ComponentSpace

Forums



SAML Configuration


SAML Configuration

Author
Message
supriyo.is4u
supriyo.is4u
New Member
New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)

Group: Forum Members
Posts: 7, Visits: 38
Hi,
Now, After changing the WantAssertionEncrypted to "true". Is it due to any changes required

The SAML assertion isn't encrypted.



ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
Setting WantAssertionEncrypted means that you expect the SAML assertion from the partner identity provider to be encrypted.
If it isn't then it's an error.
If you require the SAML assertion to be encrypted you'll need to speak the identity provider.



Regards
ComponentSpace Development
supriyo.is4u
supriyo.is4u
New Member
New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)

Group: Forum Members
Posts: 7, Visits: 38
ComponentSpace - 3/24/2017
Setting WantAssertionEncrypted means that you expect the SAML assertion from the partner identity provider to be encrypted.
If it isn't then it's an error.
If you require the SAML assertion to be encrypted you'll need to speak the identity provider.


Hi ,

The partner identity provider wants me to upload a Assertive Encryption certificate.Where can i get the certificate?can i get a sample certificate.


ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
I think what they're referring to is your certificate which they'll use to encrypt the SAML assertion.
The sp.cer we ship with the examples may be used for this. This is a self-signed certificate which is suitable for testing.
If you have an SSL certificate to support an HTTPS binding this may be used in a production environment to support encryption of the SAML assertion. You supply the partner identity provider with your public key (eg a .CER file) and you use your private key (eg a .PFX file) to decrypt the assertion.

Regards
ComponentSpace Development
supriyo.is4u
supriyo.is4u
New Member
New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)

Group: Forum Members
Posts: 7, Visits: 38
Hi,
I have made some changes in the saml.config.

Steps:

1. installed the idp.pfx in the certificate store.
2. export the idp.cer from the store.
3. uploaded the idp.cer file to the IDP provider.

Changed in the saml.comfig
<ServiceProvider Name="DEV_SB" LocalCertificatePassword="password" LocalCertificateFile="C:\Project\idp.pfx" />
Error :
The X.509 certificate could not be loaded from the file

can you please help to resolve the error
ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
Normally sp.pfx is the LocalCertificateFile for the <ServiceProvider>.
Please check that the file exists and has the correct permissions.
http://www.componentspace.com/Forums/29/Troubleshooting-Loading-X.509-Certificates 
If you're still having issues, please enable SAML trace and send the generated log file as an email attachment to [email protected] mentioning this forum post.
http://www.componentspace.com/Forums/17/Enabing-SAML-Trace


Regards
ComponentSpace Development
supriyo.is4u
supriyo.is4u
New Member
New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)

Group: Forum Members
Posts: 7, Visits: 38
While running the SSO url , i am receiving error "Input String is not in correct Format".can you please help
ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
Please enable SAML trace and send the generated log file as an email attachment to [email protected].
https://www.componentspace.com/Forums/17/Enabing-SAML-Trace
Please mention your forum post too.


Regards
ComponentSpace Development
mike.woods
mike.woods
New Member
New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)

Group: Forum Members
Posts: 2, Visits: 13
Is it possible to change the location of the saml.config file or will it only ever look for it at the root of the app domain? 

I'm trying to figure out how to automate the provisioning of new Idps in our system.  I've worked out that the directory to the certificate can be a fully qualified path (and thus exist outside of the web directory) but it seems like the saml.config can't be moved which means that newly added entries to the file also must be committed to source control or else they'll be overwritten during the next code deployment.

I figured that if we could store the saml.config external to the web directory then I don't have to worry about it getting overwritten.  Is there a recommended pattern for handling this situation that I'm missing?
ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
Hi Mike
You can specify the saml.config path through an app setting in your web.config.

<appSettings>
<!-- The relative or absolute path of the SAML configuration file. It defaults to saml.config. -->
<add key="SAMLConfigFile" value="c:\config\saml.config"/>
</appSettings>



It's also possible to do this programmatically at application start-up if you prefer.

SAMLController.Configurations = SAMLConfigurationFile.Load(@”C:\config\saml.config”);




Regards
ComponentSpace Development
GO


Similar Topics


Execution: 0.000. 2 queries. Compression Enabled.
Login
Existing Account
Email Address:


Password:


Select a Forum....












Forums, Documentation & Knowledge Base - ComponentSpace


Search