I run into an issue sustainsys-saml2 configured with Azure Ad. my web.config looks like this :
<!--SAML-->
<sustainsys.saml2 entityId="https://conquetev2.pre.espacegsf.net/saml2" authenticateRequestSigningBehavior="Always">
<metadata cacheDuration="PT42S" validDuration="7.12:00:00" wantAssertionsSigned="true">
<requestedAttributes>
<add friendlyName="Email" name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" nameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" isRequired="true" />
...
</requestedAttributes>
</metadata>
<identityProviders>
<add entityId="{URL_AZURE[STS]}" loadMetadata="true" metadataLocation="~/App_Data/metadata_pre.xml" allowUnsolicitedAuthnResponse="true" wantAuthnRequestsSigned="true">
</add>
</identityProviders>
<serviceCertificates>
<add findValue="{CertificateName}" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectName" />
</serviceCertificates>
</sustainsys.saml2>
After sign on, it shows this error : The signature verified correctly with the key contained in the signature, but that key is not trusted
- I have tried to manually download the metadata file to see if it is a problem with refresh.
- I have tried to make instead of location of my metadata AppData/metadata_pre url of federation metadata of Azure.
- tried to decompress the metadata that idp provided me and look to public key and public key parameters and compare it with certificate I have generate/install on my machine, they look the same, the provider of course is different.
- I have make loadprofile to true in SSIS
- I have made recycle in application pool
Can you help me please to identify the source of this problem ? I can provide further details if needed.