Problem with Certificate for the partner identity provider in AssertConsumerService

SAML for ASP.NET
1

I am working on configuring a Service Provider, so far when the users lands on the page it redirects to the Identity Provider page so he can log in. After he logs in and hits enter, it tries to get back using the AssertionConsumerServiceUrl. I get the error: “An X.509 signature certificate for the partner identity provider https://something.com/somefolder/saml2/idp/metadata.php hasn’t been configured.” when I call ReceiveSsoAsync on the AssertConsumerService function I am using.

Altough the metada.php will return the following xml. I just changed the certificate for three dots. Both Certificates are the same.
<md:EntityDescriptor xmlns:md=“urn:oasis:names:tc:SAML:2.0:metadata” xmlns:ds=“<a href=“http://www.w3.org/2000/09/xmldsig#””>http://www.w3.org/2000/09/xmldsig#“ entityID=”“>https://something.com/somefolder/saml2/idp/metadata.php”>
<md:IDPSSODescriptor protocolSupportEnumeration=“urn:oasis:names:tc:SAML:2.0:protocol”>
<md:KeyDescriptor use=“signing”>
<ds:KeyInfo xmlns:ds=“”>http://www.w3.org/2000/09/xmldsig#“>
ds:X509Data
ds:X509Certificate…</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</md:KeyDescriptor>
<md:KeyDescriptor use=“encryption”>
<ds:KeyInfo xmlns:ds=”“>http://www.w3.org/2000/09/xmldsig#”>
ds:X509Data
ds:X509Certificate…</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</md:KeyDescriptor>
<md:SingleLogoutService Binding=“urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect” Location=“”>https://something.com/somefolder/saml2/idp/SingleLogoutService.php"/>
md:NameIDFormaturn:oasis:names:tc:SAML:2.0:nameid-format:transient</md:NameIDFormat>
<md:SingleSignOnService Binding=“urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect” Location=“”>https://something.com/somefolder/saml2/idp/SSOService.php"/>
</md:IDPSSODescriptor>
<md:ContactPerson contactType=“technical”>
md:GivenNameSomename</md:GivenName>
md:SurNameSomesurname</md:SurName>
md:EmailAddresssomeemail@something.com</md:EmailAddress>
</md:ContactPerson>
</md:EntityDescriptor>

In the samp:Response I am also getting a certificate in ds:X509Certificate

Any idas why this would be happening?

Thanks

Alex

2

The Partner Identity Provider was using a different certificate. We can close this tiem.

Thanks

Alex

3

Thanks Alex.