Click here to Skip to main content
16,017,986 members
Please Sign up or sign in to vote.
0.00/5 (No votes)
See more:
I want to implement SSO for ADFS 2.0 using Fedlet.

I am getting following error while Fedlet (SP) initiated Single Sign-On using HTTP POST binding

XML can not be signed due to either empty or unknown signature certificate alias in extended metadata.

I am using following part in the sp.xml file
HTML
    <SPSSODescriptor AuthnRequestsSigned="true" WantAssertionsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
		<KeyDescriptor use="signing">
            <dsig:KeyInfo xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
                <dsig:X509Data>
                    <dsig:X509Certificate>
                        30 82 01 0a 02 82 01 01 00 86 8b 27 30 03 35 3a 07 3a 20 96 d6 ed f4 b3 17 92 a0 d0 78 21 90 72 e3 26 9e bf 79 25 ee 56 ae e6 5b 0d 84 21 02 18 9b d3 df 55 8c 31 b0 6c bd 60 d4 d9 6e 4b 16 f6 96 34 e2 df 97 7e 0a 43 be e7 cc a3 7a 9c b9 d5 5a a0 8d fa 19 62 c8 85 58 ca 39 a7 51 57 94 6a bd 83 b1 03 ec 40 d1 6a 83 ac 48 9b 22 3d 7c 47 eb 75 a7 e3 2f 10 26 aa 51 31 56 9a bf 98 df bc b5 b2 a0 61 31 8d 18 26 cc fd 07 65 1c 4a fc 0a 32 6e 19 44 43 63 d6 b3 80 de f0 f6 83 a1 14 89 df ad 46 7d 0e c0 a7 86 77 95 08 12 9c f6 19 17 85 e1 b6 25 b0 04 2c 48 e4 27 21 fb 8f 42 91 33 95 57 6e 7c 50 13 93 91 ac 59 f5 7a 31 9e 83 8e bd 6a fd 56 79 8e 84 80 e2 04 9e 1a 85 15 79 5b 60 92 1a ac 90 13 9b 66 f5 e6 f7 d0 2a 2c 7d 23 71 15 53 bf 9c 3e c4 5c 6a b6 60 15 a1 14 03 e5 06 22 45 d7 bb 57 53 17 17 02 03 01 00 01

                    </dsig:X509Certificate>
                    <dsig:X509IssuerSerial>
                        <dsig:X509IssuerName>CN = ADFS Signing - site details.com</dsig:X509IssuerName>
                        <!--<dsig:X509SerialNumber>?a9 a3 d3 07 9d 1d 13 ba 79 7b 06 06 94 97 04 cc f6 fb 91 e3</dsig:X509SerialNumber>-->
                    </dsig:X509IssuerSerial>
                    <dsig:X509SubjectName>CN = ADFS Signing - site details.com</dsig:X509SubjectName>
                </dsig:X509Data>
            </dsig:KeyInfo>
</KeyDescriptor>


Is SSL is required for both Identity Provider(IdP) and Service provider(SP). We have active SSL certificate at Idp side but no active SSL at SP side. Is this problem is due to SSL certificate?
Posted
Comments
Sri Nivas (Vasu) 3-Feb-14 7:24am    
For this SP side SSL certificate has been configured. but getting same error can any oneplease help me on this. Thanks in advance.

1 solution

Yes SP side certificate would be required. I did same with OpenAM and there it was required.
 
Share this answer
 
Comments
Sri Nivas (Vasu) 3-Feb-14 7:23am    
SP side SSL certificate has been configured but still getting same error. Can you please help me on this?

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900