2

I am getting error when using below line from itfoxtec-identity-saml2 library. When i am on localhost and usin iisexpress, it works with proxy server id,password & port i.e. 127.0.0.0 / port. But when i load the application on companies IIS server [no internet], i get below error return ReadIdPSsoDescriptor(webClient.DownloadString(idPMetadataUrl));

webClient.DownloadString(idPMetadataUrl) is giving below error.

Access Denied (authentication_failed) Your credentials could not be authenticated: "Credentials are missing.". You will not be permitted access until your credentials can be verified.

  1. Why I need internet on the IIS server? & what proxy settings I should provide in prod release which will go on IIS where there is no internet connection.
  2. When loading the application on the IIS server what application pool I should set to the application [.net core 3.1 web-based application which will be hosted on AWS ec2 windows system] & under IIS authorization which mechanism I should select [windows/anonymous ?]. I am currently using SAML so selected anonymously.

Please guide, thanks in advance !!

Girish G
  • 93
  • 7

1 Answers1

1

You have configured to download the IdP metadata online, therefor your server need access to the place where the IdP metadata is hosted. Alternatively, you can download the metadata manually and place it as a file on the server.

Anders Revsgaard
  • 3,636
  • 1
  • 9
  • 25
  • hello Anders, thanks for your inputs. When you say that download metadata manually and place it as a file on server , i have a query 1) Do you mean for each request i should programmatically download and store xml on on specific location of server ? 2) If not, is same meta data always valid for all my request ? Because when i load IDP URL on my browsers , it always give me new values for few attributes for every refresh – Girish G Apr 27 '21 at 06:26
  • One IdP expose one metadata on one endpoint. If an IdP expose multiple metadata’s it should be on multiple endpoints. The ID and time values probably change, but no problem. You need to reload the metadata when the IdP signing certificate change. – Anders Revsgaard Apr 27 '21 at 07:11
  • 1
    ok, thats great point anders. Many thanks & this will for surely solve my issue. – Girish G Apr 27 '21 at 07:19