0

An Idp is sending me a SAML message (Unsolicited). But something is not working. My logs are:

I, [2020-02-11T16:01:14.381887 #4]  INFO -- omniauth: (saml_degreed) Callback phase initiated.
F, [2020-02-11T16:01:14.419806 #4] FATAL -- : [3b967525-74f6-49bc-a03a-86fb6f0059c5]
F, [2020-02-11T16:01:14.419935 #4] FATAL -- : [3b967525-74f6-49bc-a03a-86fb6f0059c5] OpenSSL::X509::CertificateError (nested asn1 error):
F, [2020-02-11T16:01:14.420030 #4] FATAL -- : [3b967525-74f6-49bc-a03a-86fb6f0059c5]
F, [2020-02-11T16:01:14.420188 #4] FATAL -- : [3b967525-74f6-49bc-a03a-86fb6f0059c5] vendor/bundle/ruby/2.4.0/gems/ruby-saml-1.11.0/lib/onelogin/ruby-saml/settings.rb:157:in `initialize'
2020-02-11T16:01:14.420277+00:00 app[web.1]: [3b967525-74f6-49bc-a03a-86fb6f0059c5] vendor/bundle/ruby/2.4.0/gems/ruby-saml-1.11.0/lib/onelogin/ruby-saml/settings.rb:157:in `new'
2020-02-11T16:01:14.420277+00:00 app[web.1]: [3b967525-74f6-49bc-a03a-86fb6f0059c5] vendor/bundle/ruby/2.4.0/gems/ruby-saml-1.11.0/lib/onelogin/ruby-saml/settings.rb:157:in `get_idp_cert'

Just after callback phase is initiated it fails and raises:

FATAL -- : [3b967525-74f6-49bc-a03a-86fb6f0059c5] OpenSSL::X509::CertificateError (nested asn1 error):

I tried to understand the error but failed.

Bruno Toledo
  • 87
  • 1
  • 9
  • Please share all relevant information in text form – Nico Haase Feb 11 '20 at 16:31
  • I have got to the point that I do not know what are the relevant information besides "FATAL" message. I simply do not find anything useful, related to OpenSSL::X509::CertificateError (nested asn1 error):. But I will change it. – Bruno Toledo Feb 11 '20 at 17:59
  • If I had to guess, you haven't uploaded the IdP's signing cert into your tool, or, if you have, it's not properly base64 encoded. – Andrew K. Feb 11 '20 at 22:20
  • The cert base64 encoding is fine. I have already tested it at https://www.samltool.com/base64.php. But, for some reason, if I save it in a variable (raw, for instance) and run certificate = OpenSSL::X509::Certificate.new raw, it raises the OpenSSL::X509::CertificateError (nested asn1 error). – Bruno Toledo Feb 12 '20 at 01:50
  • I have read something about line breaks. But it is not clear to me. I am not a pro. – Bruno Toledo Feb 12 '20 at 01:51
  • Here. (https://serverfault.com/questions/466683/can-an-ssl-certificate-be-on-a-single-line-in-a-file-no-line-breaks) – Bruno Toledo Feb 12 '20 at 01:58

0 Answers0