I am trying to get a web application set up with itfoxtec saml2 and my sso provider (Duo) only provides a crt certificate (not a pfx).
I tried to use it without having a certificate and on a secure page's request, I am redirected to Duo's authentication, but on the redirect back, I receive the following error:
InvalidSignatureException: Signature is invalid.
I have tried to add the certificate using the below code in my Program.cs:
// snip
saml2Configuration.SigningCertificate = CertificateUtil.Load(builder.Environment.MapToPhysicalFilePath(configuration["Saml2:SigningCertificateFile"]));
saml2Configuration.CertificateValidationMode = X509CertificateValidationMode.None;
saml2Configuration.RevocationMode = X509RevocationMode.NoCheck;
// snip
When I do this, I get the following when I try to access a secure page:
ArgumentException: No RSA Private Key present in Signing Certificate or missing private key read credentials.
Thank you for any insight into this.
You need to add the certificate received from the IdP to the SignatureValidationCertificates collection: https://github.com/ITfoxtec/ITfoxtec.Identity.Saml2/blob/master/test/TestWebAppCore/Startup.cs#L38
And not set it as your SigningCertificate.