Reputation: 43
SAML binding: Error getting X509Certificate2.PrivateKey on Azure
The ITFoxtec Identity SAML 2.0 library contains a function to bind the request that extracts private key from signing certificate.
if(certificate is Saml2X509Certificate)
{
return (certificate as Saml2X509Certificate).GetRSAPrivateKey();
}
else
{
return certificate.GetRSAPrivateKey();
}
It works on local machine but on azure, it is giving the following error.
System.Security.Cryptography.CryptographicException: Invalid provider type specified.
at System.Security.Cryptography.Utils.CreateProvHandle(CspParameters parameters, Boolean
randomKeyContainer)
at System.Security.Cryptography.Utils.GetKeyPairHelper(CspAlgorithmType keyType, CspParameters
parameters, Boolean randomKeyContainer, Int32 dwKeySize, SafeProvHandle& safeProvHandle, SafeKeyHandle&
safeKeyHandle)
at System.Security.Cryptography.RSACryptoServiceProvider.GetKeyPair()
at System.Security.Cryptography.RSACryptoServiceProvider..ctor(Int32 dwKeySize, CspParameters
parameters, Boolean useDefaultKeySize)
at System.Security.Cryptography.X509Certificates.X509Certificate2.get_PrivateKey()
at System.Security.Cryptography.X509Certificates.RSACertificateExtensions.GetRSAPrivateKey(X509Certificate2 certificate)
at ITfoxtec.Identity.Saml2.X509Certificate2Extensions.GetSamlRSAPrivateKey(X509Certificate2 certificate)
at ITfoxtec.Identity.Saml2.Saml2Binding1.BindInternal(Saml2Request saml2RequestResponse)
at ITfoxtec.Identity.Saml2.Saml2RedirectBinding.BindInternal(Saml2Request saml2RequestResponse, String messageName)
at ITfoxtec.Identity.Saml2.Saml2Binding1.Bind(Saml2Request saml2Request) Not sure whether it is saml library issue or azure configuration issue since it works on local machine. I am using the certificate provided in the test webapp example. So, it doesn't look corrupted.
Does anyone know the reason behind this?
Upvotes: 1
Views: 625
Answers (1)
Reputation: 4334
If you are using an Azure App Service, maybe the problem is that you need to make the SSL/TLS certificates private key accessible for your web application.
Adding an app setting named WEBSITE_LOAD_CERTIFICATES with its value set to the thumbprint of the certificate will make it accessible to your web application.
Upvotes: 1
Related Questions
- ITfoxtec SAML 2.0 Azure Ad Certificate Format Issue .Cer to .PFX
- Azure AD: getting Invalid X509 certificate chain when Unbind with itfoxtec
- Adding Certificate .CER to SAML2 Configuration ITfoxtec.Identity.Saml2
- ID4037: The key needed to verify the signature could not be resolved from the following security key identifier
- InvalidSignatureException: Signature is invalid
- Certificate issue on LogoutResponse from Azure AD
- OpenAM ITfoxtec Saml2 invalid signature response?
- Configure SAML Single Sign-on in Azure with ITfoxtec SAML 2.0
- PEM_read_bio_PUBKEY failed while sending signed SAMLRequest to Auth0
- Multiple certificates for Issuer ITfoxtec.Identity.Saml2