• Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
    Dedicated community for Japanese speakers
  • 한국 커뮤니티
    Dedicated community for Korean speakers
Exit
0

"Errors found in the certificate" when calling initSAMLAuthRequest()

Community Beginner ,
Mar 29, 2024 Mar 29, 2024

Copy link to clipboard

Copied

I am playing around with the the SAML SP and IdP configurations in CF2021.  I am using CF as both IdP and SP.

When I call initSAMLAuthRequest() I receive the following error:

  • coldfusion.util.KeystoreUtils$CertificateException: Errors found in the certificate at coldfusion.saml.SamlHelper.stringToCert(SamlHelper.java:779)

 

I assume this error is related to the IdP certificate. This certificate is a self-signed certficate that was generated with the following command:

  • openssl req -x509 -newkey rsa:4096 -sha256 -days 3650 \
    -nodes -keyout idp.key -out idp.crt \
    -subj "/C=US/O=IdP Test/OU=SSO/CN=test.internal" \
    -addext "subjectAltName=DNS:test.internal,IP:192.168.1.2"

 

I used the Manual IdP configuration option and pasted the contents of idp.key  into the Signing Certificate box without the ----BEGIN|END PRIVATE KEY----- bits.  It looks like MIIJQg....Tnw==

 

If I leave the -----BEGIN PRIVATE KEY----- bits in there then then I receive an error saying "The input string is not base64 encoded. Cannot decode string '-----BEGIN PRIVATE KEY-----MIIJQg...'"

 

I have not had much luck finding examples of Manual IdP configuration or requirements for certificates. Do I need to import these certificates into the CFAS JKS files?  Is there something missing or wrong with how I am generating this certficate?

 

Any hints?

Views

149

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines

correct answers 1 Correct answer

Community Beginner , Mar 29, 2024 Mar 29, 2024

Answering my own question:

  1. Enter the public certificate in the IdP configuration, not the private key. Whoops.

 

The next issue I encountered was a password incorrect issue when ColdFusion was trying to access the PKCS12/PFX file to get the SAML SP key pair.  This was resolved by updating Java in my docker container from the default 11.0.11 that came with the official adobecoldfusion/coldfusion2021:latest image to the current 11.0.22 downloaded from https://helpx.adobe.com/coldfusion/kb/coldfusion-downloads.html

...

Votes

Translate

Translate
Community Beginner ,
Mar 29, 2024 Mar 29, 2024

Copy link to clipboard

Copied

LATEST

Answering my own question:

  1. Enter the public certificate in the IdP configuration, not the private key. Whoops.

 

The next issue I encountered was a password incorrect issue when ColdFusion was trying to access the PKCS12/PFX file to get the SAML SP key pair.  This was resolved by updating Java in my docker container from the default 11.0.11 that came with the official adobecoldfusion/coldfusion2021:latest image to the current 11.0.22 downloaded from https://helpx.adobe.com/coldfusion/kb/coldfusion-downloads.html.

 

I used the following commands to update my CFAS container:

 

     wget -nc https://cfdownload.adobe.com/pub/adobe/coldfusion/java/java11/java11022/jdk-11.0.22_linux-x64_bin.de...
     docker cp jdk-11.0.22_linux-x64_bin.deb cfas:/opt
     docker exec -itu0 cfas dpkg --install /opt/jdk-11.0.22_linux-x64_bin.deb
     docker exec -itu0 cfas sed -i "/java.home=/c\java.home=/usr/lib/jvm/jdk-11-oracle-x64" /opt/coldfusion/cfusion/bin/jvm.config
     docker exec -itu0 cfas rm /opt/jdk-11.0.22_linux-x64_bin.deb
     docker restart cfas

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Resources
Documentation