immac Posted May 10, 2019 Share Posted May 10, 2019 We followed instructions for SAML2/Onelogin setup in the 'Security Manual' Getting the following error while doing the SAML2 authentication We are using V8.6 (Build 8679) Error Code = An X.509 encryption certificate for the local service provider hasn't been configured., StackTrace = at ComponentSpace.SAML2.InternalSAMLServiceProvider.GetLocalServiceProviderEncryptionCertificates() at ComponentSpace.SAML2.InternalSAMLServiceProvider.DecryptSAMLAssertion(Object samlAssertion) at ComponentSpace.SAML2.InternalSAMLServiceProvider.GetSAMLAssertion(SAMLResponse samlResponse, XmlElement samlResponseElement) at ComponentSpace.SAML2.InternalSAMLServiceProvider.ProcessSAMLResponse(XmlElement samlResponseElement, Boolean& isInResponseTo, String& authnContext, String& userName, SAMLAttribute[]& attributes) at ComponentSpace.SAML2.InternalSAMLServiceProvider.ReceiveSSO(HttpRequest httpRequest, Boolean& isInResponseTo, String& partnerIdP, String& authnContext, String& userName, SAMLAttribute[]& attributes, String& relayState) at logins_saml_default.ProcessSAMLAuthentication() Link to comment Share on other sites More sharing options...
immac Posted May 10, 2019 Author Share Posted May 10, 2019 Nevermind it is working now. I was using a different connector on the Onelogin. I used the 'SAML Test Connector (IdP w/attr)' now The problem I have is it's still promptly for User/Password. I don't want to save the user/password in the browser. Link to comment Share on other sites More sharing options...
support Posted May 10, 2019 Share Posted May 10, 2019 Hi immac, For the prompting, are you saying the browser is prompting you to save logins i.e. it's not Passwordstate? If so, you will need to disable this feature in your browser. Regards Click Studios Link to comment Share on other sites More sharing options...
immac Posted May 15, 2019 Author Share Posted May 15, 2019 Thanks for your response. No it looks like the prompt is coming from the Passwordstate only not the local browser. If I just click cancel it's showing the following message. Is there any way to get rid of this now that it's doing SAML2 through Onelogin You do not have permission to view this directory or page. Link to comment Share on other sites More sharing options...
support Posted May 15, 2019 Share Posted May 15, 2019 Hi, Could you provide a screenshot. based on the message after clicking Cancel, I do not believe Passwordstate is doing this? Maybe the following forum post will help with this prompt - https://www.clickstudios.com.au/community/index.php?/topic/152-why-am-i-being-prompted-to-enter-my-authentication-details/ Regards Click Studios Link to comment Share on other sites More sharing options...
immac Posted May 16, 2019 Author Share Posted May 16, 2019 Let me post the screenshot shortly and try the various options in the URL In the mean time, can it be related with having the following option in the 'web.config' file <authentication mode="Windows" /> Thanks, Link to comment Share on other sites More sharing options...
immac Posted May 16, 2019 Author Share Posted May 16, 2019 Besides the 'Windows Authentication' I also enabled the 'Anonymous Authentication' on the passwordstate site. It is now working as expected but I'm not sure about security implications with having 'Anonymous auth' enabled. We do have network/firewall to block other networks from accessing the site Any recommendations/suggestions? Link to comment Share on other sites More sharing options...
support Posted May 17, 2019 Share Posted May 17, 2019 Hello, Enabling Anonymous Authentication is fine, and this is the default for all installs of Passwordstate - access to the site must still be authenticated before access if granted. Regards Click Studios Link to comment Share on other sites More sharing options...
immac Posted May 17, 2019 Author Share Posted May 17, 2019 Thanks for your feedback Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now