I’m testing on my mac, running .NET Core SDK version 2.2.105 on Max OS 10.14
I’m using OKTA as the Identity Provider, and I believe I have configured the app in OKTA correctly.
after logging into OKTA and pressing the button for my app in the my applications, i’m redirected to https://5001://localhost/samlassertionconsumerservice as expected.
According to the logs the X.509 certificate is loaded from disk (this is the cert that I received from OKTA when I setup the App)
However I then get the following error.
Could it be a config setting in my SXML exception of my appsettings.json?
nterop+AppleCrypto+AppleCommonCryptoCryptographicException: One or more parameters passed to a function were not valid. at Interop.AppleCrypto.X509Export(X509ContentType contentType, SafeCreateHandle cfPassphrase, IntPtr[] certHandles)
at Interop.AppleCrypto.X509ExportPfx(IntPtr[] certHandles, SafePasswordHandle exportPassword)
at Internal.Cryptography.Pal.StorePal.AppleCertificateExporter.ExportPkcs12(SafePasswordHandle password)
at Internal.Cryptography.Pal.StorePal.AppleCertificateExporter.Export(X509ContentType contentType, SafePasswordHandle password)
at System.Security.Cryptography.X509Certificates.X509Certificate.Export(X509ContentType contentType, String password)
at System.Security.Cryptography.X509Certificates.X509Certificate.Export(X509ContentType contentType)
at ComponentSpace.Saml2.Certificates.AbstractCachedCertificateLoader.AddCertificateToCacheAsync(String key, X509Certificate2 x509Certificate)
at ComponentSpace.Saml2.Certificates.AbstractCachedCertificateLoader.LoadCertificateFromFileAsync(String certificateFile, String certificatePassword)
at ComponentSpace.Saml2.Certificates.CertificateManager.LoadCertificatesAsync(IList certificates, CertificateUse certificateUse)
at ComponentSpace.Saml2.Certificates.CertificateManager.GetPartnerIdentityProviderSignatureCertificatesAsync(String configurationID, String partnerIdentityProviderName)
at ComponentSpace.Saml2.SamlServiceProvider.GetPartnerProviderSignatureCertificatesAsync(Boolean precondition)
at ComponentSpace.Saml2.SamlServiceProvider.VerifySamlResponseSignatureAsync(XmlElement samlResponseElement)
at ComponentSpace.Saml2.SamlServiceProvider.ProcessSamlResponseAsync(XmlElement samlResponseElement)
at ComponentSpace.Saml2.SamlServiceProvider.ReceiveSsoAsync()
at WebApi.SamlController.AssertionConsumerService() in /WebApi/Controllers/SamlController.cs:line 65
at Microsoft.AspNetCore.Mvc.Internal.ActionMethodExecutor.TaskOfIActionResultExecutor.Execute(IActionResultTypeMapper mapper, ObjectMethodExecutor executor, Object controller, Object[] arguments)
at System.Threading.Tasks.ValueTask.get_Result()
at Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker.InvokeActionMethodAsync()
at Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker.InvokeNextActionFilterAsync()
at Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker.Rethrow(ActionExecutedContext context)
at Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted)
at Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker.InvokeInnerFilterAsync()
at Microsoft.AspNetCore.Mvc.Internal.ResourceInvoker.InvokeNextResourceFilter()
at Microsoft.AspNetCore.Mvc.Internal.ResourceInvoker.Rethrow(ResourceExecutedContext context)
at Microsoft.AspNetCore.Mvc.Internal.ResourceInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted)
at Microsoft.AspNetCore.Mvc.Internal.ResourceInvoker.InvokeFilterPipelineAsync()
at Microsoft.AspNetCore.Mvc.Internal.ResourceInvoker.InvokeAsync()
at Microsoft.AspNetCore.Routing.EndpointMiddleware.Invoke(HttpContext httpContext)
at Microsoft.AspNetCore.Routing.EndpointRoutingMiddleware.Invoke(HttpContext httpContext)
at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
at Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddleware.Invoke(HttpContext context)
I should add that I’ve now tested the same code on a Linux setup, and I don’t get the exception, so now I’m thinking it may be something to do with certificate management with macOS? Suggestions?
I think you’re right. By default we cache certificates in memory and it looks like the X509Certificate.Export method is failing.
You can turn off certificate caching by adding the following to the ConfigureServices method of your application’s startup.
using ComponentSpace.Saml2.Certificates;
// Use the standard certificate loader rather than the default cached certificate loader.
services.TryAddTransient<ICertificateLoader, CertificateLoader>();
// Add SAML SSO services.
services.AddSaml(Configuration.GetSection(“SAML”));
Let me know how that goes.
[quote][/quote]
I think you're right. By default we cache certificates in memory and it looks like the X509Certificate.Export method is failing.
You can turn off certificate caching by adding the following to the ConfigureServices method of your application's startup.
using ComponentSpace.Saml2.Certificates;
// Use the standard certificate loader rather than the default cached certificate loader.
services.TryAddTransient();
// Add SAML SSO services.
services.AddSaml(Configuration.GetSection("SAML"));
Let me know how that goes.
You can turn off certificate caching by adding the following to the ConfigureServices method of your application's startup.
using ComponentSpace.Saml2.Certificates;
// Use the standard certificate loader rather than the default cached certificate loader.
services.TryAddTransient();
// Add SAML SSO services.
services.AddSaml(Configuration.GetSection("SAML"));
Let me know how that goes.
I had exactly the same problem. Also on a Mac.
This solution does solve the problem.
Thanks.
Thanks for the confirmation.