ComponentSpace

Forums



An x509 certificate for the local identity provider hasn't been configured


An x509 certificate for the local identity provider hasn't been...

Author
Message
dmarlow
dmarlow
Junior Member
Junior Member (57 reputation)Junior Member (57 reputation)Junior Member (57 reputation)Junior Member (57 reputation)Junior Member (57 reputation)Junior Member (57 reputation)Junior Member (57 reputation)Junior Member (57 reputation)Junior Member (57 reputation)

Group: Forum Members
Posts: 38, Visits: 175
I'm getting the following error when attempting to perform an IdP (us) initiated SSO to a SP (customer). 

ComponentSpace.SAML2.Exceptions.SAMLConfigurationException: An X.509 certificate for the local identity provider hasn't been configured.
 at ComponentSpace.SAML2.Configuration.SAMLConfiguration.GetLocalIdentityProviderCertificate(String partnerServiceProviderName) in c:\Sandboxes\ComponentSpace\SAMLv20\Library\Configuration\SAMLConfiguration.cs:line 672
 at ComponentSpace.SAML2.InternalSAMLIdentityProvider.CreateSAMLResponse(String userName, SAMLAttribute[] attributes, String statusCode, String statusMessage, String assertionConsumerServiceUrl) in c:\Sandboxes\ComponentSpace\SAMLv20\Library\InternalSAMLIdentityProvider.cs:line 519
 at ComponentSpace.SAML2.InternalSAMLIdentityProvider.InitiateSSO(HttpResponseBase httpResponse, String userName, SAMLAttribute[] attributes, String relayState, String partnerSP, String assertionConsumerServiceUrl) in c:\Sandboxes\ComponentSpace\SAMLv20\Library\InternalSAMLIdentityProvider.cs:line 650
 at ComponentSpace.SAML2.SAMLIdentityProvider.InitiateSSO(HttpResponseBase httpResponse, String userName, SAMLAttribute[] attributes, String relayState, String partnerSP, String assertionConsumerServiceUrl) in c:\Sandboxes\ComponentSpace\SAMLv20\Library\SAMLIdentityProvider.cs:line 238


I do have a certificate specified and configured for use.

var config = new SAMLConfiguration
{
  LocalIdentityProviderConfiguration = new LocalIdentityProviderConfiguration
  {
   Name = "...",
   LocalCertificateFile = "...",
   LocalCertificatePassword = "...."
  }
};


I am, however, using the ICertificateManager store. I'm only using the certificate manager to specify custom certificates to use for a specific service provider. Should I also be registering it there or am I wrong to be doing things in two separate places? I was thinking what I have above would be the default and I didn't need to specify it elsewhere.

Thanks,

Dariel
ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
Hi Dariel
If you specify an ICertificateManager then it's assumed to handle all requests for certificates. We don't call the ICertificateManager and then the default certificate manager.
You could implement your ICertificateManager by calling the default CertificateManager for those certificates you aren't handling directly.
Your certificate manager would need to initialize the default certificate manager as follows.

var defaultCertificateManager = new CertificateManager();
defaultCertificateManager.Initialize(samlConfiguration);

You would then call the appropriate method on the defaultCertificateManager in your certificate manager if you don't handle this directly.
For example:

public override X509Certificate2 GetLocalIdentityProviderCertificate(string partnerServiceProviderName) {
    return defaultCertificateManager.GetLocalIdentityProviderCertificate(partnerServiceProviderName);
}



Regards
ComponentSpace Development
dmarlow
dmarlow
Junior Member
Junior Member (57 reputation)Junior Member (57 reputation)Junior Member (57 reputation)Junior Member (57 reputation)Junior Member (57 reputation)Junior Member (57 reputation)Junior Member (57 reputation)Junior Member (57 reputation)Junior Member (57 reputation)

Group: Forum Members
Posts: 38, Visits: 175
Thanks, that makes sense.

I'm wondering if it's best to modify our custom certificate manager to add the default certificate, used in the SAMLConfiguration, to AddLocalIdentityProviderCertificate to any that don't have a custom one. Hope that made sense. If I override GetLocalIdentityProviderCertificate, then I must keep track of the custom ones I'm adding and either serve the default or use the custom.
Lines 5-7 is what I'd be adding to account for the default certificate manager.

public void AddSpCertificate(ServiceProviderSamlConfig spSamlConfig, PartnerServiceProviderConfiguration spConfig)
{
  if (spSamlConfig.SsoCertificate == null)
  {
   // This is new..
    // Use the default setup in the SAMLConfiguration for this IdP if a custom one isn't specified for the SP.
   AddLocalIdentityProviderCertificate(spConfig.Name, _defCertMgr.GetLocalIdentityProviderCertificate(spConfig.Name));
   return;
  }

  var cert = new X509Certificate2(spSamlConfig.SsoCertificate, spSamlConfig.SsoCertificatePassword);
  AddLocalIdentityProviderCertificate(spConfig.Name, cert);

  // TODO: store a separate public certificate to validate their certs instead of using embedded cert..
  //AddPartnerServiceProviderCertificate(spConfig.Name, cert);
}



What about when acting as the SP (us) to the IdP (customer)? Our app operates as both SP and IdP. I would imagine that for signing AuthnRequests we'd need to use the certificate in the default certificate manager for any IdP that we aren't specifying a custom signing certificate for.

ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
Yes, that's another way to do it.
If you're acting as both the IdP and SP then you would need to ensure you support the GetLocalIdentityProviderCertificate and GetLocalServiceProviderCertificate methods. You could either use the approach I outlined previously or the approach you suggested.

Regards
ComponentSpace Development
will
will
New Member
New Member (5 reputation)New Member (5 reputation)New Member (5 reputation)New Member (5 reputation)New Member (5 reputation)New Member (5 reputation)New Member (5 reputation)New Member (5 reputation)New Member (5 reputation)

Group: Awaiting Activation
Posts: 4, Visits: 1
dmarlow - 9/1/2015
I'm getting the following error when attempting to perform an IdP (us) initiated SSO to a SP (customer). 

ComponentSpace.SAML2.Exceptions.SAMLConfigurationException: An X.509 certificate for the local identity provider hasn't been configured.
 at ComponentSpace.SAML2.Configuration.SAMLConfiguration.GetLocalIdentityProviderCertificate(String partnerServiceProviderName) in c:\Sandboxes\ComponentSpace\SAMLv20\Library\Configuration\SAMLConfiguration.cs:line 672
 at ComponentSpace.SAML2.InternalSAMLIdentityProvider.CreateSAMLResponse(String userName, SAMLAttribute[] attributes, String statusCode, String statusMessage, String assertionConsumerServiceUrl) in c:\Sandboxes\ComponentSpace\SAMLv20\Library\InternalSAMLIdentityProvider.cs:line 519
 at ComponentSpace.SAML2.InternalSAMLIdentityProvider.InitiateSSO(HttpResponseBase httpResponse, String userName, SAMLAttribute[] attributes, String relayState, String partnerSP, String assertionConsumerServiceUrl) in c:\Sandboxes\ComponentSpace\SAMLv20\Library\InternalSAMLIdentityProvider.cs:line 650
 at ComponentSpace.SAML2.SAMLIdentityProvider.InitiateSSO(HttpResponseBase httpResponse, String userName, SAMLAttribute[] attributes, String relayState, String partnerSP, String assertionConsumerServiceUrl) in c:\Sandboxes\ComponentSpace\SAMLv20\Library\SAMLIdentityProvider.cs:line 238


I do have a certificate specified and configured for use.

var config = new SAMLConfiguration
{
  LocalIdentityProviderConfiguration = new LocalIdentityProviderConfiguration
  {
   Name = "...",
   LocalCertificateFile = "...",
   LocalCertificatePassword = "...."
  }
};


I am, however, using the ICertificateManager store. I'm only using the certificate manager to specify custom certificates to use for a specific service provider. Should I also be registering it there or am I wrong to be doing things in two separate places? I was thinking what I have above would be the default and I didn't need to specify it elsewhere.

Thanks,

Dariel



will
will
New Member
New Member (5 reputation)New Member (5 reputation)New Member (5 reputation)New Member (5 reputation)New Member (5 reputation)New Member (5 reputation)New Member (5 reputation)New Member (5 reputation)New Member (5 reputation)

Group: Awaiting Activation
Posts: 4, Visits: 1
dude
will
will
New Member
New Member (5 reputation)New Member (5 reputation)New Member (5 reputation)New Member (5 reputation)New Member (5 reputation)New Member (5 reputation)New Member (5 reputation)New Member (5 reputation)New Member (5 reputation)

Group: Awaiting Activation
Posts: 4, Visits: 1
ComponentSpace - 9/1/2015
Yes, that's another way to do it.
If you're acting as both the IdP and SP then you would need to ensure you support the GetLocalIdentityProviderCertificate and GetLocalServiceProviderCertificate methods. You could either use the approach I outlined previously or the approach you suggested.

[SAMLConfigurationException: An X.509 signature certificate for the local service provider hasn't been configured.] ComponentSpace.SAML2.InternalSAMLServiceProvider.GetLocalProviderSignatureCertificates() +105 ComponentSpace.SAML2.AbstractSAMLProvider.SendLogoutRequest(HttpResponseBase httpResponse, XmlElement logoutRequestElement, String relayState) +202 ComponentSpace.SAML2.InternalSAMLServiceProvider.InitiateSLO(HttpResponseBase httpResponse, String logoutReason, String relayState, String partnerIdP) +281 Authentication.Controllers.SAMLController.Logout(String interface, String rdt) +168 lambda_method(Closure , ControllerBase , Object[] ) +147 System.Web.Mvc.ActionMethodDispatcher.Execute(ControllerBase controller, Object[] parameters) +14 System.Web.Mvc.ReflectedActionDescriptor.Execute(ControllerContext controllerContext, IDictionary`2 parameters) +157 System.Web.Mvc.ControllerActionInvoker.InvokeActionMethod(ControllerContext controllerContext, ActionDescriptor actionDescriptor, IDictionary`2 parameters) +27 System.Web.Mvc.Async.<>c.<BeginInvokeSynchronousActionMethod>b__9_0(IAsyncResult asyncResult, ActionInvocation innerInvokeState) +22 System.Web.Mvc.Async.WrappedAsyncResult`2.CallEndDelegate(IAsyncResult asyncResult) +29 System.Web.Mvc.Async.WrappedAsyncResultBase`1.End() +49 System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeActionMethod(IAsyncResult asyncResult) +32 System.Web.Mvc.Async.<>c__DisplayClass11_0.<InvokeActionMethodFilterAsynchronouslyRecursive>b__0() +58 System.Web.Mvc.Async.<>c__DisplayClass11_2.<InvokeActionMethodFilterAsynchronouslyRecursive>b__2() +228 System.Web.Mvc.Async.<>c__DisplayClass7_0.<BeginInvokeActionMethodWithFilters>b__1(IAsyncResult asyncResult) +10 System.Web.Mvc.Async.WrappedAsyncResult`1.CallEndDelegate(IAsyncResult asyncResult) +10 System.Web.Mvc.Async.WrappedAsyncResultBase`1.End() +49 System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeActionMethodWithFilters(IAsyncResult asy


will
will
New Member
New Member (5 reputation)New Member (5 reputation)New Member (5 reputation)New Member (5 reputation)New Member (5 reputation)New Member (5 reputation)New Member (5 reputation)New Member (5 reputation)New Member (5 reputation)

Group: Awaiting Activation
Posts: 4, Visits: 1
will - 11/21/2023
ComponentSpace - 9/1/2015
Yes, that's another way to do it.
If you're acting as both the IdP and SP then you would need to ensure you support the GetLocalIdentityProviderCertificate and GetLocalServiceProviderCertificate methods. You could either use the approach I outlined previously or the approach you suggested.

[SAMLConfigurationException: An X.509 signature certificate for the local service provider hasn't been configured.] ComponentSpace.SAML2.InternalSAMLServiceProvider.GetLocalProviderSignatureCertificates() +105 ComponentSpace.SAML2.AbstractSAMLProvider.SendLogoutRequest(HttpResponseBase httpResponse, XmlElement logoutRequestElement, String relayState) +202 ComponentSpace.SAML2.InternalSAMLServiceProvider.InitiateSLO(HttpResponseBase httpResponse, String logoutReason, String relayState, String partnerIdP) +281 Authentication.Controllers.SAMLController.Logout(String interface, String rdt) +168 lambda_method(Closure , ControllerBase , Object[] ) +147 System.Web.Mvc.ActionMethodDispatcher.Execute(ControllerBase controller, Object[] parameters) +14 System.Web.Mvc.ReflectedActionDescriptor.Execute(ControllerContext controllerContext, IDictionary`2 parameters) +157 System.Web.Mvc.ControllerActionInvoker.InvokeActionMethod(ControllerContext controllerContext, ActionDescriptor actionDescriptor, IDictionary`2 parameters) +27 System.Web.Mvc.Async.<>c.<BeginInvokeSynchronousActionMethod>b__9_0(IAsyncResult asyncResult, ActionInvocation innerInvokeState) +22 System.Web.Mvc.Async.WrappedAsyncResult`2.CallEndDelegate(IAsyncResult asyncResult) +29 System.Web.Mvc.Async.WrappedAsyncResultBase`1.End() +49 System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeActionMethod(IAsyncResult asyncResult) +32 System.Web.Mvc.Async.<>c__DisplayClass11_0.<InvokeActionMethodFilterAsynchronouslyRecursive>b__0() +58 System.Web.Mvc.Async.<>c__DisplayClass11_2.<InvokeActionMethodFilterAsynchronouslyRecursive>b__2() +228 System.Web.Mvc.Async.<>c__DisplayClass7_0.<BeginInvokeActionMethodWithFilters>b__1(IAsyncResult asyncResult) +10 System.Web.Mvc.Async.WrappedAsyncResult`1.CallEndDelegate(IAsyncResult asyncResult) +10 System.Web.Mvc.Async.WrappedAsyncResultBase`1.End() +49 System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeActionMethodWithFilters(IAsyncResult asy


[SAMLConfigurationException: An X.509 signature certificate for the local service provider hasn't been configured.] ComponentSpace.SAML2.InternalSAMLServiceProvider.GetLocalProviderSignatureCertificates() +105 ComponentSpace.SAML2.AbstractSAMLProvider.SendLogoutRequest(HttpResponseBase httpResponse, XmlElement logoutRequestElement, String relayState) +202 ComponentSpace.SAML2.InternalSAMLServiceProvider.InitiateSLO(HttpResponseBase httpResponse, String logoutReason, String relayState, String partnerIdP) +281 Authentication.Controllers.SAMLController.Logout(String interface, String rdt) +168 lambda_method(Closure , ControllerBase , Object[] ) +147 System.Web.Mvc.ActionMethodDispatcher.Execute(ControllerBase controller, Object[] parameters) +14 System.Web.Mvc.ReflectedActionDescriptor.Execute(ControllerContext controllerContext, IDictionary`2 parameters) +157 System.Web.Mvc.ControllerActionInvoker.InvokeActionMethod(ControllerContext controllerContext, ActionDescriptor actionDescriptor, IDictionary`2 parameters) +27 System.Web.Mvc.Async.<>c.<BeginInvokeSynchronousActionMethod>b__9_0(IAsyncResult asyncResult, ActionInvocation innerInvokeState) +22 System.Web.Mvc.Async.WrappedAsyncResult`2.CallEndDelegate(IAsyncResult asyncResult) +29 System.Web.Mvc.Async.WrappedAsyncResultBase`1.End() +49 System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeActionMethod(IAsyncResult asyncResult) +32 System.Web.Mvc.Async.<>c__DisplayClass11_0.<InvokeActionMethodFilterAsynchronouslyRecursive>b__0() +58 System.Web.Mvc.Async.<>c__DisplayClass11_2.<InvokeActionMethodFilterAsynchronouslyRecursive>b__2() +228 System.Web.Mvc.Async.<>c__DisplayClass7_0.<BeginInvokeActionMethodWithFilters>b__1(IAsyncResult asyncResult) +10 System.Web.Mvc.Async.WrappedAsyncResult`1.CallEndDelegate(IAsyncResult asyncResult) +10 System.Web.Mvc.Async.WrappedAsyncResultBase`1.End() +49 System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeActionMethodWithFilters(IAsyncResult asy
[SAMLConfigurationException: An X.509 signature certificate for the local service provider hasn't been configured.] ComponentSpace.SAML2.InternalSAMLServiceProvider.GetLocalProviderSignatureCertificates() +105 ComponentSpace.SAML2.AbstractSAMLProvider.SendLogoutRequest(HttpResponseBase httpResponse, XmlElement logoutRequestElement, String relayState) +202 ComponentSpace.SAML2.InternalSAMLServiceProvider.InitiateSLO(HttpResponseBase httpResponse, String logoutReason, String relayState, String partnerIdP) +281 Authentication.Controllers.SAMLController.Logout(String interface, String rdt) +168 lambda_method(Closure , ControllerBase , Object[] ) +147 System.Web.Mvc.ActionMethodDispatcher.Execute(ControllerBase controller, Object[] parameters) +14 System.Web.Mvc.ReflectedActionDescriptor.Execute(ControllerContext controllerContext, IDictionary`2 parameters) +157 System.Web.Mvc.ControllerActionInvoker.InvokeActionMethod(ControllerContext controllerContext, ActionDescriptor actionDescriptor, IDictionary`2 parameters) +27 System.Web.Mvc.Async.<>c.<BeginInvokeSynchronousActionMethod>b__9_0(IAsyncResult asyncResult, ActionInvocation innerInvokeState) +22 System.Web.Mvc.Async.WrappedAsyncResult`2.CallEndDelegate(IAsyncResult asyncResult) +29 System.Web.Mvc.Async.WrappedAsyncResultBase`1.End() +49 System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeActionMethod(IAsyncResult asyncResult) +32 System.Web.Mvc.Async.<>c__DisplayClass11_0.<InvokeActionMethodFilterAsynchronouslyRecursive>b__0() +58 System.Web.Mvc.Async.<>c__DisplayClass11_2.<InvokeActionMethodFilterAsynchronouslyRecursive>b__2() +228 System.Web.Mvc.Async.<>c__DisplayClass7_0.<BeginInvokeActionMethodWithFilters>b__1(IAsyncResult asyncResult) +10 System.Web.Mvc.Async.WrappedAsyncResult`1.CallEndDelegate(IAsyncResult asyncResult) +10 System.Web.Mvc.Async.WrappedAsyncResultBase`1.End() +49 System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeActionMethodWithFilters(IAsyncResult asy
[SAMLConfigurationException: An X.509 signature certificate for the local service provider hasn't been configured.] ComponentSpace.SAML2.InternalSAMLServiceProvider.GetLocalProviderSignatureCertificates() +105 ComponentSpace.SAML2.AbstractSAMLProvider.SendLogoutRequest(HttpResponseBase httpResponse, XmlElement logoutRequestElement, String relayState) +202 ComponentSpace.SAML2.InternalSAMLServiceProvider.InitiateSLO(HttpResponseBase httpResponse, String logoutReason, String relayState, String partnerIdP) +281 Authentication.Controllers.SAMLController.Logout(String interface, String rdt) +168 lambda_method(Closure , ControllerBase , Object[] ) +147 System.Web.Mvc.ActionMethodDispatcher.Execute(ControllerBase controller, Object[] parameters) +14 System.Web.Mvc.ReflectedActionDescriptor.Execute(ControllerContext controllerContext, IDictionary`2 parameters) +157 System.Web.Mvc.ControllerActionInvoker.InvokeActionMethod(ControllerContext controllerContext, ActionDescriptor actionDescriptor, IDictionary`2 parameters) +27 System.Web.Mvc.Async.<>c.<BeginInvokeSynchronousActionMethod>b__9_0(IAsyncResult asyncResult, ActionInvocation innerInvokeState) +22 System.Web.Mvc.Async.WrappedAsyncResult`2.CallEndDelegate(IAsyncResult asyncResult) +29 System.Web.Mvc.Async.WrappedAsyncResultBase`1.End() +49 System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeActionMethod(IAsyncResult asyncResult) +32 System.Web.Mvc.Async.<>c__DisplayClass11_0.<InvokeActionMethodFilterAsynchronouslyRecursive>b__0() +58 System.Web.Mvc.Async.<>c__DisplayClass11_2.<InvokeActionMethodFilterAsynchronouslyRecursive>b__2() +228 System.Web.Mvc.Async.<>c__DisplayClass7_0.<BeginInvokeActionMethodWithFilters>b__1(IAsyncResult asyncResult) +10 System.Web.Mvc.Async.WrappedAsyncResult`1.CallEndDelegate(IAsyncResult asyncResult) +10 System.Web.Mvc.Async.WrappedAsyncResultBase`1.End() +49 System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeActionMethodWithFilters(IAsyncResult asy
[SAMLConfigurationException: An X.509 signature certificate for the local service provider hasn't been configured.] ComponentSpace.SAML2.InternalSAMLServiceProvider.GetLocalProviderSignatureCertificates() +105 ComponentSpace.SAML2.AbstractSAMLProvider.SendLogoutRequest(HttpResponseBase httpResponse, XmlElement logoutRequestElement, String relayState) +202 ComponentSpace.SAML2.InternalSAMLServiceProvider.InitiateSLO(HttpResponseBase httpResponse, String logoutReason, String relayState, String partnerIdP) +281 Authentication.Controllers.SAMLController.Logout(String interface, String rdt) +168 lambda_method(Closure , ControllerBase , Object[] ) +147 System.Web.Mvc.ActionMethodDispatcher.Execute(ControllerBase controller, Object[] parameters) +14 System.Web.Mvc.ReflectedActionDescriptor.Execute(ControllerContext controllerContext, IDictionary`2 parameters) +157 System.Web.Mvc.ControllerActionInvoker.InvokeActionMethod(ControllerContext controllerContext, ActionDescriptor actionDescriptor, IDictionary`2 parameters) +27 System.Web.Mvc.Async.<>c.<BeginInvokeSynchronousActionMethod>b__9_0(IAsyncResult asyncResult, ActionInvocation innerInvokeState) +22 System.Web.Mvc.Async.WrappedAsyncResult`2.CallEndDelegate(IAsyncResult asyncResult) +29 System.Web.Mvc.Async.WrappedAsyncResultBase`1.End() +49 System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeActionMethod(IAsyncResult asyncResult) +32 System.Web.Mvc.Async.<>c__DisplayClass11_0.<InvokeActionMethodFilterAsynchronouslyRecursive>b__0() +58 System.Web.Mvc.Async.<>c__DisplayClass11_2.<InvokeActionMethodFilterAsynchronouslyRecursive>b__2() +228 System.Web.Mvc.Async.<>c__DisplayClass7_0.<BeginInvokeActionMethodWithFilters>b__1(IAsyncResult asyncResult) +10 System.Web.Mvc.Async.WrappedAsyncResult`1.CallEndDelegate(IAsyncResult asyncResult) +10 System.Web.Mvc.Async.WrappedAsyncResultBase`1.End() +49 System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeActionMethodWithFilters(IAsyncResult asy
[SAMLConfigurationException: An X.509 signature certificate for the local service provider hasn't been configured.] ComponentSpace.SAML2.InternalSAMLServiceProvider.GetLocalProviderSignatureCertificates() +105 ComponentSpace.SAML2.AbstractSAMLProvider.SendLogoutRequest(HttpResponseBase httpResponse, XmlElement logoutRequestElement, String relayState) +202 ComponentSpace.SAML2.InternalSAMLServiceProvider.InitiateSLO(HttpResponseBase httpResponse, String logoutReason, String relayState, String partnerIdP) +281 Authentication.Controllers.SAMLController.Logout(String interface, String rdt) +168 lambda_method(Closure , ControllerBase , Object[] ) +147 System.Web.Mvc.ActionMethodDispatcher.Execute(ControllerBase controller, Object[] parameters) +14 System.Web.Mvc.ReflectedActionDescriptor.Execute(ControllerContext controllerContext, IDictionary`2 parameters) +157 System.Web.Mvc.ControllerActionInvoker.InvokeActionMethod(ControllerContext controllerContext, ActionDescriptor actionDescriptor, IDictionary`2 parameters) +27 System.Web.Mvc.Async.<>c.<BeginInvokeSynchronousActionMethod>b__9_0(IAsyncResult asyncResult, ActionInvocation innerInvokeState) +22 System.Web.Mvc.Async.WrappedAsyncResult`2.CallEndDelegate(IAsyncResult asyncResult) +29 System.Web.Mvc.Async.WrappedAsyncResultBase`1.End() +49 System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeActionMethod(IAsyncResult asyncResult) +32 System.Web.Mvc.Async.<>c__DisplayClass11_0.<InvokeActionMethodFilterAsynchronouslyRecursive>b__0() +58 System.Web.Mvc.Async.<>c__DisplayClass11_2.<InvokeActionMethodFilterAsynchronouslyRecursive>b__2() +228 System.Web.Mvc.Async.<>c__DisplayClass7_0.<BeginInvokeActionMethodWithFilters>b__1(IAsyncResult asyncResult) +10 System.Web.Mvc.Async.WrappedAsyncResult`1.CallEndDelegate(IAsyncResult asyncResult) +10 System.Web.Mvc.Async.WrappedAsyncResultBase`1.End() +49 System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeActionMethodWithFilters(IAsyncResult asy
[SAMLConfigurationException: An X.509 signature certificate for the local service provider hasn't been configured.] ComponentSpace.SAML2.InternalSAMLServiceProvider.GetLocalProviderSignatureCertificates() +105 ComponentSpace.SAML2.AbstractSAMLProvider.SendLogoutRequest(HttpResponseBase httpResponse, XmlElement logoutRequestElement, String relayState) +202 ComponentSpace.SAML2.InternalSAMLServiceProvider.InitiateSLO(HttpResponseBase httpResponse, String logoutReason, String relayState, String partnerIdP) +281 Authentication.Controllers.SAMLController.Logout(String interface, String rdt) +168 lambda_method(Closure , ControllerBase , Object[] ) +147 System.Web.Mvc.ActionMethodDispatcher.Execute(ControllerBase controller, Object[] parameters) +14 System.Web.Mvc.ReflectedActionDescriptor.Execute(ControllerContext controllerContext, IDictionary`2 parameters) +157 System.Web.Mvc.ControllerActionInvoker.InvokeActionMethod(ControllerContext controllerContext, ActionDescriptor actionDescriptor, IDictionary`2 parameters) +27 System.Web.Mvc.Async.<>c.<BeginInvokeSynchronousActionMethod>b__9_0(IAsyncResult asyncResult, ActionInvocation innerInvokeState) +22 System.Web.Mvc.Async.WrappedAsyncResult`2.CallEndDelegate(IAsyncResult asyncResult) +29 System.Web.Mvc.Async.WrappedAsyncResultBase`1.End() +49 System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeActionMethod(IAsyncResult asyncResult) +32 System.Web.Mvc.Async.<>c__DisplayClass11_0.<InvokeActionMethodFilterAsynchronouslyRecursive>b__0() +58 System.Web.Mvc.Async.<>c__DisplayClass11_2.<InvokeActionMethodFilterAsynchronouslyRecursive>b__2() +228 System.Web.Mvc.Async.<>c__DisplayClass7_0.<BeginInvokeActionMethodWithFilters>b__1(IAsyncResult asyncResult) +10 System.Web.Mvc.Async.WrappedAsyncResult`1.CallEndDelegate(IAsyncResult asyncResult) +10 System.Web.Mvc.Async.WrappedAsyncResultBase`1.End() +49 System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeActionMethodWithFilters(IAsyncResult asy
[SAMLConfigurationException: An X.509 signature certificate for the local service provider hasn't been configured.] ComponentSpace.SAML2.InternalSAMLServiceProvider.GetLocalProviderSignatureCertificates() +105 ComponentSpace.SAML2.AbstractSAMLProvider.SendLogoutRequest(HttpResponseBase httpResponse, XmlElement logoutRequestElement, String relayState) +202 ComponentSpace.SAML2.InternalSAMLServiceProvider.InitiateSLO(HttpResponseBase httpResponse, String logoutReason, String relayState, String partnerIdP) +281 Authentication.Controllers.SAMLController.Logout(String interface, String rdt) +168 lambda_method(Closure , ControllerBase , Object[] ) +147 System.Web.Mvc.ActionMethodDispatcher.Execute(ControllerBase controller, Object[] parameters) +14 System.Web.Mvc.ReflectedActionDescriptor.Execute(ControllerContext controllerContext, IDictionary`2 parameters) +157 System.Web.Mvc.ControllerActionInvoker.InvokeActionMethod(ControllerContext controllerContext, ActionDescriptor actionDescriptor, IDictionary`2 parameters) +27 System.Web.Mvc.Async.<>c.<BeginInvokeSynchronousActionMethod>b__9_0(IAsyncResult asyncResult, ActionInvocation innerInvokeState) +22 System.Web.Mvc.Async.WrappedAsyncResult`2.CallEndDelegate(IAsyncResult asyncResult) +29 System.Web.Mvc.Async.WrappedAsyncResultBase`1.End() +49 System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeActionMethod(IAsyncResult asyncResult) +32 System.Web.Mvc.Async.<>c__DisplayClass11_0.<InvokeActionMethodFilterAsynchronouslyRecursive>b__0() +58 System.Web.Mvc.Async.<>c__DisplayClass11_2.<InvokeActionMethodFilterAsynchronouslyRecursive>b__2() +228 System.Web.Mvc.Async.<>c__DisplayClass7_0.<BeginInvokeActionMethodWithFilters>b__1(IAsyncResult asyncResult) +10 System.Web.Mvc.Async.WrappedAsyncResult`1.CallEndDelegate(IAsyncResult asyncResult) +10 System.Web.Mvc.Async.WrappedAsyncResultBase`1.End() +49 System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeActionMethodWithFilters(IAsyncResult asy


ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
By default, SAML logout messages are signed. This requires a local certificate/private key to be configured.

If you don't wish to sign logout messages and this is supported by the partner identity provider, set the SignLogoutRequest and SignLogoutResponse flags to false in your SAML.configuration.

For example:


<PartnerIdentityProvider
Name="https://ExampleIdentityProvider"
Description="Example Identity Provider"
SignLogoutRequest="false"
SignLogoutResponse="false"
SingleSignOnServiceUrl="https://localhost:44390/SAML/SSOService.aspx"
SingleLogoutServiceUrl="https://localhost:44390/SAML/SLOService.aspx">
<PartnerCertificates>
    <Certificate FileName="Certificates\idp.cer"/>
</PartnerCertificates>
</PartnerIdentityProvider>




Regards
ComponentSpace Development
GO


Similar Topics


Execution: 0.000. 2 queries. Compression Enabled.
Login
Existing Account
Email Address:


Password:


Select a Forum....












Forums, Documentation & Knowledge Base - ComponentSpace


Search