SLO certificate generation

Hi,
I’m trying to generate a certificate for SP initiated SLO request using info found in source 1 (forum - generating test x 509 certificates) and in source 2 (PDF - ASP.NET Core Certificate Guide)

However, the InitiateSLO request returns “AuthnFailed”.

I know that the flow is OK because if I change the certificate to the good one, everything works—the InitiateSLO request returns “Success”.

Here is the command from the 1st source:
makecert -r -pe -sky exchange -n "cn=www.idp.com" -ss My -sy 24 -len 2048 -a sha256

, here from the 2nd:

New-SelfSignedCertificate
 -Subject "www.idp.com"
 -CertStoreLocation cert:\LocalMachine\My
 -Provider "Microsoft Enhanced RSA and AES Cryptographic Provider"
 -HashAlgorithm SHA256
 -KeyLength 2048
 -NotAfter 1/1/2050

What is the correct process for creating a test certificate?
What info should I provide here to ease your help?

Thanks.

Either of those options should work.

We also ship a CreateSelfSignedCert console app project under the Examples folder for creating certificates.

If there were a problem signing the SAML logout request, InitiateSLO would through an exception.

The AuthnFailed sounds more like an error status being returned by the partner provider receiving the logout request.

Please check that the partner provider has been configured with the correct certificate to verify the signature on the logout request.

If there’s still a problem, please enable SAML trace and send the generated log file as an email attachment to support@componentspace.com mentioning your forum post.

Huge thanks for reminding me about your trace!

I don’t know why the previous five certs didn’t work, but the last one - I uploaded the wrong cert file to IdP.

Now everything works fine. I’m using the second command with New-SelfSignedCertificate

You’re very welcome and thanks for the update.