I am working on configuring a Service Provider, so far when the users lands on the page it redirects to the Identity Provider page so he can log in. After he logs in and hits enter, it tries to get back using the AssertionConsumerServiceUrl. I get the error: "An X.509 signature certificate for the partner identity provider
https://something.com/somefolder/saml2/idp/metadata.php hasn't been configured." when I call ReceiveSsoAsync on the AssertConsumerService function I am using.
Altough the metada.php will return the following xml. I just changed the certificate for three dots. Both Certificates are the same.
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="
http://www.w3.org/2000/09/xmldsig#" entityID="
https://something.com/somefolder/saml2/idp/metadata.php"><md:IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<md:KeyDescriptor use="signing">
<ds:KeyInfo xmlns:ds="
http://www.w3.org/2000/09/xmldsig#"><ds:X509Data>
<ds:X509Certificate>...</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</md:KeyDescriptor>
<md:KeyDescriptor use="encryption">
<ds:KeyInfo xmlns:ds="
http://www.w3.org/2000/09/xmldsig#"><ds:X509Data>
<ds:X509Certificate>...</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</md:KeyDescriptor>
<md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="
https://something.com/somefolder/saml2/idp/SingleLogoutService.php"/><md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</md:NameIDFormat>
<md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="
https://something.com/somefolder/saml2/idp/SSOService.php"/></md:IDPSSODescriptor>
<md:ContactPerson contactType="technical">
<md:GivenName>Somename</md:GivenName>
<md:SurName>Somesurname</md:SurName>
<md:EmailAddress>
[email protected]</md:EmailAddress>
</md:ContactPerson>
</md:EntityDescriptor>
In the samp:Response I am also getting a certificate in <ds:X509Certificate>
Any idas why this would be happening?
Thanks
Alex