Hello,
We did a server patch over the weekend and today, nobody can use the SAML login for our website. There are two competing errors:
First:
2016-02-22 14:49:09.395 Global.asax Message: Exception of type ‘System.Web.HttpUnhandledException’ was thrown. Stack: at System.Web.UI.Page.HandleError(Exception e)
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
at System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
at System.Web.UI.Page.ProcessRequest()
at System.Web.UI.Page.ProcessRequest(HttpContext context)
at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) Message: A valid SAML configuration hasn’t been specified. Stack: at ComponentSpace.SAML2.Configuration.SAMLConfiguration.GetCurrent()
at ComponentSpace.SAML2.InternalSAMLServiceProvider…ctor()
at Site.SAML.AssertionConsumerService.Page_Load(Object sender, EventArgs e) in f:\Builds\6\Site\SAML\AssertionConsumerService.aspx.cs:line 41
at System.Web.UI.Control.OnLoad(EventArgs e)
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
Second (Occurs only when app pool and site are freshly restarted):
Exception information:
Exception type: SAMLCertificateException
Exception message: The X.509 certificate could not be loaded from the file C:\inetpub\site\non_active_cert.pfx.
at ComponentSpace.SAML2.Certificates.AbstractCertificateManager.LoadCertificateFromFile(String certificateFile, String certificatePassword)
at ComponentSpace.SAML2.Certificates.CertificateManager.LoadCertificate(String certificateFile, String certificatePassword, String certificatePasswordKey, StoreLocation storeLocation, String certificateSerialNumber, String certificateThumbprint, String certificateSubject)
at ComponentSpace.SAML2.Certificates.CertificateManager.LoadLocalCertificate(ProviderConfiguration providerConfiguration)
at ComponentSpace.SAML2.Certificates.CertificateManager.Initialize(SAMLConfiguration samlConfiguration)
at ComponentSpace.SAML2.Configuration.SAMLConfiguration.InitializeCertificateManager()
at ComponentSpace.SAML2.Configuration.SAMLConfiguration.Load()
at ComponentSpace.SAML2.Configuration.SAMLConfiguration.GetCurrent()
at ComponentSpace.SAML2.InternalSAMLServiceProvider…ctor()
at MIROnlineOrderingSystem_TierN.SAML.AssertionConsumerService.Page_Load(Object sender, EventArgs e) in f:\Builds\6\Site\SAML\AssertionConsumerService.aspx.cs:line 41
at System.Web.UI.Control.OnLoad(EventArgs e)
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
Swift assistance would be appreciated as this is a production site.
[quote][/quote]
Hello,
We did a server patch over the weekend and today, nobody can use the SAML login for our website. There are two competing errors:
First:
2016-02-22 14:49:09.395 Global.asax Message: Exception of type 'System.Web.HttpUnhandledException' was thrown. Stack: at System.Web.UI.Page.HandleError(Exception e)
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
at System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
at System.Web.UI.Page.ProcessRequest()
at System.Web.UI.Page.ProcessRequest(HttpContext context)
at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) Message: A valid SAML configuration hasn't been specified. Stack: at ComponentSpace.SAML2.Configuration.SAMLConfiguration.GetCurrent()
at ComponentSpace.SAML2.InternalSAMLServiceProvider..ctor()
at Site.SAML.AssertionConsumerService.Page_Load(Object sender, EventArgs e) in f:\Builds\6\Site\SAML\AssertionConsumerService.aspx.cs:line 41
at System.Web.UI.Control.OnLoad(EventArgs e)
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
Second (Occurs only when app pool and site are freshly restarted):
Exception information:
Exception type: SAMLCertificateException
Exception message: The X.509 certificate could not be loaded from the file C:\inetpub\site\non_active_cert.pfx.
at ComponentSpace.SAML2.Certificates.AbstractCertificateManager.LoadCertificateFromFile(String certificateFile, String certificatePassword)
at ComponentSpace.SAML2.Certificates.CertificateManager.LoadCertificate(String certificateFile, String certificatePassword, String certificatePasswordKey, StoreLocation storeLocation, String certificateSerialNumber, String certificateThumbprint, String certificateSubject)
at ComponentSpace.SAML2.Certificates.CertificateManager.LoadLocalCertificate(ProviderConfiguration providerConfiguration)
at ComponentSpace.SAML2.Certificates.CertificateManager.Initialize(SAMLConfiguration samlConfiguration)
at ComponentSpace.SAML2.Configuration.SAMLConfiguration.InitializeCertificateManager()
at ComponentSpace.SAML2.Configuration.SAMLConfiguration.Load()
at ComponentSpace.SAML2.Configuration.SAMLConfiguration.GetCurrent()
at ComponentSpace.SAML2.InternalSAMLServiceProvider..ctor()
at MIROnlineOrderingSystem_TierN.SAML.AssertionConsumerService.Page_Load(Object sender, EventArgs e) in f:\Builds\6\Site\SAML\AssertionConsumerService.aspx.cs:line 41
at System.Web.UI.Control.OnLoad(EventArgs e)
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
Swift assistance would be appreciated as this is a production site.
We did a server patch over the weekend and today, nobody can use the SAML login for our website. There are two competing errors:
First:
2016-02-22 14:49:09.395 Global.asax Message: Exception of type 'System.Web.HttpUnhandledException' was thrown. Stack: at System.Web.UI.Page.HandleError(Exception e)
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
at System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
at System.Web.UI.Page.ProcessRequest()
at System.Web.UI.Page.ProcessRequest(HttpContext context)
at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) Message: A valid SAML configuration hasn't been specified. Stack: at ComponentSpace.SAML2.Configuration.SAMLConfiguration.GetCurrent()
at ComponentSpace.SAML2.InternalSAMLServiceProvider..ctor()
at Site.SAML.AssertionConsumerService.Page_Load(Object sender, EventArgs e) in f:\Builds\6\Site\SAML\AssertionConsumerService.aspx.cs:line 41
at System.Web.UI.Control.OnLoad(EventArgs e)
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
Second (Occurs only when app pool and site are freshly restarted):
Exception information:
Exception type: SAMLCertificateException
Exception message: The X.509 certificate could not be loaded from the file C:\inetpub\site\non_active_cert.pfx.
at ComponentSpace.SAML2.Certificates.AbstractCertificateManager.LoadCertificateFromFile(String certificateFile, String certificatePassword)
at ComponentSpace.SAML2.Certificates.CertificateManager.LoadCertificate(String certificateFile, String certificatePassword, String certificatePasswordKey, StoreLocation storeLocation, String certificateSerialNumber, String certificateThumbprint, String certificateSubject)
at ComponentSpace.SAML2.Certificates.CertificateManager.LoadLocalCertificate(ProviderConfiguration providerConfiguration)
at ComponentSpace.SAML2.Certificates.CertificateManager.Initialize(SAMLConfiguration samlConfiguration)
at ComponentSpace.SAML2.Configuration.SAMLConfiguration.InitializeCertificateManager()
at ComponentSpace.SAML2.Configuration.SAMLConfiguration.Load()
at ComponentSpace.SAML2.Configuration.SAMLConfiguration.GetCurrent()
at ComponentSpace.SAML2.InternalSAMLServiceProvider..ctor()
at MIROnlineOrderingSystem_TierN.SAML.AssertionConsumerService.Page_Load(Object sender, EventArgs e) in f:\Builds\6\Site\SAML\AssertionConsumerService.aspx.cs:line 41
at System.Web.UI.Control.OnLoad(EventArgs e)
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
Swift assistance would be appreciated as this is a production site.
OK, this seems to be the result of a reference to the LocalCertificateFile and LocalCertificatePassword in the ServiceProvider element of saml.config. The cert in question was for our demo site, but this web application was functioning well enough all last week with no problems so I'm unsure why this would be an issue after patching the server. Regardless, commenting out the offending properties seemed to do the trick of getting everything working again...
Could you please confirm that the certificate file C:\inetpub\site\non_active_cert.pfx exists?
Assuming it does, it may be that there’s a permissions issue loading the PFX certificate file.
Please take a look at:
http://www.componentspace.com/Forums/29/Troubleshooting-Loading-X.509-Certificates
If there’s still an issue, please enable SAML trace and send the generated log file to support@componentspace.com mentioning this post.
http://www.componentspace.com/Forums/17/Enabing-SAML-Trace
Out posts crossed. As your site is the service provider and assuming you’re not sending signed SAML authn requests or require the SAML assertion to be posted then the LocalCertificateFile is not required and can be removed from the SAML configuration.
good to have that confirmed, thanks for the super-quick response!