I am getting following error in my web service when using x509 Certificate to authenticate the client.
X509Certificate2 Clnt = new X509Certificate2 (HttpContext.Current.Request.ClientCertificate.Certificate);
The error is
System.Web.Services.Protocols.SoapException: Server was unable to process request. ---> System.Security.Cryptography.CryptographicException: m_safeCertContext is an invalid handle.
at System.Security.Cryptography.X509Certificates.X509Certificate.get_Issuer()
at Service.HelloWorld() in c:\MyWorkSpace\SecuredWS\App_Code\Service.cs:line 40
--- End of inner exception stack trace
Can any one put some light on it as why i am getting m_safeCertContext as null.
Regars
Finally, We solved this issue. If anyone interested to know i can put resolution here.
Related
I just installed OpenAM 13.0.0, created an hosted IDP, and registered a remote SP.
Within the remote SP (a product called Questetra), I configured the entityID, login URL, logout URL, and certificate using values found in the XML at http://idp:8080/openam/saml2/jsp/exportmetadata.jsp?entityid=http://idp:8080/openam&realm=/
Problem: OpenAM says 500 Internal Server Error at the step where the browser loads the successURL.
Any idea what is happening?
Any tips on how to debug? There is nothing special in the Tomcat and OpenAM logs.
Shortened Wireshark trace
HTTP/1.1 200 OK
[...]
{"successURL":"/SSORedirect/metaAlias/idp?ReqID=a41de50e29c99ff3422f82b7g660ch6&index=null&acsURL=http%3A%2F%2Fthesp%3A8080%2Fuserweb%2Fsaml%2FSSO%2Falias%2Fbpm&spEntityID=http%3A%2F%2Fthesp%3A8080%2Fuserweb%2F&binding=urn%3Aoasis%3Anames%3Atc%3ASAML%3A2.0%3Abindings%3AHTTP-POST"}
GET /openam/SSORedirect/metaAlias/idp?ReqID=a41de50e29c99ff3422f82b7g660ch6&index=null&acsURL=http%3A%2F%2Fthesp%3A8080%2Fuserweb%2Fsaml%2FSSO%2Falias%2Fbpm&spEntityID=http%3A%2F%2Fthesp%3A8080%2Fuserweb%2F&binding=urn%3Aoasis%3Anames%3Atc%3ASAML%3A2.0%3Abindings%3AHTTP-POST HTTP/1.1
[...]
HTTP/1.1 500 Internal Server Error
[...]
<html>[...]HTTP Status 500 - Unable to do Single Sign On or Federation[...]</html>
Full trace at https://gist.github.com/nicolas-raoul/5ff26f37a95bc8088c6af7fe6ea5e468
Tomcat 7.0.72, Ubuntu 2016.04.1 LTS, Firefox 50.1.0
I solved this same error by taking the Certificate value directly from the metadata file exported from OpenAM and entering that directly again, to ensure that it was the exact same.
Have called many restful services from asp before - but this one has me stumped.
First my func looks like
Set objHTTP = Server.CreateObject("MSXML2.ServerXMLHTTP")
with objHTTP
.open "post", x_posturl, False
.setRequestHeader "Content-Type", "application/x-www-form-urlencoded"
.send x_xmlstr
end with
and the error returned is
msxml3.dll error '80072f0d' The certificate authority is invalid or
incorrect
so, googled a bit and suggestion was to add line
.setOption 2, 13056
this gives error
msxml3.dll error '80072f0c' A certificate is required to complete
client authentication
I then contacted service supplier and they suggested
Click on the certificate error next to the address bar, view the
certificate, select Details, select Copy to File, and download it to a
file. Install that into your trusted certificates on your server to
stop the error appearing when trying to submit data.
So, tried that using instructions here - but still no joy, any help appreciated
It seems like the server located at x_posturl has a certificate that is misconfigured, or that your client computer doesn't contain/recognize the certificate's root authority (most likely). There are a few options to fix:
Have them fix their certificate if it's misconfigured.
If their certificate is valid, but with a root authority your machine doesn't recognize, then you need to install the root authority certificate locally.
Instruct MSXML2.ServerXMLHTTP to ignore certificate errors, which appears to be answered here: VBA ServerXMLHTTP https request with self signed certificate
Change x_posturl to start with http:// instead of https://— if it's supported by the provider. Would not recommend this in a production scenario though.
Can you share specifically what x_posturl is? We should be able to debug by looking at the SSL handshake.
I was able to find the solution by passing in a param.
objHTTP.SetOption 2, objHTTP.GetOption(2)
Dim objHTTP
Set objHTTP = Server.CreateObject("MSXML2.ServerXMLHTTP")
objHTTP.SetOption 2, objHTTP.GetOption(2)
objHTTP.Open "post", x_posturl, False
objHTTP.SetRequestHeader "Content-Type", "application/x-www-form-urlencoded"
objHTTP.Send x_xmlstr
After I invoke single-log-out (SLO), by calling 'GET' on https://[PingFederate Server Instance]:[Port]/sp/startSLO.ping, my PingFederate server begins making requests to my SP logout services. [I know this because I can see it happening in Fiddler.]
But when one my SPs invokes “https://<PingFederate DNS>:XXXX” + request.getParameter(“resume”); (per #Scott T.'s answer here), I get an error message:
Error - Single Logout Nonsuccess Response status:
urn:oasis:names:tc:SAML:2.0:status:Requester Status Message: Invalid
signature Your Single Logout request did not complete successfully. To
logout out of your Identity Provider and each Service Provider, close
all your browser windows. Partner: XXXX:IDP Target Resource:
http://<domain>/<default SLO endpoint>
My Questions:
What is this error message referring to?
How can I resolve this error condition?
This error is likely due to a mismatch in configuration between IdP and SP. The signing keys/certificate for SAML messages used at one end, must match the verification certificate at the other end. Check your Credentials configuration on your connection for both IdP and SP. See this section in the PingFederate Administration Guide for some details.
Could someone please help me? I am trying to create a project in project server programatically (PSI webservice) but am failing to do so because of the error below. Does anyone know what might be the issue? I am also getting this error when attempting to update the web service in VS2008.
Here is the error and it happens when I call QueueCreateProject (see code below):
System.ServiceModel.Security.MessageSecurityException: The HTTP request is unauthorized with client authentication scheme 'Anonymous'. The authentication header received from the server was 'NTLM'. ---> System.Net.WebException: The remote server returned an error: (401) Unauthorized.
at System.Net.HttpWebRequest.GetResponse()
at System.ServiceModel.Channels.HttpChannelFactory.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan timeout)
--- End of inner exception stack trace ---
Here is the code:
objProject = new pstest.ProjectWS.ProjectSoapClient();
dsProjectDataSet = new pstest.ProjectWS.ProjectDataSet();
ProjectWS.ProjectDataSet.ProjectRow projectRow = dsProjectDataSet.Project.NewProjectRow();
Guid _projectGUID = Guid.NewGuid(); // new GUID for each project
projectRow.PROJ_UID = _projectGUID;
projectRow.PROJ_NAME = "My new Project";
projectRow.PROJ_INFO_START_DATE = System.DateTime.Now;
projectRow.PROJ_TYPE = 0; //0 is for project and 1 is for template
dsProjectDataSet.Project.AddProjectRow(projectRow);
//create a project using project.asmx
objProject.QueueCreateProject(Guid.NewGuid(), dsProjectDataSet,false);
Most likely your app.config is misconfigured. Depending on your security configuration, you probably need to change part of it:
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Ntlm"/>
</security>
Take a look at this thread for more information.
I am creating an NSURLMutableRequest and setting HTTP methods and content-types and such. All was working fine until my last compile. I now get this in the Console, but the app doesn't crash:
CODE:
Internal error.
Exception from other package:
javax.net.ssl.SSLException: Connection has been shutdown: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found
and then the program continues. Code can be posted if you need it. The URL I am contacting is:
https://apps.quickbooks.com/j/AppGateway
This is VERISIGN not some Joe Blow make-your-own SSL cert.
Thanks guys!
Should have researched. QBOE XML processor is down.