Reputation: 87
Azure AD: getting Invalid X509 certificate chain when Unbind with itfoxtec
I am using Azure AD as ADFS and I get response from it in the ACS route, however I am getting:
AuthenticationException: Invalid X509 certificate chain. Certificate name:'CN=accounts.accesscontrol.windows.net' and thumbprint:'9CEA376******251D1F'. Chain Status:'A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.'..
When running: binding.Unbind(httpRequest, saml2AuthnResponse); Note that same Saml2Configuration was done in the request and in the response.
any idea what could be the problem?
Upvotes: 3
Views: 1599
Answers (1)
Reputation: 4334
For the chain to validate successfully. The certificates root certificate has to be installed on the machine as a trusted root certificate. This is not possible in e.g. a Azure App Service.
The check kan be disabled by configuring "CertificateValidationMode": "None" in appsettings.json.
Sample code: https://github.com/ITfoxtec/ITfoxtec.Identity.Saml2/blob/master/test/TestWebAppCore/appsettings.json#L19
Upvotes: 2
Related Questions
- ITfoxtec SAML 2.0 Azure Ad Certificate Format Issue .Cer to .PFX
- Adding Certificate .CER to SAML2 Configuration ITfoxtec.Identity.Saml2
- ADFS IDX10214: Audience validation failed
- Wrong Issuer in ClaimsIdentity on Itfoxtec binding
- Certificate issue on LogoutResponse from Azure AD
- Signature is invalid while calling Saml2PostBinding.Unbind()
- ITfoxtec - ADFS SAML2 The remote certificate is invalid according to the validation procedure
- IDX10501: Signature validation failed. Unable to match key
- Configure SAML Single Sign-on in Azure with ITfoxtec SAML 2.0
- SAML binding: Error getting X509Certificate2.PrivateKey on Azure