0

I am using the API SAML2.0 for ASP.net MVC and I used openssl to create the private and public key files and used a password for the private file. It generated two files ca.key and cas.pem, I used the ca.key file as the private key but I am getting this error

Additional information: The X.509 certificate could not be loaded from the file D:\Test Web Projects\TestSaml\TestSaml\Certificates\ca.key.

My users login to my mvc application the login process has nothing to do with SAML. I just check the users against my DB. The reason I am using SAML2.0 is because I need to direct my users for payment process to another external page which is my service provider. So once they click on a button on my page they should be redirected to the other website. The following is the sample code I built to verify if its working.

Web.config

<?xml version="1.0" encoding="utf-8"?>
<!--
For more information on how to configure your ASP.NET application, please visit
http://go.microsoft.com/fwlink/?LinkId=301880
-->
<configuration>
<appSettings>
  <add key="TargetURL" value="https://btat2.paybill.com/consumer/SSO/SSOLogin?clientId=ReadyCapital"/>
  <add key="webpages:Version" value="3.0.0.0" />
  <add key="webpages:Enabled" value="false" />
  <add key="ClientValidationEnabled" value="true" />
  <add key="UnobtrusiveJavaScriptEnabled" value="true" />
</appSettings>
<system.web>
  <compilation debug="true" targetFramework="4.5" />
  <httpRuntime targetFramework="4.5" />
</system.web>
</configuration>

Saml.config

<?xml version="1.0"?>
<SAMLConfiguration xmlns="urn:componentspace:SAML:2.0:configuration">
<IdentityProvider Name="https://TestSaml"
       Description="Test Identity Provider"       
       LocalCertificateFile="Certificates\ca.key"
       LocalCertificatePassword="readycapital"/>

<PartnerServiceProviders>
  <!-- MVC example -->
  <PartnerServiceProvider Name="urn:oasis:names:tc:SAML:2.0:assertion"
          Description="MVC Example Service Provider"          
          SignSAMLResponse="true"
          SignAssertion="false"
          EncryptAssertion="true"
          AssertionConsumerServiceUrl="http://www.paybill.com/V2/Test/Login.aspx"          
          PartnerCertificateFile="Certificates\btat2.cert"/>
</PartnerServiceProviders>
</SAMLConfiguration>

Controller

public ActionResult Index(Profile profile)
   {
    string targetUrl = WebConfigurationManager.AppSettings["TargetURL"];
    string userName = "00373219101";// WebConfigurationManager.AppSettings["SubjectName"]; 
    SAMLAttribute[] attributes = new SAMLAttribute[2];
    SAMLAttribute attribute = new SAMLAttribute("UserEmailAddress", SAMLIdentifiers.AttributeNameFormats.Unspecified, null, string.Empty);
    attributes[0] = attribute;

    SAMLAttribute attribute2 = new SAMLAttribute("MiscellaneousData", SAMLIdentifiers.AttributeNameFormats.Unspecified, null, string.Empty);
    attributes[1] = attribute2;

    SAMLIdentityProvider.InitiateSSO(Response, userName, attributes, targetUrl);
}
James Z
  • 12,209
  • 10
  • 24
  • 44
NewTech
  • 316
  • 5
  • 23

1 Answers1

1

  • Did you check that the WebServer can actually access the files? Maybe use Microsoft Windows Sysinternals Process Monitor and check that the read operation is successful.

  • Replace the standalone .key file with a .pfx file both containing the certificate as well as the private key and link to that in IdentityProvider/@LocalCertificateFile

Alexander Gräf
  • 511
  • 1
  • 3
  • 10
  • I m using the following command to generate the files, when you say replace the standalone .key file with a .pfx what do I do to get that ? $ openssl req -new -x509 -days 1095 -keyout ./private/ca.key -out ./private/cas.pem – NewTech Jan 28 '19 at 19:30
  • @NewTech you can use openssl to convert cert+key to pfx: https://www.ssl.com/how-to/create-a-pfx-p12-certificate-file-using-openssl/ – Alexander Gräf Jan 28 '19 at 19:35
  • @NewTech https://stackoverflow.com/questions/808669/convert-a-cert-pem-certificate-to-a-pfx-certificate – Alexander Gräf Jan 28 '19 at 19:36