Jump to content

Onelogin SAML2


Recommended Posts

We followed instructions for SAML2/Onelogin setup in the 'Security Manual'


Getting the following error while doing the SAML2 authentication


We are using V8.6 (Build 8679) 


Error Code = An X.509 encryption certificate for the local service provider hasn't been configured., StackTrace =    at ComponentSpace.SAML2.InternalSAMLServiceProvider.GetLocalServiceProviderEncryptionCertificates()

   at ComponentSpace.SAML2.InternalSAMLServiceProvider.DecryptSAMLAssertion(Object samlAssertion)

   at ComponentSpace.SAML2.InternalSAMLServiceProvider.GetSAMLAssertion(SAMLResponse samlResponse, XmlElement samlResponseElement)

   at ComponentSpace.SAML2.InternalSAMLServiceProvider.ProcessSAMLResponse(XmlElement samlResponseElement, Boolean& isInResponseTo, String& authnContext, String& userName, SAMLAttribute[]& attributes)

   at ComponentSpace.SAML2.InternalSAMLServiceProvider.ReceiveSSO(HttpRequest httpRequest, Boolean& isInResponseTo, String& partnerIdP, String& authnContext, String& userName, SAMLAttribute[]& attributes, String& relayState)

   at logins_saml_default.ProcessSAMLAuthentication()

Link to comment
Share on other sites

Nevermind it is working now. 


I was using a different connector on the Onelogin. I used the 'SAML Test Connector (IdP w/attr)' now 


The problem I have is it's still promptly for User/Password. I don't want to save the user/password in the browser. 





Link to comment
Share on other sites

Thanks for your response. 


No it looks like the prompt is coming from the Passwordstate only not the local browser. If I just click cancel it's showing 

the following message. Is there any way to get rid of this now that it's doing SAML2 through Onelogin


You do not have permission to view this directory or page.



Link to comment
Share on other sites

Let me post the screenshot shortly and try the various options in the URL


In the mean time, can it be related with having the following option in the 'web.config' file 


<authentication mode="Windows" />



Link to comment
Share on other sites

Besides the 'Windows Authentication' I also enabled the 'Anonymous Authentication' on the passwordstate site. 


It is now working as expected but I'm not sure about security implications with having 'Anonymous auth' enabled.

We do have network/firewall to block other networks from accessing the site


Any recommendations/suggestions?

Link to comment
Share on other sites



Enabling Anonymous Authentication is fine, and this is the default for all installs of Passwordstate - access to the site must still be authenticated before access if granted.



Click Studios

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...