x509certificate - SharePoint 2010 Error The Signature of the certificate cannot be verified -


my client wants sharepoint web application authenticated using siteminder claims based sts web service agent. when web app started , authentication provider selected web app redirect login page , on correct credentials should redirect site. happening on correct credentials sharepoint web application returns following error:

any clue might reason? happy assist if additional information required.

notsignaturevalid: signature of certificate cannot verified. 1048576: unknown error.

exception details:

system.identitymodel.tokens.securitytokenvalidationexception: notsignaturevalid: signature of certificate cannot verified. 1048576: unknown error.

source error:

an unhandled exception generated during execution of current web request. information regarding origin , location of exception can identified using exception stack trace below.

stack trace:

[securitytokenvalidationexception: notsignaturevalid: signature of certificate cannot verified. 1048576: unknown error.] microsoft.sharepoint.spimmutablecertificatevalidator.validate(x509certificate2 certificate) +181 microsoft.sharepoint.spcertificatevalidator.validate(x509certificate2 certificate) +260 microsoft.identitymodel.tokens.saml11.saml11securitytokenhandler.validatetoken(securitytoken token) +520

[securitytokenvalidationexception: id4257: x.509 certificate 'e=user@domain.com, cn=certname, ou=whq, o=csc, l=chantilly, s=virigina, c=us' validation failed token handler.] microsoft.identitymodel.tokens.saml11.saml11securitytokenhandler.validatetoken(securitytoken token) +1358733 microsoft.identitymodel.web.tokenreceiver.authenticatetoken(securitytoken token, boolean ensurebearertoken, string endpointuri) +118 microsoft.identitymodel.web.wsfederationauthenticationmodule.signinwithresponsemessage(httprequest request) +461 microsoft.identitymodel.web.wsfederationauthenticationmodule.onauthenticaterequest(object sender, eventargs args) +1099702 system.web.synceventexecutionstep.system.web.httpapplication.iexecutionstep.execute() +80 system.web.httpapplication.executestep(iexecutionstep step, boolean& completedsynchronously) +171

solution time!

special @gtrig tipping me off real issue behind error.

why error

the error cause result of microsoft security patch (kb2661254) adding restriction certificate validation. patch requires certificate rsa key greater or equal 1024bits. given siteminder.cer contains 512bits rsa key. following link explain issue in detail.

http://blogs.technet.com/b/rmilne/archive/2012/09/03/important-upcoming-certificate-changes.aspx

the solution in detail here. http://support.microsoft.com/kb/2661254

but me adding following regedit key did trick. hkey_local_machine\software\microsoft\cryptography\oid\encodingtype 0\certdllcreatecertificatechainengine\config

minrsapubkeybitlength : decimal 512

to apply registry modification open command prompt (make sure user has admin privileges, else start command prompt administrator mode) , execute

certutil -setreg chain\minrsapubkeybitlength 512

however recommend reading through entire solution above link in depth find unique solution.

important: not recommended approach in client environment may possibly compromise security of server environment.

recommended solution have new certificate created @ least minimum key size of 1024 (although 2048 recommended)


Comments

Post a Comment

Popular posts from this blog

php - mySql Join with 4 tables -

select * web_user e inner join web_audio ce on ce.uid = e.uid inner join web_videos c on c.uid = e.uid inner join web_images d on d.uid = e.uid e.uid = '1' we have scenario have 4 tables , want fetch records on basis of uid web_user table rest of tables fetch records on basis of web_user uid. have 6 records database. returning 8 time. below response of mysql query. uid ufname ulname uemail username upassword uaddress ucity ustate uzipcode uphone uimage usertype ugenre website biography uverifycode featured activate ustatus upaid aid uid a_filename a_uploadname a_genre a_singername a_approve a_price vid uid v_filename v_uploadname v_short_desc v_singername v_approve v_price iid uid upload_file i_approve ========================== 1 muhammad mohsin mohsin@balianti.com mohsin 213123 test addresss 0 1 40100 333-2335-5555 fds_896_autumn-mist.jpg 1 6 null null 202cb962ac59075b964b07152d234b70 1 1 1 1 1 1 asd muhammad_709.mp3 5 asd 0 0.00 1 1 test video muhammad_578.flv ...
Read more

css - Text drops down with smaller window -

i've adapted css use in website , can't quite figure out why 1 aspect of page acting way acting. basically, when shrink window below size horizontally, of text "drops down". becomes issue if user viewing website through ipad vertical orientation. can view issue here . i'm hoping make if window gets smaller, placement of text remains intact. the problem area not have enough space put both side navigation , content on 1 line. make automatically adjust page's width when exceeds decrements of width. this code example, , highly unlikely work. if see css more clearly, provide exact code. @media , (max-width:960px) { /* assuming #wrapper 960px across */ #content {width:560px;} /* opposed 720px */ } edit the content drops down @ 980px, have shrink width after there. @media , (max-width:980px) { #container {width:520px;} }
Read more

c# - DetailsView in ASP.Net - How to add another column on the side/add a control in each row? -

i have detailsview control on page used edit various fields of record, works in respect. i looking way add 1 column (and if works, why not more) right, absolutely read-only, show same fields of record comparison purposes. i aware there no obvious way such thing out of box detailsview . have looked other controls (transposed gridview , recommended formview , listview ), nothing satisfies. have special data binding setup using detailsview , can't out of without losing features. anyone on how "hack in" additional columns (for display only) on detailsview ? the solution have now, use second detailsview , visible set false in aspx. in code, make sure databind hidden detailsview hosts data third column first, initial detailsview named itemdetails . and in item created event, pass third column html rendering of hidden controls (in last code block) : protected void itemdetails_itemcreated(object sender, eventargs e) { if (dataite...
Read more