This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Identity Provider Server - SAML - Have you been able to generate metadata successfully?

Go to answer
Jim_Baad
Star Collaborator
Star Collaborator

‎04-19-2018 10:06 AM

We are currently evaluating the Identity Provider Server for providing SAML authentication for Onbase.  I have gotten pretty far in the setup and I was getting ready to generate metadata so that our shibboleth server admins could configure our service provider for use with our shibboleth server.  However when I go to generate metadata xml (http://[IdP_Root_Path]/[tenant]/[user_pop]/[provider]/metadata)  I receive an error that says Value cannot be null. Parameter name: certificate  

I've double-checked my x509 certificate settings and have tried few things that first-line-of-support recommended but so far I haven't gotten it to work - has anyone had success with this and if so would you mind sharing what procedure you went through to generate certificates and how you stored them?

Labels:
0 Kudos
1 ACCEPTED ANSWER

Go to answer
Chad_Yarmock
Confirmed Champ
Confirmed Champ

‎04-19-2018 10:22 AM

Hi Jim,

Thank you for posting your question to Community.

Do the X509 certificates you are using have the following Key Usage values?

- Digital Signature
- Key Encipherment

You can find this information on the "Details" tab of the certificate.

Also, does the account running your Application Pool for the IdP have READ access to the Private Key that corresponds to the certificates you are using?

Edit for visibility:

Open the IDP web.config file in Notepad++ and change the Encoding to ANSI and see if there are any Unicode looking characters in your "findValue" fields that reference the certificate thumbprints. If so remove them and recycle the AppPool and try again.

View answer in original post

0 Kudos
5 REPLIES 5

Go to answer
Chad_Yarmock
Confirmed Champ
Confirmed Champ

‎04-19-2018 10:22 AM

Hi Jim,

Thank you for posting your question to Community.

Do the X509 certificates you are using have the following Key Usage values?

- Digital Signature
- Key Encipherment

You can find this information on the "Details" tab of the certificate.

Also, does the account running your Application Pool for the IdP have READ access to the Private Key that corresponds to the certificates you are using?

Edit for visibility:

Open the IDP web.config file in Notepad++ and change the Encoding to ANSI and see if there are any Unicode looking characters in your "findValue" fields that reference the certificate thumbprints. If so remove them and recycle the AppPool and try again.

0 Kudos

Go to answer
Jim_Baad
Star Collaborator
Star Collaborator
In response to Chad_Yarmock

‎04-19-2018 10:33 AM

Chad are you referring to the Enhanced key usage property?
0 Kudos

Go to answer
Jim_Baad
Star Collaborator
Star Collaborator
In response to Chad_Yarmock

‎04-19-2018 11:12 AM

Chad - I was able to generate a new certificate that has the following for Key Usage: Digital Signature, Key Encipherment (a0). I referenced this certificate for both my signing and encryption certificate and I am still receiving the same error - also I have ensured the app pool user has read rights to the private key.

0 Kudos

Go to answer
Chad_Yarmock
Confirmed Champ
Confirmed Champ
In response to Chad_Yarmock

‎04-20-2018 06:45 AM

Hi Jim,

One other thing that came to mind after I initially replied.. Can you open your IDP web.config file in Notepad++ and change the Encoding to ANSI and see if there are any Unicode looking characters in your "findValue" fields that reference the certificate thumbprints. If so remove them and recycle the AppPool and try again.
0 Kudos
Getting started

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2024 Khoros, LLC