4

When using a CER with no private key I'm getting the following:

No RSA Private Key present in Signing Certificate or missing private key read credentials.

Is this the intended behaviour? AFAIK there is no private key for this kind certificate so either I'm missing something or thats not the way to do it.

Anders Revsgaard
  • 3,636
  • 1
  • 9
  • 25
Luis Eduardo Tinajero
  • 43
  • 2

1 Answers1

1

The ITfoxtec Identity SAML 2.0 component throw the error if it expects a certificate with a private key like a PFX. A certificate containing only a public key can be used for verifying a signature, but not for signing.

Maybe the problem occurs when the RP (relying party) try to sign the Authn og Logout request.

Anders Revsgaard
  • 3,636
  • 1
  • 9
  • 25
  • 2
    Thank you. I was including a signing certificate because I thought it was a mandatory. Aside, on the source code you include references to documentation (like see Section 4) can I know the document you are referring? – Luis Eduardo Tinajero Aug 14 '19 at 16:28
  • I am referring to the SAML 2.0 standards, mostly the SAML Core standard https://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf. – Anders Revsgaard Aug 15 '19 at 09:02
  • 1
    @AndersRevsgaard so we can init ITfoxtec with just a CER file just to accept and parse a SAML request? – jaybro Dec 20 '21 at 21:00
  • It is probably possible for a relying party to be configured with out a signature certificate (PFX) and do login if the Authn request is not signed. But log out is not possible without a signature certificate. – Anders Revsgaard Dec 21 '21 at 13:56