That exception isn't related to the certificate being expired etc. There's an issue attempting to load the public key. Unfortunately the Windows Crypto API error reporting is a bit terse. The "internal error" could result from a number of issues. Please try each of the following, one at a time. 1. Restart IIS. 2. Confirm the CNG Key Isolation Windows service is running. 3. Under the advanced settings for the application pool in IIS, ensure Load User Profile is set to true. 4. Under the advanced settings for the application pool in IIS, change the Identity to ApplicationPoolIdentity. 5. If the certificate is stored on the file system, confirm that the account under which the application is running has read permission to the certificate file. 6. Import the certificate into the Windows Certificate store and then export it as a base-64 encoded certificate file. Use the exported certificate file. I suggest trying each of the above individually and retesting before moving onto the next so you can identify which step resolved the issue. Let us know which, if any, of these steps resolved the issue. If none of these suggestions help, please enable SAML trace and send the generated log file as an email attachment to [email protected] mentioning your forum post. https://www.componentspace.com/Forums/17/Enabing-SAML-Trace
Regards ComponentSpace Development
|