I’m getting the following error when attempting to perform an IdP (us) initiated SSO to a SP (customer).
ComponentSpace.SAML2.Exceptions.SAMLConfigurationException: An X.509 certificate for the local identity provider hasn’t been configured.
at ComponentSpace.SAML2.Configuration.SAMLConfiguration.GetLocalIdentityProviderCertificate(String partnerServiceProviderName) in c:\Sandboxes\ComponentSpace\SAMLv20\Library\Configuration\SAMLConfiguration.cs:line 672
at ComponentSpace.SAML2.InternalSAMLIdentityProvider.CreateSAMLResponse(String userName, SAMLAttribute[] attributes, String statusCode, String statusMessage, String assertionConsumerServiceUrl) in c:\Sandboxes\ComponentSpace\SAMLv20\Library\InternalSAMLIdentityProvider.cs:line 519
at ComponentSpace.SAML2.InternalSAMLIdentityProvider.InitiateSSO(HttpResponseBase httpResponse, String userName, SAMLAttribute[] attributes, String relayState, String partnerSP, String assertionConsumerServiceUrl) in c:\Sandboxes\ComponentSpace\SAMLv20\Library\InternalSAMLIdentityProvider.cs:line 650
at ComponentSpace.SAML2.SAMLIdentityProvider.InitiateSSO(HttpResponseBase httpResponse, String userName, SAMLAttribute[] attributes, String relayState, String partnerSP, String assertionConsumerServiceUrl) in c:\Sandboxes\ComponentSpace\SAMLv20\Library\SAMLIdentityProvider.cs:line 238
I do have a certificate specified and configured for use.
var config = new SAMLConfiguration
{
LocalIdentityProviderConfiguration = new LocalIdentityProviderConfiguration
{
Name = “…”,
LocalCertificateFile = “…”,
LocalCertificatePassword = “…”
}
};
I am, however, using the ICertificateManager store. I’m only using the certificate manager to specify custom certificates to use for a specific service provider. Should I also be registering it there or am I wrong to be doing things in two separate places? I was thinking what I have above would be the default and I didn’t need to specify it elsewhere.
Thanks,
Dariel
Hi Dariel
If you specify an ICertificateManager then it’s assumed to handle all requests for certificates. We don’t call the ICertificateManager and then the default certificate manager.
You could implement your ICertificateManager by calling the default CertificateManager for those certificates you aren’t handling directly.
Your certificate manager would need to initialize the default certificate manager as follows.
var defaultCertificateManager = new CertificateManager();
defaultCertificateManager.Initialize(samlConfiguration);
You would then call the appropriate method on the defaultCertificateManager in your certificate manager if you don’t handle this directly.
For example:
public override X509Certificate2 GetLocalIdentityProviderCertificate(string partnerServiceProviderName) {
return defaultCertificateManager.GetLocalIdentityProviderCertificate(partnerServiceProviderName);
}
Thanks, that makes sense.
I’m wondering if it’s best to modify our custom certificate manager to add the default certificate, used in the SAMLConfiguration, to AddLocalIdentityProviderCertificate to any that don’t have a custom one. Hope that made sense. If I override GetLocalIdentityProviderCertificate, then I must keep track of the custom ones I’m adding and either serve the default or use the custom.
Lines 5-7 is what I’d be adding to account for the default certificate manager.
public void AddSpCertificate(ServiceProviderSamlConfig spSamlConfig, PartnerServiceProviderConfiguration spConfig)
{
if (spSamlConfig.SsoCertificate == null)
{
// This is new…
// Use the default setup in the SAMLConfiguration for this IdP if a custom one isn’t specified for the SP.
AddLocalIdentityProviderCertificate(spConfig.Name, _defCertMgr.GetLocalIdentityProviderCertificate(spConfig.Name));
return;
}
var cert = new X509Certificate2(spSamlConfig.SsoCertificate, spSamlConfig.SsoCertificatePassword);
AddLocalIdentityProviderCertificate(spConfig.Name, cert);
// TODO: store a separate public certificate to validate their certs instead of using embedded cert…
//AddPartnerServiceProviderCertificate(spConfig.Name, cert);
}
What about when acting as the SP (us) to the IdP (customer)? Our app operates as both SP and IdP. I would imagine that for signing AuthnRequests we’d need to use the certificate in the default certificate manager for any IdP that we aren’t specifying a custom signing certificate for.
Yes, that’s another way to do it.
If you’re acting as both the IdP and SP then you would need to ensure you support the GetLocalIdentityProviderCertificate and GetLocalServiceProviderCertificate methods. You could either use the approach I outlined previously or the approach you suggested.
[quote][/quote]
I'm getting the following error when attempting to perform an IdP (us) initiated SSO to a SP (customer).
ComponentSpace.SAML2.Exceptions.SAMLConfigurationException: An X.509 certificate for the local identity provider hasn't been configured.
at ComponentSpace.SAML2.Configuration.SAMLConfiguration.GetLocalIdentityProviderCertificate(String partnerServiceProviderName) in c:\Sandboxes\ComponentSpace\SAMLv20\Library\Configuration\SAMLConfiguration.cs:line 672
at ComponentSpace.SAML2.InternalSAMLIdentityProvider.CreateSAMLResponse(String userName, SAMLAttribute[] attributes, String statusCode, String statusMessage, String assertionConsumerServiceUrl) in c:\Sandboxes\ComponentSpace\SAMLv20\Library\InternalSAMLIdentityProvider.cs:line 519
at ComponentSpace.SAML2.InternalSAMLIdentityProvider.InitiateSSO(HttpResponseBase httpResponse, String userName, SAMLAttribute[] attributes, String relayState, String partnerSP, String assertionConsumerServiceUrl) in c:\Sandboxes\ComponentSpace\SAMLv20\Library\InternalSAMLIdentityProvider.cs:line 650
at ComponentSpace.SAML2.SAMLIdentityProvider.InitiateSSO(HttpResponseBase httpResponse, String userName, SAMLAttribute[] attributes, String relayState, String partnerSP, String assertionConsumerServiceUrl) in c:\Sandboxes\ComponentSpace\SAMLv20\Library\SAMLIdentityProvider.cs:line 238
I do have a certificate specified and configured for use.
var config = new SAMLConfiguration
{
LocalIdentityProviderConfiguration = new LocalIdentityProviderConfiguration
{
Name = "...",
LocalCertificateFile = "...",
LocalCertificatePassword = "...."
}
};
I am, however, using the ICertificateManager store. I'm only using the certificate manager to specify custom certificates to use for a specific service provider. Should I also be registering it there or am I wrong to be doing things in two separate places? I was thinking what I have above would be the default and I didn't need to specify it elsewhere.
Thanks,
Dariel
ComponentSpace.SAML2.Exceptions.SAMLConfigurationException: An X.509 certificate for the local identity provider hasn't been configured.
at ComponentSpace.SAML2.Configuration.SAMLConfiguration.GetLocalIdentityProviderCertificate(String partnerServiceProviderName) in c:\Sandboxes\ComponentSpace\SAMLv20\Library\Configuration\SAMLConfiguration.cs:line 672
at ComponentSpace.SAML2.InternalSAMLIdentityProvider.CreateSAMLResponse(String userName, SAMLAttribute[] attributes, String statusCode, String statusMessage, String assertionConsumerServiceUrl) in c:\Sandboxes\ComponentSpace\SAMLv20\Library\InternalSAMLIdentityProvider.cs:line 519
at ComponentSpace.SAML2.InternalSAMLIdentityProvider.InitiateSSO(HttpResponseBase httpResponse, String userName, SAMLAttribute[] attributes, String relayState, String partnerSP, String assertionConsumerServiceUrl) in c:\Sandboxes\ComponentSpace\SAMLv20\Library\InternalSAMLIdentityProvider.cs:line 650
at ComponentSpace.SAML2.SAMLIdentityProvider.InitiateSSO(HttpResponseBase httpResponse, String userName, SAMLAttribute[] attributes, String relayState, String partnerSP, String assertionConsumerServiceUrl) in c:\Sandboxes\ComponentSpace\SAMLv20\Library\SAMLIdentityProvider.cs:line 238
I do have a certificate specified and configured for use.
var config = new SAMLConfiguration
{
LocalIdentityProviderConfiguration = new LocalIdentityProviderConfiguration
{
Name = "...",
LocalCertificateFile = "...",
LocalCertificatePassword = "...."
}
};
I am, however, using the ICertificateManager store. I'm only using the certificate manager to specify custom certificates to use for a specific service provider. Should I also be registering it there or am I wrong to be doing things in two separate places? I was thinking what I have above would be the default and I didn't need to specify it elsewhere.
Thanks,
Dariel
dude
[quote]
[/quote]
[SAMLConfigurationException: An X.509 signature certificate for the local service provider hasn't been configured.] ComponentSpace.SAML2.InternalSAMLServiceProvider.GetLocalProviderSignatureCertificates() +105 ComponentSpace.SAML2.AbstractSAMLProvider.SendLogoutRequest(HttpResponseBase httpResponse, XmlElement logoutRequestElement, String relayState) +202 ComponentSpace.SAML2.InternalSAMLServiceProvider.InitiateSLO(HttpResponseBase httpResponse, String logoutReason, String relayState, String partnerIdP) +281 Authentication.Controllers.SAMLController.Logout(String interface, String rdt) +168 lambda_method(Closure , ControllerBase , Object[] ) +147 System.Web.Mvc.ActionMethodDispatcher.Execute(ControllerBase controller, Object[] parameters) +14 System.Web.Mvc.ReflectedActionDescriptor.Execute(ControllerContext controllerContext, IDictionary parameters) +157 System.Web.Mvc.ControllerActionInvoker.InvokeActionMethod(ControllerContext controllerContext, ActionDescriptor actionDescriptor, IDictionary parameters) +27 System.Web.Mvc.Async.<>c.b__9_0(IAsyncResult asyncResult, ActionInvocation innerInvokeState) +22 System.Web.Mvc.Async.WrappedAsyncResult.CallEndDelegate(IAsyncResult asyncResult) +29 System.Web.Mvc.Async.WrappedAsyncResultBase.End() +49 System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeActionMethod(IAsyncResult asyncResult) +32 System.Web.Mvc.Async.<>c__DisplayClass11_0.b__0() +58 System.Web.Mvc.Async.<>c__DisplayClass11_2.b__2() +228 System.Web.Mvc.Async.<>c__DisplayClass7_0.b__1(IAsyncResult asyncResult) +10 System.Web.Mvc.Async.WrappedAsyncResult.CallEndDelegate(IAsyncResult asyncResult) +10 System.Web.Mvc.Async.WrappedAsyncResultBase.End() +49 System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeActionMethodWithFilters(IAsyncResult asy
[quote]
[/quote]
[SAMLConfigurationException: An X.509 signature certificate for the local service provider hasn't been configured.] ComponentSpace.SAML2.InternalSAMLServiceProvider.GetLocalProviderSignatureCertificates() +105 ComponentSpace.SAML2.AbstractSAMLProvider.SendLogoutRequest(HttpResponseBase httpResponse, XmlElement logoutRequestElement, String relayState) +202 ComponentSpace.SAML2.InternalSAMLServiceProvider.InitiateSLO(HttpResponseBase httpResponse, String logoutReason, String relayState, String partnerIdP) +281 Authentication.Controllers.SAMLController.Logout(String interface, String rdt) +168 lambda_method(Closure , ControllerBase , Object[] ) +147 System.Web.Mvc.ActionMethodDispatcher.Execute(ControllerBase controller, Object[] parameters) +14 System.Web.Mvc.ReflectedActionDescriptor.Execute(ControllerContext controllerContext, IDictionary parameters) +157 System.Web.Mvc.ControllerActionInvoker.InvokeActionMethod(ControllerContext controllerContext, ActionDescriptor actionDescriptor, IDictionary parameters) +27 System.Web.Mvc.Async.<>c.b__9_0(IAsyncResult asyncResult, ActionInvocation innerInvokeState) +22 System.Web.Mvc.Async.WrappedAsyncResult.CallEndDelegate(IAsyncResult asyncResult) +29 System.Web.Mvc.Async.WrappedAsyncResultBase.End() +49 System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeActionMethod(IAsyncResult asyncResult) +32 System.Web.Mvc.Async.<>c__DisplayClass11_0.b__0() +58 System.Web.Mvc.Async.<>c__DisplayClass11_2.b__2() +228 System.Web.Mvc.Async.<>c__DisplayClass7_0.b__1(IAsyncResult asyncResult) +10 System.Web.Mvc.Async.WrappedAsyncResult.CallEndDelegate(IAsyncResult asyncResult) +10 System.Web.Mvc.Async.WrappedAsyncResultBase.End() +49 System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeActionMethodWithFilters(IAsyncResult asy
[/quote]
[SAMLConfigurationException: An X.509 signature certificate for the local service provider hasn't been configured.] ComponentSpace.SAML2.InternalSAMLServiceProvider.GetLocalProviderSignatureCertificates() +105 ComponentSpace.SAML2.AbstractSAMLProvider.SendLogoutRequest(HttpResponseBase httpResponse, XmlElement logoutRequestElement, String relayState) +202 ComponentSpace.SAML2.InternalSAMLServiceProvider.InitiateSLO(HttpResponseBase httpResponse, String logoutReason, String relayState, String partnerIdP) +281 Authentication.Controllers.SAMLController.Logout(String interface, String rdt) +168 lambda_method(Closure , ControllerBase , Object[] ) +147 System.Web.Mvc.ActionMethodDispatcher.Execute(ControllerBase controller, Object[] parameters) +14 System.Web.Mvc.ReflectedActionDescriptor.Execute(ControllerContext controllerContext, IDictionary parameters) +157 System.Web.Mvc.ControllerActionInvoker.InvokeActionMethod(ControllerContext controllerContext, ActionDescriptor actionDescriptor, IDictionary parameters) +27 System.Web.Mvc.Async.<>c.b__9_0(IAsyncResult asyncResult, ActionInvocation innerInvokeState) +22 System.Web.Mvc.Async.WrappedAsyncResult.CallEndDelegate(IAsyncResult asyncResult) +29 System.Web.Mvc.Async.WrappedAsyncResultBase.End() +49 System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeActionMethod(IAsyncResult asyncResult) +32 System.Web.Mvc.Async.<>c__DisplayClass11_0.b__0() +58 System.Web.Mvc.Async.<>c__DisplayClass11_2.b__2() +228 System.Web.Mvc.Async.<>c__DisplayClass7_0.b__1(IAsyncResult asyncResult) +10 System.Web.Mvc.Async.WrappedAsyncResult.CallEndDelegate(IAsyncResult asyncResult) +10 System.Web.Mvc.Async.WrappedAsyncResultBase.End() +49 System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeActionMethodWithFilters(IAsyncResult asy
[SAMLConfigurationException: An X.509 signature certificate for the local service provider hasn't been configured.] ComponentSpace.SAML2.InternalSAMLServiceProvider.GetLocalProviderSignatureCertificates() +105 ComponentSpace.SAML2.AbstractSAMLProvider.SendLogoutRequest(HttpResponseBase httpResponse, XmlElement logoutRequestElement, String relayState) +202 ComponentSpace.SAML2.InternalSAMLServiceProvider.InitiateSLO(HttpResponseBase httpResponse, String logoutReason, String relayState, String partnerIdP) +281 Authentication.Controllers.SAMLController.Logout(String interface, String rdt) +168 lambda_method(Closure , ControllerBase , Object[] ) +147 System.Web.Mvc.ActionMethodDispatcher.Execute(ControllerBase controller, Object[] parameters) +14 System.Web.Mvc.ReflectedActionDescriptor.Execute(ControllerContext controllerContext, IDictionary parameters) +157 System.Web.Mvc.ControllerActionInvoker.InvokeActionMethod(ControllerContext controllerContext, ActionDescriptor actionDescriptor, IDictionary parameters) +27 System.Web.Mvc.Async.<>c.b__9_0(IAsyncResult asyncResult, ActionInvocation innerInvokeState) +22 System.Web.Mvc.Async.WrappedAsyncResult.CallEndDelegate(IAsyncResult asyncResult) +29 System.Web.Mvc.Async.WrappedAsyncResultBase.End() +49 System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeActionMethod(IAsyncResult asyncResult) +32 System.Web.Mvc.Async.<>c__DisplayClass11_0.b__0() +58 System.Web.Mvc.Async.<>c__DisplayClass11_2.b__2() +228 System.Web.Mvc.Async.<>c__DisplayClass7_0.b__1(IAsyncResult asyncResult) +10 System.Web.Mvc.Async.WrappedAsyncResult.CallEndDelegate(IAsyncResult asyncResult) +10 System.Web.Mvc.Async.WrappedAsyncResultBase.End() +49 System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeActionMethodWithFilters(IAsyncResult asy
[SAMLConfigurationException: An X.509 signature certificate for the local service provider hasn't been configured.] ComponentSpace.SAML2.InternalSAMLServiceProvider.GetLocalProviderSignatureCertificates() +105 ComponentSpace.SAML2.AbstractSAMLProvider.SendLogoutRequest(HttpResponseBase httpResponse, XmlElement logoutRequestElement, String relayState) +202 ComponentSpace.SAML2.InternalSAMLServiceProvider.InitiateSLO(HttpResponseBase httpResponse, String logoutReason, String relayState, String partnerIdP) +281 Authentication.Controllers.SAMLController.Logout(String interface, String rdt) +168 lambda_method(Closure , ControllerBase , Object[] ) +147 System.Web.Mvc.ActionMethodDispatcher.Execute(ControllerBase controller, Object[] parameters) +14 System.Web.Mvc.ReflectedActionDescriptor.Execute(ControllerContext controllerContext, IDictionary parameters) +157 System.Web.Mvc.ControllerActionInvoker.InvokeActionMethod(ControllerContext controllerContext, ActionDescriptor actionDescriptor, IDictionary parameters) +27 System.Web.Mvc.Async.<>c.b__9_0(IAsyncResult asyncResult, ActionInvocation innerInvokeState) +22 System.Web.Mvc.Async.WrappedAsyncResult.CallEndDelegate(IAsyncResult asyncResult) +29 System.Web.Mvc.Async.WrappedAsyncResultBase.End() +49 System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeActionMethod(IAsyncResult asyncResult) +32 System.Web.Mvc.Async.<>c__DisplayClass11_0.b__0() +58 System.Web.Mvc.Async.<>c__DisplayClass11_2.b__2() +228 System.Web.Mvc.Async.<>c__DisplayClass7_0.b__1(IAsyncResult asyncResult) +10 System.Web.Mvc.Async.WrappedAsyncResult.CallEndDelegate(IAsyncResult asyncResult) +10 System.Web.Mvc.Async.WrappedAsyncResultBase.End() +49 System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeActionMethodWithFilters(IAsyncResult asy
[SAMLConfigurationException: An X.509 signature certificate for the local service provider hasn't been configured.] ComponentSpace.SAML2.InternalSAMLServiceProvider.GetLocalProviderSignatureCertificates() +105 ComponentSpace.SAML2.AbstractSAMLProvider.SendLogoutRequest(HttpResponseBase httpResponse, XmlElement logoutRequestElement, String relayState) +202 ComponentSpace.SAML2.InternalSAMLServiceProvider.InitiateSLO(HttpResponseBase httpResponse, String logoutReason, String relayState, String partnerIdP) +281 Authentication.Controllers.SAMLController.Logout(String interface, String rdt) +168 lambda_method(Closure , ControllerBase , Object[] ) +147 System.Web.Mvc.ActionMethodDispatcher.Execute(ControllerBase controller, Object[] parameters) +14 System.Web.Mvc.ReflectedActionDescriptor.Execute(ControllerContext controllerContext, IDictionary parameters) +157 System.Web.Mvc.ControllerActionInvoker.InvokeActionMethod(ControllerContext controllerContext, ActionDescriptor actionDescriptor, IDictionary parameters) +27 System.Web.Mvc.Async.<>c.b__9_0(IAsyncResult asyncResult, ActionInvocation innerInvokeState) +22 System.Web.Mvc.Async.WrappedAsyncResult.CallEndDelegate(IAsyncResult asyncResult) +29 System.Web.Mvc.Async.WrappedAsyncResultBase.End() +49 System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeActionMethod(IAsyncResult asyncResult) +32 System.Web.Mvc.Async.<>c__DisplayClass11_0.b__0() +58 System.Web.Mvc.Async.<>c__DisplayClass11_2.b__2() +228 System.Web.Mvc.Async.<>c__DisplayClass7_0.b__1(IAsyncResult asyncResult) +10 System.Web.Mvc.Async.WrappedAsyncResult.CallEndDelegate(IAsyncResult asyncResult) +10 System.Web.Mvc.Async.WrappedAsyncResultBase.End() +49 System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeActionMethodWithFilters(IAsyncResult asy
[SAMLConfigurationException: An X.509 signature certificate for the local service provider hasn't been configured.] ComponentSpace.SAML2.InternalSAMLServiceProvider.GetLocalProviderSignatureCertificates() +105 ComponentSpace.SAML2.AbstractSAMLProvider.SendLogoutRequest(HttpResponseBase httpResponse, XmlElement logoutRequestElement, String relayState) +202 ComponentSpace.SAML2.InternalSAMLServiceProvider.InitiateSLO(HttpResponseBase httpResponse, String logoutReason, String relayState, String partnerIdP) +281 Authentication.Controllers.SAMLController.Logout(String interface, String rdt) +168 lambda_method(Closure , ControllerBase , Object[] ) +147 System.Web.Mvc.ActionMethodDispatcher.Execute(ControllerBase controller, Object[] parameters) +14 System.Web.Mvc.ReflectedActionDescriptor.Execute(ControllerContext controllerContext, IDictionary parameters) +157 System.Web.Mvc.ControllerActionInvoker.InvokeActionMethod(ControllerContext controllerContext, ActionDescriptor actionDescriptor, IDictionary parameters) +27 System.Web.Mvc.Async.<>c.b__9_0(IAsyncResult asyncResult, ActionInvocation innerInvokeState) +22 System.Web.Mvc.Async.WrappedAsyncResult.CallEndDelegate(IAsyncResult asyncResult) +29 System.Web.Mvc.Async.WrappedAsyncResultBase.End() +49 System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeActionMethod(IAsyncResult asyncResult) +32 System.Web.Mvc.Async.<>c__DisplayClass11_0.b__0() +58 System.Web.Mvc.Async.<>c__DisplayClass11_2.b__2() +228 System.Web.Mvc.Async.<>c__DisplayClass7_0.b__1(IAsyncResult asyncResult) +10 System.Web.Mvc.Async.WrappedAsyncResult.CallEndDelegate(IAsyncResult asyncResult) +10 System.Web.Mvc.Async.WrappedAsyncResultBase.End() +49 System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeActionMethodWithFilters(IAsyncResult asy
[SAMLConfigurationException: An X.509 signature certificate for the local service provider hasn't been configured.] ComponentSpace.SAML2.InternalSAMLServiceProvider.GetLocalProviderSignatureCertificates() +105 ComponentSpace.SAML2.AbstractSAMLProvider.SendLogoutRequest(HttpResponseBase httpResponse, XmlElement logoutRequestElement, String relayState) +202 ComponentSpace.SAML2.InternalSAMLServiceProvider.InitiateSLO(HttpResponseBase httpResponse, String logoutReason, String relayState, String partnerIdP) +281 Authentication.Controllers.SAMLController.Logout(String interface, String rdt) +168 lambda_method(Closure , ControllerBase , Object[] ) +147 System.Web.Mvc.ActionMethodDispatcher.Execute(ControllerBase controller, Object[] parameters) +14 System.Web.Mvc.ReflectedActionDescriptor.Execute(ControllerContext controllerContext, IDictionary parameters) +157 System.Web.Mvc.ControllerActionInvoker.InvokeActionMethod(ControllerContext controllerContext, ActionDescriptor actionDescriptor, IDictionary parameters) +27 System.Web.Mvc.Async.<>c.b__9_0(IAsyncResult asyncResult, ActionInvocation innerInvokeState) +22 System.Web.Mvc.Async.WrappedAsyncResult.CallEndDelegate(IAsyncResult asyncResult) +29 System.Web.Mvc.Async.WrappedAsyncResultBase.End() +49 System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeActionMethod(IAsyncResult asyncResult) +32 System.Web.Mvc.Async.<>c__DisplayClass11_0.b__0() +58 System.Web.Mvc.Async.<>c__DisplayClass11_2.b__2() +228 System.Web.Mvc.Async.<>c__DisplayClass7_0.b__1(IAsyncResult asyncResult) +10 System.Web.Mvc.Async.WrappedAsyncResult.CallEndDelegate(IAsyncResult asyncResult) +10 System.Web.Mvc.Async.WrappedAsyncResultBase.End() +49 System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeActionMethodWithFilters(IAsyncResult asy
[SAMLConfigurationException: An X.509 signature certificate for the local service provider hasn't been configured.] ComponentSpace.SAML2.InternalSAMLServiceProvider.GetLocalProviderSignatureCertificates() +105 ComponentSpace.SAML2.AbstractSAMLProvider.SendLogoutRequest(HttpResponseBase httpResponse, XmlElement logoutRequestElement, String relayState) +202 ComponentSpace.SAML2.InternalSAMLServiceProvider.InitiateSLO(HttpResponseBase httpResponse, String logoutReason, String relayState, String partnerIdP) +281 Authentication.Controllers.SAMLController.Logout(String interface, String rdt) +168 lambda_method(Closure , ControllerBase , Object[] ) +147 System.Web.Mvc.ActionMethodDispatcher.Execute(ControllerBase controller, Object[] parameters) +14 System.Web.Mvc.ReflectedActionDescriptor.Execute(ControllerContext controllerContext, IDictionary parameters) +157 System.Web.Mvc.ControllerActionInvoker.InvokeActionMethod(ControllerContext controllerContext, ActionDescriptor actionDescriptor, IDictionary parameters) +27 System.Web.Mvc.Async.<>c.b__9_0(IAsyncResult asyncResult, ActionInvocation innerInvokeState) +22 System.Web.Mvc.Async.WrappedAsyncResult.CallEndDelegate(IAsyncResult asyncResult) +29 System.Web.Mvc.Async.WrappedAsyncResultBase.End() +49 System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeActionMethod(IAsyncResult asyncResult) +32 System.Web.Mvc.Async.<>c__DisplayClass11_0.b__0() +58 System.Web.Mvc.Async.<>c__DisplayClass11_2.b__2() +228 System.Web.Mvc.Async.<>c__DisplayClass7_0.b__1(IAsyncResult asyncResult) +10 System.Web.Mvc.Async.WrappedAsyncResult.CallEndDelegate(IAsyncResult asyncResult) +10 System.Web.Mvc.Async.WrappedAsyncResultBase.End() +49 System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeActionMethodWithFilters(IAsyncResult asy
By default, SAML logout messages are signed. This requires a local certificate/private key to be configured.
If you don’t wish to sign logout messages and this is supported by the partner identity provider, set the SignLogoutRequest and SignLogoutResponse flags to false in your SAML.configuration.
For example:
<PartnerIdentityProvider
Name=“<a href=“https://ExampleIdentityProvider””>https://ExampleIdentityProvider"
Description=“Example Identity Provider”
SignLogoutRequest=“false”
SignLogoutResponse=“false”
SingleSignOnServiceUrl=“<a href=“https://localhost:44390/SAML/SSOService.aspx””>https://localhost:44390/SAML/SSOService.aspx"
SingleLogoutServiceUrl=“”>https://localhost:44390/SAML/SLOService.aspx">