Reputation: 31
ITfoxtec SAML 2.0 Azure Ad Certificate Format Issue .Cer to .PFX
I'm trying to implement SSO SAML authentication in .Net Core 3.1 with Azure AD Following this Guid Here
My questions are: Can I remove the code that refers to SigningCertificatePassword (.pfx file) and add reference to my .cer file because Azure Ad only Give .cer/.pem files and while ITfoxtec SAML 2.0 only support .PFX file so How can I convert those files?
Upvotes: 3
Views: 895
Answers (2)
Reputation: 4334
A PXT certificate contain both the privat and public key. a DER certificate only contain the public key.
You need to create you own PXT certificate for your application or possible use the same certificated used for TLS/SSL.
.NET sample code which show how to create a certificate in .NET: https://github.com/ITfoxtec/FoxIDs.Samples/blob/b6dd1f8211015a5b366ce2b062dde481e38848fc/src/FoxIDs.SampleHelperLibrary/TestCertificate.cs
using (var rsa = RSA.Create(2048))
{
var certRequest = new CertificateRequest(
$"CN={cn}, O=FoxIDs",
rsa,
HashAlgorithmName.SHA256,
RSASignaturePadding.Pkcs1);
certRequest.CertificateExtensions.Add(
new X509BasicConstraintsExtension(false, false, 0, false));
certRequest.CertificateExtensions.Add(
new X509SubjectKeyIdentifierExtension(certRequest.PublicKey, false));
certRequest.CertificateExtensions.Add(
new X509KeyUsageExtension(
X509KeyUsageFlags.DigitalSignature | X509KeyUsageFlags.KeyEncipherment | X509KeyUsageFlags.DataEncipherment | X509KeyUsageFlags.KeyAgreement,
false));
var now = DateTimeOffset.UtcNow;
var cert = certRequest.CreateSelfSigned(now.AddDays(-1), now.AddYears(100));
File.WriteAllBytes(PfxFile(path, cn), cert.Export(X509ContentType.Pfx));
File.WriteAllBytes(CrtFile(path, cn), cert.Export(X509ContentType.Cert));
}
Upvotes: 0
Reputation: 2755
A PFX is a complete bundle (Keystore) consisting of a certificate and its private key. So if you have got both then you can add those entities to the Keystore.
openssl pkcs12 -inkey private_key.pem -in certificate.cert -export -out keystore.pfx
Upvotes: 1
Related Questions
- Azure AD: getting Invalid X509 certificate chain when Unbind with itfoxtec
- Adding Certificate .CER to SAML2 Configuration ITfoxtec.Identity.Saml2
- InvalidSignatureException: Signature is invalid
- Certificate issue on LogoutResponse from Azure AD
- ITfoxtec - ADFS SAML2 The remote certificate is invalid according to the validation procedure
- Configure SAML Single Sign-on in Azure with ITfoxtec SAML 2.0
- PEM_read_bio_PUBKEY failed while sending signed SAMLRequest to Auth0
- SAML binding: Error getting X509Certificate2.PrivateKey on Azure
- SigningCertificateFile.pfx needed?
- Azure AD SAML authentication signing certificate change