I am using Azure AD as ADFS and I get response from it in the ACS route, however I am getting:
AuthenticationException: Invalid X509 certificate chain. Certificate name:'CN=accounts.accesscontrol.windows.net' and thumbprint:'9CEA376******251D1F'. Chain Status:'A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.'..
When running: binding.Unbind(httpRequest, saml2AuthnResponse); Note that same Saml2Configuration was done in the request and in the response.
any idea what could be the problem?
For the chain to validate successfully. The certificates root certificate has to be installed on the machine as a trusted root certificate. This is not possible in e.g. a Azure App Service.
The check kan be disabled by configuring "CertificateValidationMode": "None" in appsettings.json.
Sample code: https://github.com/ITfoxtec/ITfoxtec.Identity.Saml2/blob/master/test/TestWebAppCore/appsettings.json#L19