04-19-2018 10:06 AM
We are currently evaluating the Identity Provider Server for providing SAML authentication for Onbase. I have gotten pretty far in the setup and I was getting ready to generate metadata so that our shibboleth server admins could configure our service provider for use with our shibboleth server. However when I go to generate metadata xml (http://[IdP_Root_Path]/[tenant]/[user_pop]/[provider]/metadata) I receive an error that says Value cannot be null. Parameter name: certificate
I've double-checked my x509 certificate settings and have tried few things that first-line-of-support recommended but so far I haven't gotten it to work - has anyone had success with this and if so would you mind sharing what procedure you went through to generate certificates and how you stored them?
04-19-2018 10:22 AM
Hi Jim,
Thank you for posting your question to Community.
Do the X509 certificates you are using have the following Key Usage values?
- Digital Signature
- Key Encipherment
You can find this information on the "Details" tab of the certificate.
Also, does the account running your Application Pool for the IdP have READ access to the Private Key that corresponds to the certificates you are using?
Edit for visibility:
Open the IDP web.config file in Notepad++ and change the Encoding to ANSI and see if there are any Unicode looking characters in your "findValue" fields that reference the certificate thumbprints. If so remove them and recycle the AppPool and try again.
04-20-2018 07:17 AM
Find what you came for
We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.