Troubleshooting

This article provides troubleshooting tips and guidance if you encounter problems while using SAML.

Can’t open Metadata.aspx

The browser is empty or shows an XML error:

06.12.2023 09:15:59:913 - ERROR [3 ] Global.Application_Start: System.Security.Cryptography.CryptographicException: Unspecified error

   at System.Security.Cryptography.CryptographicException.ThrowCryptographicException(Int32 hr)
   at System.Security.Cryptography.X509Certificates.X509Utils._QueryCertFileType(String fileName)
   at System.Security.Cryptography.X509Certificates.X509Certificate.LoadCertificateFromFile(String fileName, Object password, X509KeyStorageFlags keyStorageFlags)
   at System.Security.Cryptography.X509Certificates.X509Certificate2..ctor(String fileName, String password, X509KeyStorageFlags keyStorageFlags)
   at SamlLogin.Global.LoadCertificate(String cacheKey, String fileName, String password)
   at SamlLogin.Global.Application_Start(Object sender, EventArgs e)
06.12.2023 09:16:00:319 - ERROR [3 ] Metadata.Page_Load: Unhandled Exception in Metadata.Page_Load! Exception: System.Security.Cryptography.CryptographicException: Unspecified error

   at System.Security.Cryptography.CryptographicException.ThrowCryptographicException(Int32 hr)
   at System.Security.Cryptography.X509Certificates.X509Utils._QueryCertFileType(String fileName)
   at System.Security.Cryptography.X509Certificates.X509Certificate.LoadCertificateFromFile(String fileName, Object password, X509KeyStorageFlags keyStorageFlags)
   at System.Security.Cryptography.X509Certificates.X509Certificate2..ctor(String fileName, String password, X509KeyStorageFlags keyStorageFlags)
   at SamlLogin.MetadataGenerator.CreateSpMetadata(String rootPath, String bindingUri)
   at SamlLogin.Metadata.Page_Load(Object sender, EventArgs e).

In this case, the created Grassfish certificate is not correct. To fix this, check the certificate or create a certificate again.

Server error

You get a server error or “Could not load file or assembly ‘BusinessObjects’ …”:

In this case, the 32-bit application mode is not set correctly. Go to the advanced settings in the IIS application pool and set the 32-bit applications to true.

File or directory not found

The file or directory can’t be found.

In this case, the application path .NET CLR version is not set correctly. To fix this, set the correct version.

Can’t login via Login.aspx

You can’t login via Login.aspx.

In this case, the first name, last name, email address, or user name is incorrect. To fix this, adjust the master.config file settings with the <Attribute name="" provided in the SAML response in the log file or SAML-tracer.

Application with identifier was not found

You get an error with the information that the “Application with identifier ‘…’ was not found…”. In this case, the EntityId could be wrong.

To check this, open the path to the metadata file. For example:

The entityId in the metadata file must be exactly the same as the path to the Metadata.aspx site. In the sample screenshot above, this is incorrect.

To set this value correctly, open your master.config file and update the following line in the SAML section:

<add key="ServiceProviderEntityID" value="https://<IXM-Platform-URL>/gv2/webservices/SamlLogin/"/>

After recycling the application pool, open the Metadata.aspx site again and check the entityId. In the sample screenshot below, it now ends with a slash which is correct.  

Save this metadata file and provide it to the identity provider. The identity provider must upload the metadata file again.