Certificate find error



The cause of this error is the formatting of the following value in web.config:


   <SigningCertificate findValue="CN=*.presentations2go.eu,OU=Domain Control Validated, O=*.presentations2go.eu" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectDistinguishedName" />


In the highlighted text you see there is no space character between the comma and OU.  It should be there.


   <SigningCertificate findValue="CN=*.presentations2go.eu, OU=Domain Control Validated, O=*.presentations2go.eu" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectDistinguishedName" />

Error after login



This error means the certificate cannot be read by the application.

To solve this, you need to give NetworkService account access to the private key (See 2 above).

The signature of the incoming message is invalid



This error is caused by the saml server (IdP) adding a signature in their metadata.

This can be solved either by making sure the signature is in the metadata or by ignoring the SignatureCheck.


To ignore the signaturecheck change web.config <IDPEndPoints> element setting:


<add id="https://My.SamlServer.com/authentication/idp/metadata">


to


<add id=" https://My.SamlServer.com" omitAssertionSignatureCheck="true">


Subject still cannot be found


In some situations, the certificate cannot be read using the x509FindType="FindBySubjectDistinguishedName". In that case you can use another method to find the certificate for example by using x509FindType= x509FindType="FindByThumbprint". Of course, you will need to supply the thumbprint as the SigningCertificate findValue