I am trying to configure the app to use a AbstractSamlConfigurationResolver
When I am inserting my cert (base64 string) I use the following code
[quote] localServiceProviderConfiguration.LocalCertificates = new List()
{
new Certificate()
{
String = “MII…==”,
Password = “MyPass”
}
} [/quote]
However when the app runs I get the error
Internal.Cryptography.CryptoThrowHelper+WindowsCryptographicException: Keyset does not exist
at Internal.Cryptography.Pal.StorePal.Export(X509ContentType contentType, SafePasswordHandle password)
Any suggestions?
Please ensure that the certificate string also includes the private key.
A PFX file may be converted to a base-64 string using PowerShell.
$bytes = [System.IO.File]::ReadAllBytes(“idp.pfx”)
[System.Convert]::ToBase64String($bytes)
Same error I’m afraid - I also verified that the string does indeed include the PK.
Just in-case I’m doing something stupid - to implement the bare minimum required in the ConfigurationResolver to be able to run InitiateSsoAsync
I have GetLocalServiceProviderConfigurationAsync and GetPartnerIdentityProviderConfigurationAsync
The GetLocalServiceProviderConfigurationAsync only contains a LocalCertificates with my public/private cert
The GetPartnerIdentityProviderConfigurationAsync contains the partner public cert (I’ve also tried putting my local cert in the LocalCerts
Also in the
Startup I only have
services.AddSaml();
services.AddScoped<ISamlConfigurationResolver, MySaml2ConfigResolver>();
What you’ve described in correct.
As an experiment, do you get the same error if you convert and use the idp.pfx that we ship? You’ll find this in the ExampleIdentityProvider\Certificates folder. The password is “password”.
Please enable SAML trace and send the generated log file as an email attachment to support@componentspace.com mentioning your forum post.
https://www.componentspace.com/Forums/7936/Enabling-SAML-Trace
After working with component space the problem was that for some reason my machine needed to run dot net core in Admin mode in order to access the key-store. Running it in admin mode solved this issue for me.
Thanks for the update. The other option to consider is setting the file permissions for the private key container.
The private key container is where Windows stores private keys that have been loaded. Usually this folder is C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys.
Please refer to the following forum post for more information.
https://www.componentspace.com/Forums/29/Troubleshooting-Loading-X509-Certificates