Description
Upon attempting to login to a website like WebEx while using SP initiated SAML request, you get this error:
Error: at System.Security.Cryptography.Utils.CreateProvHandle(CspParameters parameters, Boolean randomKeyContainer) at System.Security.Cryptography.Utils.GetKeyPairHelper(CspAlgorithmType keyType, CspParameters parameters, Boolean randomKeyContainer, Int32 dwKeySize, SafeProvHandle& safeProvHandle, SafeKeyHandle& safeKeyHandle) at System.Security.Cryptography.RSACryptoServiceProvider.GetKeyPair() at System.Security.Cryptography.X509Certificates.X509Certificate2.get_PrivateKey() at MFC.WebApp.SecureAuth.SAML20SPInit.CreateSAMLResponse(AuthnRequest authnRequest, String sUser) at MFC.WebApp.SecureAuth.SAML20SPInit.Page_Load(Object sender, EventArgs e)
Resolution
- The certificate is mismatched between the Service Provider and the SecureAuth realm
- The security in this certificate does not allow the group “Network Service” to read the certificate.
- When there is an environment with 2 or more SecureAuth appliances:
- The Load Balancer is not set to “persistent” load balancing, so the traffic is flip flopping between server 1 and 2 and getting confused
- The Forms Auth/SSO Token is not set up properly on the SecureAuth realm level
- One of the servers does not have the correct certificate selected for that realm
Comments
Please sign in to leave a comment.