Hi,
Now, After changing the WantAssertionEncrypted to “true”. Is it due to any changes required
Setting WantAssertionEncrypted means that you expect the SAML assertion from the partner identity provider to be encrypted.
If it isn’t then it’s an error.
If you require the SAML assertion to be encrypted you’ll need to speak the identity provider.
[quote]
[/quote]
Hi ,
The partner identity provider wants me to upload a Assertive Encryption certificate.Where can i get the certificate?can i get a sample certificate.
I think what they’re referring to is your certificate which they’ll use to encrypt the SAML assertion.
The sp.cer we ship with the examples may be used for this. This is a self-signed certificate which is suitable for testing.
If you have an SSL certificate to support an HTTPS binding this may be used in a production environment to support encryption of the SAML assertion. You supply the partner identity provider with your public key (eg a .CER file) and you use your private key (eg a .PFX file) to decrypt the assertion.
Hi,
I have made some changes in the saml.config.
Steps:
1. installed the idp.pfx in the certificate store.
2. export the idp.cer from the store.
3. uploaded the idp.cer file to the IDP provider.
Changed in the saml.comfig
Error :
The X.509 certificate could not be loaded from the file
can you please help to resolve the error
Normally sp.pfx is the LocalCertificateFile for the .
Please check that the file exists and has the correct permissions.
http://www.componentspace.com/Forums/29/Troubleshooting-Loading-X.509-Certificates
If you’re still having issues, please enable SAML trace and send the generated log file as an email attachment to support@componentspace.com mentioning this forum post.
http://www.componentspace.com/Forums/17/Enabing-SAML-Trace
While running the SSO url , i am receiving error “Input String is not in correct Format”.can you please help
Please enable SAML trace and send the generated log file as an email attachment to support@componentspace.com.
https://www.componentspace.com/Forums/17/Enabing-SAML-Trace
Please mention your forum post too.
Is it possible to change the location of the saml.config file or will it only ever look for it at the root of the app domain?
I’m trying to figure out how to automate the provisioning of new Idps in our system. I’ve worked out that the directory to the certificate can be a fully qualified path (and thus exist outside of the web directory) but it seems like the saml.config can’t be moved which means that newly added entries to the file also must be committed to source control or else they’ll be overwritten during the next code deployment.
I figured that if we could store the saml.config external to the web directory then I don’t have to worry about it getting overwritten. Is there a recommended pattern for handling this situation that I’m missing?
Hi Mike
You can specify the saml.config path through an app setting in your web.config.
It’s also possible to do this programmatically at application start-up if you prefer.
SAMLController.Configurations = SAMLConfigurationFile.Load(@”C:\config\saml.config”);
Is it possible to store either the saml.config or the IDP certificates in some sort of cloud storage or is it required to be a folder path?
We refactored the SAML configuration a few years ago and moved some of these properties to a separate ComponentSpace.SAML2.SAMLController class.
Your code should be:
using ComponentSpace.SAML2;
SAMLController.Configuration = samlConfig;