I am having a problem with my certificates and creating a RSTR as string. The line of code is failing is,
string responseAsString = federationSerializer.GetResponseAsString(response, new WSTrustSerializationContext());
and the exception that is being thrown is (mapping the OID in the certificate to algorithm),
Object identifier (OID) is unknown.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.Security.Cryptography.CryptographicException: Object identifier (OID) is unknown.
[CryptographicException: Object identifier (OID) is unknown.]
System.Security.Cryptography.X509Certificates.X509Utils._GetAlgIdFromOid(String oid) +0
System.Security.Cryptography.X509Certificates.X509Utils.OidToAlgId(String oid) +37
System.Security.Cryptography.RSACryptoServiceProvider.SignHash(Byte[] rgbHash, String str) +61
System.Security.Cryptography.RSAPKCS1SignatureFormatter.CreateSignature(Byte[] rgbHash) +105
System.Security.Cryptography.AsymmetricSignatureFormatter.CreateSignature(HashAlgorithm hash) +48
Microsoft.IdentityModel.Protocols.XmlSignature.SignedXml.ComputeSignature(HashAlgorithm hash, AsymmetricSignatureFormatter formatter) +44
Microsoft.IdentityModel.Protocols.XmlSignature.SignedXml.ComputeSignature(SecurityKey signingKey) +362
Microsoft.IdentityModel.Protocols.XmlSignature.EnvelopedSignatureWriter.ComputeSignature() +135
Microsoft.IdentityModel.Protocols.XmlSignature.EnvelopedSignatureWriter.OnEndRootElement() +150
Microsoft.IdentityModel.Protocols.XmlSignature.EnvelopedSignatureWriter.WriteEndElement() +33
Microsoft.IdentityModel.Tokens.Saml11.Saml11SecurityTokenHandler.WriteAssertion(XmlWriter writer, SamlAssertion assertion) +577
Microsoft.IdentityModel.Tokens.Saml11.Saml11SecurityTokenHandler.WriteToken(XmlWriter writer, SecurityToken token) +44
Microsoft.IdentityModel.Tokens.EncryptedSecurityTokenHandler.WriteToken(XmlWriter writer, SecurityToken token) +225
Microsoft.IdentityModel.Tokens.SecurityTokenSerializerAdapter.WriteTokenCore(XmlWriter writer, SecurityToken token) +200
System.IdentityModel.Selectors.SecurityTokenSerializer.WriteToken(XmlWriter writer, SecurityToken token) +33
Microsoft.IdentityModel.Protocols.WSTrust.WSTrustSerializationHelper.WriteRSTRXml(XmlWriter writer, String elementName, Object elementValue, WSTrustSerializationContext context, WSTrustConstantsAdapter trustConstants) +714
Microsoft.IdentityModel.Protocols.WSTrust.WSTrustFeb2005ResponseSerializer.WriteXmlElement(XmlWriter writer, String elementName, Object elementValue, RequestSecurityTokenResponse rstr, WSTrustSerializationContext context) +71
Microsoft.IdentityModel.Protocols.WSTrust.WSTrustSerializationHelper.WriteKnownResponseElement(RequestSecurityTokenResponse rstr, XmlWriter writer, WSTrustSerializationContext context, WSTrustResponseSerializer responseSerializer, WSTrustConstantsAdapter trustConstants) +278
Microsoft.IdentityModel.Protocols.WSTrust.WSTrustFeb2005ResponseSerializer.WriteKnownResponseElement(RequestSecurityTokenResponse rstr, XmlWriter writer, WSTrustSerializationContext context) +42
Microsoft.IdentityModel.Protocols.WSTrust.WSTrustSerializationHelper.WriteResponse(RequestSecurityTokenResponse response, XmlWriter writer, WSTrustSerializationContext context, WSTrustResponseSerializer responseSerializer, WSTrustConstantsAdapter trustConstants) +195
Microsoft.IdentityModel.Protocols.WSTrust.WSTrustFeb2005ResponseSerializer.WriteXml(RequestSecurityTokenResponse response, XmlWriter writer, WSTrustSerializationContext context) +42
Microsoft.IdentityModel.Protocols.WSFederation.WSFederationSerializer.GetResponseAsString(RequestSecurityTokenResponse response, WSTrustSerializationContext context) +181
FederationPassiveSecureTokenService._Default.ProcessSignInRequest(SignInRequestMessage requestMessage) in Default.aspx.cs:109
FederationPassiveSecureTokenService._Default.Page_PreRender(Object sender, EventArgs e) in Default.aspx.cs:42
System.Web.Util.CalliHelper.EventArgFunctionCaller(IntPtr fp, Object o, Object t, EventArgs e) +14
System.Web.Util.CalliEventHandlerDelegateProxy.Callback(Object sender, EventArgs e) +35
System.Web.UI.Control.OnPreRender(EventArgs e) +8682870
System.Web.UI.Control.PreRenderRecursiveInternal() +80
System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +842
I assume it is the way I have used makecert.exe for my signing certificate. I am using makecert.exe. I have created my own root CA certificate which is the issue of my signing certificate. The command line I used to create my certificate is shown below (parameters are split onto new lines for ease of reading)
makecert.exe
-pe
-n "CN=RP STS"
-b 01/01/2009 -e 01/01/2036
-ss My
-sr localMachine
-sky exchange
-eku 1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.3
-iv CA-root.pvk
-ic CA-root.cer
I have granted the service account (Network Service) read access to the private key. I have also configured geneva as follows
<microsoft.identityModel>
<service>
<serviceCertificate>
<certificateReference x509FindType="FindBySubjectName"
findValue="RP STS"
storeLocation="LocalMachine"
storeName="My" />
</serviceCertificate>
I assume the options I used to create the certificate are incorrect. I had tried to use the
-sp "Microsoft RSA SChannel Cryptographic Provider" -sy 12
options, but same result. If someone could give me some suggestions, it would be much appreciated.
Phil Bolduc
Vancouver, BC
string responseAsString = federationSerializer.GetResponseAsString(response, new WSTrustSerializationContext());
and the exception that is being thrown is (mapping the OID in the certificate to algorithm),
Object identifier (OID) is unknown.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.Security.Cryptography.CryptographicException: Object identifier (OID) is unknown.
[CryptographicException: Object identifier (OID) is unknown.]
System.Security.Cryptography.X509Certificates.X509Utils._GetAlgIdFromOid(String oid) +0
System.Security.Cryptography.X509Certificates.X509Utils.OidToAlgId(String oid) +37
System.Security.Cryptography.RSACryptoServiceProvider.SignHash(Byte[] rgbHash, String str) +61
System.Security.Cryptography.RSAPKCS1SignatureFormatter.CreateSignature(Byte[] rgbHash) +105
System.Security.Cryptography.AsymmetricSignatureFormatter.CreateSignature(HashAlgorithm hash) +48
Microsoft.IdentityModel.Protocols.XmlSignature.SignedXml.ComputeSignature(HashAlgorithm hash, AsymmetricSignatureFormatter formatter) +44
Microsoft.IdentityModel.Protocols.XmlSignature.SignedXml.ComputeSignature(SecurityKey signingKey) +362
Microsoft.IdentityModel.Protocols.XmlSignature.EnvelopedSignatureWriter.ComputeSignature() +135
Microsoft.IdentityModel.Protocols.XmlSignature.EnvelopedSignatureWriter.OnEndRootElement() +150
Microsoft.IdentityModel.Protocols.XmlSignature.EnvelopedSignatureWriter.WriteEndElement() +33
Microsoft.IdentityModel.Tokens.Saml11.Saml11SecurityTokenHandler.WriteAssertion(XmlWriter writer, SamlAssertion assertion) +577
Microsoft.IdentityModel.Tokens.Saml11.Saml11SecurityTokenHandler.WriteToken(XmlWriter writer, SecurityToken token) +44
Microsoft.IdentityModel.Tokens.EncryptedSecurityTokenHandler.WriteToken(XmlWriter writer, SecurityToken token) +225
Microsoft.IdentityModel.Tokens.SecurityTokenSerializerAdapter.WriteTokenCore(XmlWriter writer, SecurityToken token) +200
System.IdentityModel.Selectors.SecurityTokenSerializer.WriteToken(XmlWriter writer, SecurityToken token) +33
Microsoft.IdentityModel.Protocols.WSTrust.WSTrustSerializationHelper.WriteRSTRXml(XmlWriter writer, String elementName, Object elementValue, WSTrustSerializationContext context, WSTrustConstantsAdapter trustConstants) +714
Microsoft.IdentityModel.Protocols.WSTrust.WSTrustFeb2005ResponseSerializer.WriteXmlElement(XmlWriter writer, String elementName, Object elementValue, RequestSecurityTokenResponse rstr, WSTrustSerializationContext context) +71
Microsoft.IdentityModel.Protocols.WSTrust.WSTrustSerializationHelper.WriteKnownResponseElement(RequestSecurityTokenResponse rstr, XmlWriter writer, WSTrustSerializationContext context, WSTrustResponseSerializer responseSerializer, WSTrustConstantsAdapter trustConstants) +278
Microsoft.IdentityModel.Protocols.WSTrust.WSTrustFeb2005ResponseSerializer.WriteKnownResponseElement(RequestSecurityTokenResponse rstr, XmlWriter writer, WSTrustSerializationContext context) +42
Microsoft.IdentityModel.Protocols.WSTrust.WSTrustSerializationHelper.WriteResponse(RequestSecurityTokenResponse response, XmlWriter writer, WSTrustSerializationContext context, WSTrustResponseSerializer responseSerializer, WSTrustConstantsAdapter trustConstants) +195
Microsoft.IdentityModel.Protocols.WSTrust.WSTrustFeb2005ResponseSerializer.WriteXml(RequestSecurityTokenResponse response, XmlWriter writer, WSTrustSerializationContext context) +42
Microsoft.IdentityModel.Protocols.WSFederation.WSFederationSerializer.GetResponseAsString(RequestSecurityTokenResponse response, WSTrustSerializationContext context) +181
FederationPassiveSecureTokenService._Default.ProcessSignInRequest(SignInRequestMessage requestMessage) in Default.aspx.cs:109
FederationPassiveSecureTokenService._Default.Page_PreRender(Object sender, EventArgs e) in Default.aspx.cs:42
System.Web.Util.CalliHelper.EventArgFunctionCaller(IntPtr fp, Object o, Object t, EventArgs e) +14
System.Web.Util.CalliEventHandlerDelegateProxy.Callback(Object sender, EventArgs e) +35
System.Web.UI.Control.OnPreRender(EventArgs e) +8682870
System.Web.UI.Control.PreRenderRecursiveInternal() +80
System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +842
I assume it is the way I have used makecert.exe for my signing certificate. I am using makecert.exe. I have created my own root CA certificate which is the issue of my signing certificate. The command line I used to create my certificate is shown below (parameters are split onto new lines for ease of reading)
makecert.exe
-pe
-n "CN=RP STS"
-b 01/01/2009 -e 01/01/2036
-ss My
-sr localMachine
-sky exchange
-eku 1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.3
-iv CA-root.pvk
-ic CA-root.cer
I have granted the service account (Network Service) read access to the private key. I have also configured geneva as follows
<microsoft.identityModel>
<service>
<serviceCertificate>
<certificateReference x509FindType="FindBySubjectName"
findValue="RP STS"
storeLocation="LocalMachine"
storeName="My" />
</serviceCertificate>
I assume the options I used to create the certificate are incorrect. I had tried to use the
-sp "Microsoft RSA SChannel Cryptographic Provider" -sy 12
options, but same result. If someone could give me some suggestions, it would be much appreciated.
Phil Bolduc
Vancouver, BC