ComponentSpace

Forums



Required format for IdP certificate


Required format for IdP certificate

Author
Message
naxtell
naxtell
New Member
New Member (8 reputation)New Member (8 reputation)New Member (8 reputation)New Member (8 reputation)New Member (8 reputation)New Member (8 reputation)New Member (8 reputation)New Member (8 reputation)New Member (8 reputation)

Group: Forum Members
Posts: 6, Visits: 46
I have a client that is currently using the Low Level API implementation with SAML v2.0 for .NET4 (2.5.0.0). We are planning an upgrade to the latest version and have purchased the upgraded ComponentSpace software, however the Identity Provider is updating their certificate this weekend. They have provided x509 certificate supposedly in DER PEM(?) format.
-----BEGIN CERTIFICATE-----
[...]
-----END CERTIFICATE-----

In an old email from the original developer he states the following, however we don't have any process documented:
I converted the certificate that [the Identity Provider] sent to the format that the ComponentSpace SAML library wants...

When I look at the CER file that the developer generated in NotePad++, I see a lot of special characters along with some plain text that reads "DigiCert" and also the name of the Identity Provider.
Could you tell me what I should do to generate the CER file that ComponentSpace requires?
Thanks!
naxtell
naxtell
New Member
New Member (8 reputation)New Member (8 reputation)New Member (8 reputation)New Member (8 reputation)New Member (8 reputation)New Member (8 reputation)New Member (8 reputation)New Member (8 reputation)New Member (8 reputation)

Group: Forum Members
Posts: 6, Visits: 46
I believe the previous developer may have used the sample project MetadataExample as I see some customizations. I can't tell how the developer made it from there to generating a CER file that ComponentSpace can use in the following Verify() call:

var x509Certificate = X509Certificate2(fileName, null, X509KeyStorageFlags.MachineKeySet);
if (SAMLMessageSignature.Verify(samlResponseXml, x509Certificate))
{
      samlResponse = new SAMLResponse(samlResponseXml);
}

When I attempt to simply use the PEM certificate, the Verify function fails.
ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
We use the X509Certificate2 class to load certificates. Certificates can either be in ASCII (ie PEM/PKCS7) or binary (ie DER) encoding.

If you can double click the certificate file and Windows opens it as a certificate, it should load through the X509Certificate2 class.

If you're seeing non-printing characters, it's most likely in the binary DER format. However, the ASCII format with the optional  -----BEGIN CERTIFICATE-----/-----END CERTIFICATE----- markers is perfectly acceptable and more commonly used. You should be able to use the provided certificate without requiring any conversion.

Regards
ComponentSpace Development
GO


Similar Topics


Execution: 0.000. 1 query. Compression Enabled.
Login
Existing Account
Email Address:


Password:


Select a Forum....












Forums, Documentation & Knowledge Base - ComponentSpace


Search