Certificate find error


The cause of this error is the formatting of the following value in web.config:

   <SigningCertificate findValue="CN=*.presentations2go.eu,OU=Domain Control Validated, O=*.presentations2go.eu" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectDistinguishedName" />

In the highlighted text you see there is no space character between the comma and OU.  It should be there.

   <SigningCertificate findValue="CN=*.presentations2go.eu, OU=Domain Control Validated, O=*.presentations2go.eu" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectDistinguishedName" />

Error after login


This error means the certificate cannot be read by the application.

To solve this, you need to give NetworkService account access to the private key (See 2 above).

The signature of the incoming message is invalid


This error is caused by the saml server (IdP) adding a signature in their metadata.

This can be solved either by making sure the signature is in the metadata or by ignoring the SignatureCheck.

To ignore the signaturecheck change web.config <IDPEndPoints> element setting:

<add id="https://My.SamlServer.com/authentication/idp/metadata">

to

<add id=" https://My.SamlServer.com" omitAssertionSignatureCheck="true">

Subject still cannot be found


In some situations, the certificate cannot be read using the x509FindType="FindBySubjectDistinguishedName". In that case you can use another method to find the certificate for example by using x509FindType= x509FindType="FindByThumbprint". Of course you will need to supply the thumbprint as the SigningCertificate findValue