We don’t make available the source code unless a license is purchased which includes the source code option. Also, I removed the decompiled code from your post. We prefer that our code isn’t shown like this and it isn’t required to resolve this issue.
Originally you were talking about the LocalMachine
and CurrentUser
store locations. These refer to certificates stored in a Windows certificate store.
You then said that in Azure your certificates are stored in a key vault.
Key vaults and Windows certificate stores are completely different technologies accessed in completely different ways.
If you’re storing certificates in a key vault you don’t specify a StoreLocation
or SerialNumber
etc. These only apply to Windows certificate stores.
The SAML library doesn’t include code for directly accessing an Azure key vault. Instead, the application is responsible for retrieving certificates from Azure key vaults and then making these available to the SAML library.
Once retrieved from Azure, there are two options for the application to make these certificates available to the SAML library.
The first is to directly specify the base-64 encoded string using the CertificateConfiguration.String
property.
The second is to saved the base-64 encoded string as an application setting using .NET’s ConfigurationManager
class and to specify the application setting key using the CertificateConfiguration.Key
property.
You can retrieve a certificate from a key vault using the DownloadCertificate
method of the CertificateClient
class which is under the Azure.Security.KeyVault.Certificates
namespace. Please refer to Microsoft’s documentation for more information.
Note that only certificates with private keys may be stored in Azure key vaults. This means that local certificates may be stored in a key vault. However, a partner certificate, which obviously doesn’t include the private key, can’t be stored in a key vault. You must store partner certificates some other way. One option is to use Azure blob storage.
Your GetPartnerServiceProviderConfiguration
method indicates the SAML library version you’re using is at least seven years old. I strongly recommend you move to the latest version.
Also, you’re specifying the local certificate as part of the PartnerServiceProviderConfiguration
. This is supported primarily to assist in staggering certificate rollover as described in the Certificate Guide. More typically, the local certificate is specified in the LocalIdentityProviderConfiguration
.
To summarize:
-
Add code to your application to retrieve the certificate from the Azure key vault, export it and save it as a base-64 encoded string.
-
Specify the certificate string as part of the SAML configuration using the CertificateConfiguration.String
property. As you’re using an old version of the SAML library the property name is probably different.