We had to renew our website certificate this month and afterward our SSO stopped working. I’ve updated the saml.config file with the new certificate, but now I’m getting a “Keyset does not exist” error when our code calls either “SendSSO()” or “InitiateSSO().” (Full stack trace below.) I know I’ve seen that error before but I haven’t touched this application in over a year and can’t find any documentation on how it was fixed before. I have validated our saml.config file and it was fine. Nothing else in our system has changed. I have provided the new certificate to our one partner but don’t know if they’ve updated their system yet, so I guess that could be the problem but can’t be sure of that. Are there any other steps that need to be taken with regard to the ComponentSpace .dlls and our code when we create a new site certificate?
Thanks in advance for the help.
Sincerely,
Dan McDevitt
Manager, Web Development and Training
Financial Executives International
Financial Education and Research Foundation
Message: Exception of type ‘System.Web.HttpUnhandledException’ was thrown.
Exception type: System.Web.HttpUnhandledException
Stack Trace:
at System.Web.UI.Page.HandleError(Exception e)
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
at System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
at System.Web.UI.Page.ProcessRequest()
at System.Web.UI.Page.ProcessRequest(HttpContext context)
at ASP.cmspages_portaltemplate_aspx.ProcessRequest(HttpContext context) in c:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\root\8bf90d88\f1f8fa40\App_Web_portaltemplate.aspx.67ab7734.mb7w-22o.0.cs:line 0
at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
Message: Keyset does not exist
Exception type: System.Security.Cryptography.CryptographicException
Stack Trace:
at System.Security.Cryptography.Utils.CreateProvHandle(CspParameters parameters, Boolean randomKeyContainer)
at System.Security.Cryptography.Utils.GetKeyPairHelper(CspAlgorithmType keyType, CspParameters parameters, Boolean randomKeyContainer, Int32 dwKeySize, SafeProvHandle& safeProvHandle, SafeKeyHandle& safeKeyHandle)
at System.Security.Cryptography.RSACryptoServiceProvider.GetKeyPair()
at System.Security.Cryptography.RSACryptoServiceProvider…ctor(Int32 dwKeySize, CspParameters parameters, Boolean useDefaultKeySize)
at System.Security.Cryptography.X509Certificates.X509Certificate2.get_PrivateKey()
at ComponentSpace.SAML2.Utility.Certificate.GetPrivateKey(X509Certificate2 x509Certificate)
at ComponentSpace.SAML2.InternalSAMLIdentityProvider.CreateSAMLResponse(String userName, SAMLAttribute[] attributes, String authnContext, Status status, String assertionConsumerServiceUrl)
at ComponentSpace.SAML2.InternalSAMLIdentityProvider.SendSSO(HttpResponse httpResponse, String userName, SAMLAttribute[] attributes, String authnContext, Status status, String assertionConsumerServiceUrl)
at ComponentSpace.SAML2.SAMLIdentityProvider.SendSSO(HttpResponse httpResponse, String userName, IDictionary attributes)
at CMSWebParts_FEI_controls_ctrl_SSO_SAML_CS.sso_spi() in c:\inetpub\wwwroot\fei_content_v9\CMS\CMSWebParts\FEI_controls\ctrl_SSO_SAML_CS.ascx.cs:line 219
at CMSWebParts_FEI_controls_ctrl_SSO_SAML_CS.Page_Load(Object sender, EventArgs e) in c:\inetpub\wwwroot\fei_content_v9\CMS\CMSWebParts\FEI_controls\ctrl_SSO_SAML_CS.ascx.cs:line 61
at System.Web.UI.Control.OnLoad(EventArgs e)
at CMS.ExtendedControls.AbstractUserControl.OnLoad(EventArgs e)
at CMS.PortalControls.CMSAbstractWebPart.OnLoad(EventArgs e)
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
Hi Dan,
This exception usually means there’s a permissions error.
Is your certificate stored in a PFX file?
Assuming so, please refer to the following article which describes setting the file permissions for both the PFX file and the private key container.
https://www.componentspace.com/Forums/29/Troubleshooting-Loading-X509-Certificates
That was it, it was a permissions error. Thank you for the assistance.
Sincerely,
Dan McDevitt
Manager, Web Development and Training
Financial Executives International
Financial Education and Research Foundation
You’re welcome.