asked on September 6, 2023

We are attempting to setup LFDS SAML Authentication with RSA identity provider. When the user clicks on the SAML button and then enters their credentials at the RSA login, then we encounter the following error message:

{"ErrorCode":null,"ShowReturnLink":true,"Error":true,"Message":"The identity provider may not be configured correctly.  Contact your administrator: ID4037: The key needed to verify the signature could not be resolved from the following security key identifier 'SecurityKeyIdentifier\r\n    (\r\n    IsReadOnly = False,\r\n    Count = 1,\r\n    Clause[0] = System.IdentityModel.Tokens.Saml2SecurityKeyIdentifierClause\r\n    )\r\n'. Ensure that the SecurityTokenResolver is populated with the required key."}

This is regardless of whether we are using Web Client or Forms to login. Below is the corresponding error in the event viewer:

Laserfiche.IdentityModel.UnknownIdentityProviderErrorException ---> Laserfiche.LicenseManager.LMO.LMOException: ID4037: The key needed to verify the signature could not be resolved from the following security key identifier 'SecurityKeyIdentifier
    (
    IsReadOnly = False,
    Count = 1,
    Clause[0] = System.IdentityModel.Tokens.Saml2SecurityKeyIdentifierClause
    )
'. Ensure that the SecurityTokenResolver is populated with the required key.
   at Laserfiche.LicenseManager.LMO.SessionTokenFactory.Login(Database database, String xmlRST, Dictionary`2 paramBag)
   at Laserfiche.IdentityModel.LFDSIdentityService.GetBearerToken(Dictionary`2 loginParameters)
   --- End of inner exception stack trace ---
   at Laserfiche.IdentityModel.LFDSIdentityService.ConvertLmoException(LMOException ex)
   at Laserfiche.IdentityModel.LFDSIdentityService.GetBearerToken(Dictionary`2 loginParameters)
   at WebSTS.LFDS.Services.Login.LFDSLoginManager.ProcessSamlpResponse(String samlResponse, Boolean isPublicComputer)
   at WebSTS.LFDS.Controllers.FederationController.FederatedLogin()

Any ideas on how to tackle this issue?

0 0