Forums, Documentation & Knowledge Base - ComponentSpace

SamlCertificateException ... The X.509 certificate could not be loaded from the file ... failed to validate


https://componentspace.com/forums/Topic12195.aspx

By courtney - 9/1/2022

We are testing the latest .Net Core SSO component to upgrade from an old ASP.NET version.

Loading our PFX file is throwing an error:

2022-09-01 16:31:43,779 ERROR ComponentSpace.Saml2.SamlServiceProvider.MoveNext [0] - MESSAGE: Initiation of SSO to the partner identity provider has failed.

ComponentSpace.Saml2.Exceptions.SamlCertificateException: The X.509 certificate could not be loaded from the file C:\inetpub\wwwroot\PBI\wwwroot\Certificates\GraspDataSSO.pfx.
---> ComponentSpace.Saml2.Exceptions.SamlCertificateException: The X.509 certificate with subject name E=*****, CN=*****, OU=*****, O=*****, L=*****, S=CA, C=US, serial number ***** and thumbprint ***** failed to validate.
 at ComponentSpace.Saml2.Certificates.CertificateLoader.ValidateCertificate(X509Certificate2 x509Certificate)
 at ComponentSpace.Saml2.Certificates.CertificateLoader.LoadCertificateFromFileAsync(String certificateFile, String certificatePassword)
 --- End of inner exception stack trace ---
 at ComponentSpace.Saml2.Certificates.CertificateLoader.LoadCertificateFromFileAsync(String certificateFile, String certificatePassword)
 at ComponentSpace.Saml2.Certificates.AbstractCachedCertificateLoader.LoadCertificateFromFileAsync(String certificateFile, String certificatePassword)
 at ComponentSpace.Saml2.Certificates.CertificateManager.LoadCertificatesAsync(IList`1 certificates, CertificateUse certificateUse)
 at ComponentSpace.Saml2.Certificates.CertificateManager.GetLocalServiceProviderCertificatesAsync(LocalServiceProviderConfiguration localServiceProviderConfiguration, PartnerIdentityProviderConfiguration partnerIdentityProviderConfiguration, CertificateUse certificateUse)
 at ComponentSpace.Saml2.SamlServiceProvider.GetLocalProviderSignatureCertificatesAsync(Boolean precondition)
 at ComponentSpace.Saml2.SamlServiceProvider.SendAuthnRequestAsync(XmlElement authnRequestElement, String relayState, String singleSignOnServiceUrl)
 at ComponentSpace.Saml2.SamlServiceProvider.InitiateSsoAsync(String partnerName, String relayState, ISsoOptions ssoOptions)


The PFX loads with the old SSO component.  Windows recognizes it as a valid certificate.  I have tried using a .CER export of the same certificate and I get the same error.

Can you recommend any things for me to try to help me figure out why the file "failed to validate"?  What is it validating against?

Thanks
Courtney
By ComponentSpace - 9/6/2022

Hi Courtney,

We don't have this feature in the older version you were using which is why it wasn't an issue.