2.Certificates;


services.Configure<CertificateValidationOptions>(options =>
{
  options.EnableNotAfterCheck = false;
});

// Add SAML SSO services.
services.AddSaml(Configuration.GetSection("SAML"));




Regards
ComponentSpace Development
courtney
courtney
New Member
New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)

Group: Awaiting Activation
Posts: 2, Visits: 18
ComponentSpace - 9/1/2022
Hi Courtney,

By default we check whether the certificate has expired. 

This check can be disabled at application start-up as follows.


using ComponentSpace.Saml2.Certificates;


services.Configure<CertificateValidationOptions>(options =>
{
  options.EnableNotAfterCheck = false;
});

// Add SAML SSO services.
services.AddSaml(Configuration.GetSection("SAML"));



Thank you!  That fixed the problem!

Our certificate was expired but as it was working in our older version of the ASP.NET SSO control, we didn't think it was the issue with the newer .Net Core version.  I guess maybe the default changed since our older version (or we had turned it off on the older version and forgotten about it).  I had looked for some way to possible turn off validation but I wasn't able to come up with the fix you suggested.  Now we can go ahead and upgrade our control!!

Courtney



ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.2K reputation)ComponentSpace Development (4.2K reputation)ComponentSpace Development (4.2K reputation)ComponentSpace Development (4.2K reputation)ComponentSpace Development (4.2K reputation)ComponentSpace Development (4.2K reputation)ComponentSpace Development (4.2K reputation)ComponentSpace Development (4.2K reputation)ComponentSpace Development (4.2K reputation)

Group: Administrators
Posts: 3K, Visits: 10K
Hi Courtney,

We don't have this feature in the older version you were using which is why it wasn't an issue.



Regards
ComponentSpace Development
GO


Similar Topics


Execution: 0.000. 2 queries. Compression Enabled.
Login
Existing Account
Email Address:


Password:


Social Logins

Select a Forum....












Forums, Documentation & Knowledge Base - ComponentSpace


Search