ComponentSpace

Forums



The X.509 certificate could not be loaded from the file


The X.509 certificate could not be loaded from the file

Author
Message
karun
karun
New Member
New Member (8 reputation)New Member (8 reputation)New Member (8 reputation)New Member (8 reputation)New Member (8 reputation)New Member (8 reputation)New Member (8 reputation)New Member (8 reputation)New Member (8 reputation)

Group: Forum Members
Posts: 5, Visits: 121
We are trying component space for saml2.0 integration. We were able to successfully run the example projects (web form) sp inititated saml. Tried integrations with okta and onelogin and have no issues.

When we try to use the same approach in our application, receiving an error while processing "SAMLServiceProvider.ReceiveSSO" from Idp(Okta) . = "Exception: ComponentSpace.SAML2.Exceptions.SAMLCertificateException: The X.509 certificate could not be loaded...."

The InititateSSO is happening successfully but seeing issue loading okat.cer from the certifcates folder within the project

Any help to troubleshoot this would be appreciated. Thanks!
  =================================================================================================
<?xml version="1.0"?>
<SAMLConfiguration xmlns="urn:componentspace:SAML:2.0:configuration">
<ServiceProvider Name="https://localhost:8001"
       Description="SagesGov App"
       AssertionConsumerServiceUrl="~/Handler/SamlAssertionConsumerService.ashx"
  LocalCertificateFile="Certificates\sp.pfx"
  LocalCertificatePassword="password"/>

  <PartnerIdentityProviders>
 
  <!-- Okta -->
  <PartnerIdentityProvider Name="http://www.okta.com/exk1p2pgmpZtSaJh8357"
          Description="Okta"
          SignAuthnRequest="false"
          WantAssertionSigned ="false"
          SignLogoutRequest="true"
          SignLogoutResponse="true"
          WantLogoutRequestSigned="true"
          SingleSignOnServiceUrl="https://dev-398373.okta.com/app/sagesnetworksdev398373_sagesgovsaml_1/exk1p2pgmpZtSaJh8357/sso/saml"
          SingleLogoutServiceUrl="https://dev-398373.okta.com/app/sagesnetworksdev398373_sagesgovsaml_1/exk1p2pgmpZtSaJh8357/slo/saml"
          PartnerCertificateFile="Certificates\okta.cer"/>
 

</PartnerIdentityProviders>
</SAMLConfiguration>
========NOTE====================
tried both true and false for the settings below. same error message is seen in both cases:
  SignAuthnRequest="false"
 WantAssertionSigned ="false"


===========================
ComponentSpace.SAML2 Verbose: 0 : 11108/30: 10/30/2019 12:46:10 PM: Verifying the SAML response signature.
ComponentSpace.SAML2 Verbose: 0 : 11108/30: 10/30/2019 12:46:10 PM: Retrieving the signature certificates for the partner identity provider http://www.okta.com/exk1p2pgmpZtSaJh8357.
ComponentSpace.SAML2 Verbose: 0 : 11108/30: 10/30/2019 12:46:10 PM: Loading the X.509 certificate from the file C:\Users\Karun\Downloads\Teton\src\Teton.Web\Certificates\okta.cer.
ComponentSpace.SAML2 Verbose: 0 : 11108/30: 10/30/2019 12:46:10 PM: Exception: ComponentSpace.SAML2.Exceptions.SAMLCertificateException: The X.509 certificate could not be loaded from the file C:\Users\Karun\Downloads\Teton\src\Teton.Web\Certificates\okta.cer. ---> System.Security.Cryptography.CryptographicException: Cannot find the requested object.
 at System.Security.Cryptography.CryptographicException.ThrowCryptographicException(Int32 hr)
 at System.Security.Cryptography.X509Certificates.X509Utils._QueryCertFileType(String fileName)
 at System.Security.Cryptography.X509Certificates.X509Certificate.LoadCertificateFromFile(String fileName, Object password, X509KeyStorageFlags keyStorageFlags)
 at System.Security.Cryptography.X509Certificates.X509Certificate2..ctor(String fileName, String password, X509KeyStorageFlags keyStorageFlags)
 at ComponentSpace.SAML2.Certificates.CertificateLoader.LoadCertificateFromFile(String certificateFile, String certificatePassword)
 --- End of inner exception stack trace ---
ComponentSpace.SAML2 Verbose: 0 : 11108/30: 10/30/2019 12:46:10 PM:  at ComponentSpace.SAML2.Certificates.CertificateLoader.LoadCertificateFromFile(String certificateFile, String certificatePassword)
 at ComponentSpace.SAML2.Certificates.CachedCertificateLoader.LoadCertificateFromFile(String certificateFile, String certificatePassword)
 at ComponentSpace.SAML2.Certificates.CertificateManager.LoadCertificate(String certificateString, String certificateKey, String certificateFile, String certificatePassword, String certificatePasswordKey, StoreLocation storeLocation, StoreName storeName, String certificateSerialNumber, String certificateThumbprint, String certificateSubject)
 at ComponentSpace.SAML2.Certificates.CertificateManager.LoadPartnerCertificate(PartnerProviderConfiguration partnerProviderConfiguration)
 at ComponentSpace.SAML2.Certificates.CertificateManager.GetPartnerIdentityProviderSignatureCertificates(String configurationID, String partnerIdentityProviderName)
 at ComponentSpace.SAML2.InternalSAMLServiceProvider.GetPartnerProviderSignatureCertificates()
 at ComponentSpace.SAML2.InternalSAMLServiceProvider.VerifySAMLResponseSignature(XmlElement samlResponseElement)
 at ComponentSpace.SAML2.InternalSAMLServiceProvider.ProcessSAMLResponse(XmlElement samlResponseElement, Boolean& isInResponseTo, String& authnContext, String& userName, SAMLAttribute[]& attributes)
 at ComponentSpace.SAML2.InternalSAMLServiceProvider.ReceiveSSO(HttpRequest httpRequest, Boolean& isInResponseTo, String& partnerIdP, String& authnContext, String& userName, SAMLAttribute[]& attributes, String& relayState)
 at ComponentSpace.SAML2.SAMLServiceProvider.ReceiveSSO(HttpRequest httpRequest, Boolean& isInResponseTo, String& partnerIdP, String& authnContext, String& userName, IDictionary`2& attributes, String& relayState)
 at Teton.Web.Handler.SamlAssertionConsumerService.ProcessRequest(HttpContext context) in C:\Users\Karun\Downloads\Teton\src\Teton.Web\Handler\SamlAssertionConsumerService.ashx.cs:line 47
 at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
 at System.Web.HttpApplication.ExecuteStepImpl(IExecutionStep step)
 at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
 at System.Web.HttpApplication.PipelineStepManager.ResumeSteps(Exception error)
 at System.Web.HttpApplication.BeginProcessRequestNotification(HttpContext context, AsyncCallback cb)
 at System.Web.HttpRuntime.ProcessRequestNotificationPrivate(IIS7WorkerRequest wr, HttpContext context)
 at System.Web.Hosting.PipelineRuntime.ProcessRequestNotificationHelper(IntPtr rootedObjectsPointer, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags)
 at System.Web.Hosting.PipelineRuntime.ProcessRequestNotification(IntPtr rootedObjectsPointer, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags)
 at System.Web.Hosting.UnsafeIISMethods.MgdIndicateCompletion(IntPtr pHandler, RequestNotificationStatus& notificationStatus)
 at System.Web.Hosting.PipelineRuntime.ProcessRequestNotificationHelper(IntPtr rootedObjectsPointer, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags)
 at System.Web.Hosting.PipelineRuntime.ProcessRequestNotification(IntPtr rootedObjectsPointer, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags)
Exception thrown: 'ComponentSpace.SAML2.Exceptions.SAMLCertificateException' in ComponentSpace.SAML2.dll

=========================================================================================================================================================


OKTA (Idp) SAML config:

GENERAL

Single Sign On URL
http://localhost:8001/Handler/SamlAssertionConsumerService.ashx
Recipient URL
http://localhost:8001/Handler/SamlAssertionConsumerService.ashx
Destination URL
http://localhost:8001/Handler/SamlAssertionConsumerService.ashx
Audience Restriction
http://localhost:8001
Default Relay State
Name ID Format
EmailAddress
Response
Signed
Assertion Signature
Signed
Signature Algorithm
RSA_SHA256
Digest Algorithm
SHA256
Assertion Encryption
Unencrypted
SAML Single Logout
Enabled
Signature Certificate
sp.cer (CN=www.sp.com)
authnContextClassRef
PasswordProtectedTransport
Honor Force Authentication
Yes
SAML Issuer ID
http://www.okta.com/${org.externalKey








ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
It looks like there's an issue with the okta.cer file. From File Explorer, double click on the okta.cer file and confirm that it opens as a certificate file. If it doesn't, try downloading the certificate from Okta again. Let us know if there's still an issue.

Regards
ComponentSpace Development
karun
karun
New Member
New Member (8 reputation)New Member (8 reputation)New Member (8 reputation)New Member (8 reputation)New Member (8 reputation)New Member (8 reputation)New Member (8 reputation)New Member (8 reputation)New Member (8 reputation)

Group: Forum Members
Posts: 5, Visits: 121
ComponentSpace - 10/30/2019
It looks like there's an issue with the okta.cer file. From File Explorer, double click on the okta.cer file and confirm that it opens as a certificate file. If it doesn't, try downloading the certificate from Okta again. Let us know if there's still an issue.

I have tried opening the file and saw this error message:

https://www.componentspace.com/Forums/Uploads/Images/3fcf2b40-e1db-4fc3-883b-ab2a.png
Replaced it with the certificate from Okta and it works fine. Appreciate your quick response. 

Thanks!!

ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
You're welcome.

Regards
ComponentSpace Development
GO


Similar Topics


Execution: 0.000. 2 queries. Compression Enabled.
Login
Existing Account
Email Address:


Password:


Select a Forum....












Forums, Documentation & Knowledge Base - ComponentSpace


Search