Need help with the 500 Internal Server Error while authenticating Azure Active Directory using SAML in .Net 6.0 Core

Swamynathan Karthikeyan 5 Reputation points
2023-12-22T14:25:08.7733333+00:00

I'm getting the 500 Internal Server Error while authenticating Azure Active Directory using SAML in .Net 6.0 Core. The same piece of code works in Dev and Qa but fails in Prod environment.

Below is the error message:

IDX20803: Unable to obtain configuration from: 'System.String'. ==>    
at Microsoft.IdentityModel.Protocols.ConfigurationManager`1.GetConfigurationAsync(CancellationToken cancel)\r\n   
at Microsoft.AspNetCore.Authentication.WsFederation.WsFederationHandler.HandleChallengeAsync(AuthenticationProperties properties)\r\n   
at Microsoft.AspNetCore.Authentication.AuthenticationHandler`1.ChallengeAsync(AuthenticationProperties properties)\r\n   
at Microsoft.AspNetCore.Authentication.AuthenticationService.ChallengeAsync(HttpContext context, String scheme, AuthenticationProperties properties)\r\n   
at Microsoft.AspNetCore.Authorization.Policy.AuthorizationMiddlewareResultHandler.HandleAsync(RequestDelegate next, HttpContext context, AuthorizationPolicy policy, PolicyAuthorizationResult authorizeResult)\r\n   
at Microsoft.AspNetCore.Authorization.AuthorizationMiddleware.Invoke(HttpContext context)\r\n   
at Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware.<Invoke>g__Awaited|6_0(ExceptionHandlerMiddleware middleware, HttpContext context, Task task)

Below is the code in Starup.cs -> ConfigureServices




 var rawCertData = Convert.FromBase64String(Configuration.GetValue<string>("SamlBase64String"));
 X509Certificate2 cert = new X509Certificate2(rawCertData);
 SecurityKey signingKey = new X509SecurityKey(cert);

 var _tokenValidationParameters = new TokenValidationParameters
 {
     ValidateIssuer = true,
     ValidateAudience = false,
     ValidateLifetime = true,
     ValidateIssuerSigningKey = true,
     ValidAudience = Configuration.GetValue<string>("SamlentityId"),
     IssuerSigningKey = signingKey
 };
 servicesCollection.AddAuthentication(sharedOptions =>
 {
     sharedOptions.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
     sharedOptions.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
     sharedOptions.DefaultChallengeScheme = WsFederationDefaults.AuthenticationScheme;
 })
.AddWsFederation(options =>
{
    options.Wtrealm = Configuration.GetValue<string>("SamlentityId");
    options.MetadataAddress = Configuration.GetValue<string>("SamlMetadataAddress");
    options.CallbackPath = Configuration.GetValue<string>("SamlCallbackPath");
    options.TokenValidationParameters = _tokenValidationParameters;
    options.RequireHttpsMetadata = true;

    options.Events.OnSecurityTokenValidated = async ctx =>
    {
		//Get valid used from ctx 
Developer technologies | ASP.NET | ASP.NET Core
Windows for business | Windows Client for IT Pros | Directory services | Active Directory
{count} votes

1 answer

Sort by: Most helpful
  1. TuanNguyen-4398 0 Reputation points
    2023-12-22T14:29:06.9433333+00:00

    Please update

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.