I'm trying to implement SSO using SAML2 and ITfoxtec.Identity.Saml2 package in my ASP.NET MVC ( .NET 6.0 ). I have the metadata file of the IDP ( Azure AD ) and the .cer certificate file ( both given by the IDP ).
When i'm testing the assertion , i'm getting SAML response success and i can read the claims but when i come to unbind i get " Signature is invalid " , i think because i did not add the public key ( .cer file ) to the Saml config but i'm not sure.
I found how to configure .pfx certificate file ( which required password (private key) ),but not the case for the .cer.
Any ideas please ? Thanks.
It is enough to read the Azure AD IdP metadata. The IdP metadata contain the public .cer file.
You need to ensure that the code read the certificate correctly in the IdP metadata. Please use the following sample code as a reference.
foreach (var signingCertificate in entityDescriptor.IdPSsoDescriptor.SigningCertificates)
{
if (signingCertificate.IsValidLocalTime())
{
saml2Configuration.SignatureValidationCertificates.Add(signingCertificate);
}
}
if (saml2Configuration.SignatureValidationCertificates.Count <= 0)
{
throw new Exception("The IdP signing certificates has expired.");
}
if (entityDescriptor.IdPSsoDescriptor.WantAuthnRequestsSigned.HasValue)
{
saml2Configuration.SignAuthnRequest = entityDescriptor.IdPSsoDescriptor.WantAuthnRequestsSigned.Value;
}