I am evaluating the component for a multi-tenant application. I am just testing against a test IdP http://stubidp.kentor.se . I need to load all configuration programmatically and also load certificates programmatically so I am testing out a custom CertificateManager implementing ICertificateManager.
Here is the error I am getting:
ComponentSpace.SAML2.Exceptions.SAMLConfigurationException: An X.509 certificate for the partner identity provider http://stubidp.kentor.se/Metadata hasn’t been configured. at ComponentSpace.SAML2.SAMLController.GetPartnerIdentityProviderCertificate(String partnerIdentityProviderName) in C:\Sandboxes\ComponentSpace\SAMLv20\Library\SAMLController.cs:line 169 at ComponentSpace.SAML2.InternalSAMLServiceProvider.VerifySAMLResponseSignature(XmlElement samlResponseElement) in C:\Sandboxes\ComponentSpace\SAMLv20\Library\InternalSAMLServiceProvider.cs:line 257 at ComponentSpace.SAML2.InternalSAMLServiceProvider.ProcessSAMLResponse(XmlElement samlResponseElement, Boolean& isInResponseTo, String& userName, SAMLAttribute[]& attributes) in C:\Sandboxes\ComponentSpace\SAMLv20\Library\InternalSAMLServiceProvider.cs:line 457 at ComponentSpace.SAML2.InternalSAMLServiceProvider.ReceiveSSO(HttpRequestBase httpRequest, Boolean& isInResponseTo, String& partnerIdP, String& userName, SAMLAttribute[]& attributes, String& relayState) in C:\Sandboxes\ComponentSpace\SAMLv20\Library\InternalSAMLServiceProvider.cs:line 640
I have put the test code below. The code below is just for testing the component, best practices being ignored. From the error above the Certificate cannot be found, however if I debug the app after the CertificateManager has been set and call SAMLController.CertificateManager.GetPartnerIdentityProviderCertificate(“testconfig”, "<a href=“http://stubidp.kentor.se/Metadata")">http://stubidp.kentor.se/Metadata”) the certificate is returned.
Thanks for any help!
-ryan
public ActionResult Saml(int id)
{
bool isInResponseTo;
string partnerIdP;
string username;
IDictionary<string, string> attributes;
string targetUrl;
SAMLConfiguration samlConfiguration = new SAMLConfiguration();
samlConfiguration.LocalServiceProviderConfiguration = new LocalServiceProviderConfiguration()
{
Name = “Test”,
AssertionConsumerServiceUrl = “~/Auth/Saml/2”,
Description = “Some description here”
};
samlConfiguration.AddPartnerIdentityProvider(new PartnerIdentityProviderConfiguration()
{
Name = "<a href=“http://stubidp.kentor.se/Metadata",">http://stubidp.kentor.se/Metadata”,
SignAuthnRequest = false,
WantSAMLResponseSigned = true,
WantAssertionSigned = false,
WantAssertionEncrypted = false,
SingleSignOnServiceUrl = “<a href=“http://stubidp.kentor.se/“,”>http://stubidp.kentor.se/”,
SingleLogoutServiceUrl = “<a href=“http://stubidp.kentor.se/Logout””>http://stubidp.kentor.se/Logout”
});
samlConfiguration.ID = “testconfig”;
SAMLController.Configuration = samlConfiguration;
SAMLController.Initialize();
SAMLController.CertificateManager = new CustomCertificateManager();
SAMLController.ConfigurationID = “testconfig”;
SAMLServiceProvider.ReceiveSSO(Request, out isInResponseTo, out partnerIdP, out username, out attributes, out targetUrl);
int attributesCount = 0;
if (attributes != null) attributesCount = attributes.Count;
return Content("isIntResponseTo: " + isInResponseTo + “\n” +
"partnetIdP: " + partnerIdP + “\n” +
"username: " + username + “\n” +
"attributes: " + attributesCount + “\n” +
"targetUrl: " + targetUrl + “\n”
);
}
}
public class CustomCertificateManager : AbstractCertificateManager
{
public CustomCertificateManager()
{
byte[] rawData = null;
string password = null;
rawData = Convert.FromBase64String(“MIIDKTCCAhWgAwIBAgIQoXDqga0edKNDrLX+FDyO1TAJBgUrDgMCHQUAMCYxJDAi\nBgNVBAMTG0tlbnRvci5BdXRoU2VydmljZXMuU3R1YklkcDAeFw0xMzEyMjcyMDU0\nNDVaFw0zOTEyMzEyMzU5NTlaMCYxJDAiBgNVBAMTG0tlbnRvci5BdXRoU2Vydmlj\nZXMuU3R1YklkcDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANAIi7po\n3bIVWeoEMIV60qt+MMXeCk4p58+ZqicnPUDyUuWxpft/fp0g4qARxfvJVTHCEJDG\nykaGuX4z3zEhB9tSz8MD7xbqHFrIIp0UJDKZFAl+zQH+eXnvG7h6P0BJR74fvGE6\nY124PRMl/AE9SXwr2T2kr1wS/jO4pBRKo2H5tlhgTfsWSfIkGhvYXu5a1vP7iBqs\nwlAzNYLUQI17okQEsli3mVzwfvDHwzOZtjnKIQA/Bs/UA21ZJZm1eGd3VEXw3vWv\n34hZXTWe7Hc8eBO8Yip81An+OFVEJ8kshUOtmmVtmZCAMfTq0TOwdfoDnsDHiVFp\n3nAS7gdUZ9rOxnECAwEAAaNbMFkwVwYDVR0BBFAwToAQOp8UfulPoU3Zor4hyctW\nkaEoMCYxJDAiBgNVBAMTG0tlbnRvci5BdXRoU2VydmljZXMuU3R1YklkcIIQoXDq\nga0edKNDrLX+FDyO1TAJBgUrDgMCHQUAA4IBAQBJN/vhEGjqQn1/lPEqezEiScCo\nRh2ZRBqDHJERAFLzH1DMrfp602NLYOUmbmIWoWjLoen+Pl7MEIF/lyC0WteMOEOk\n/pqvFMBrwbRwy1er8LbzMBbPVZaLpN858NOVdpGlilErHPkC9WtS3LIFuBz5/jnI\nnC0JkTuf/LJP2g2OeRlJbLFJyxxK4ahTlbabzENe/jgplipDwBosbnLpMmL1B1/v\nj+RNHOxxaqhcsmdxhY/Zr34FyXguOLoKx9u/v8XDVB7gf/8ZH6tpMyESy2zeLjbX\ni9LRt7GLb5b+Fo4qDXBaTLWvuV9ltftrLkpL1rYToTGRfl+SQke7+kFM7l+N”);
X509Certificate2 idpCert = new X509Certificate2(rawData);
AddPartnerIdentityProviderCertificate(“testconfig”, "<a href=“http://stubidp.kentor.se/Metadata",">http://stubidp.kentor.se/Metadata”, idpCert);
}
}