• Replies 2 replies
  • Subscribers 136 subscribers
  • Views 392 views
  • Users 0 members are here
Options
Related

Tridion Docs 14.2 STS setup

Akheil Jain

Hi All, we are moving our Tridion Docs 14 auth from ADFS to STS and are running into an issue with "Bad Key". We validated at the cert can encrypt and decrypt tokens, so not sure what we are missing. Here is the detailed error. TIA.

11:45:30.4026	Debug	11	00015	a:UC:Admin	/ISHSTS/account/signin	Trisoft.InfoShare.API25.User.GetMyMetadata()		[MethodEnter(00082)]	
11:45:30.5475	Debug	11	00015	a:UC:Admin	/ISHSTS/account/signin	Trisoft.InfoShare.API25.User.GetMyMetadata()		[MethodExit(00082)]	144.8805ms
11:45:30.5726	Error	11	00015	a:UC:Admin	/ISHSTS/account/signin	Trisoft.Utilities.Logging.Web.Modules.ErrorModule.OnContextError	(httpStatusCode=[null],statusCode=[null],urlReferer=[null])	[]	
11:45:30.5726	Error	11	00015	a:UC:Admin	/ISHSTS/account/signin	Trisoft.Utilities.Logging.Web.Modules.ErrorModule.OnContextError		[]	
System.Security.Cryptography.CryptographicException: Bad Key.

   at System.Security.Cryptography.CryptographicException.ThrowCryptographicException(Int32 hr)
   at System.Security.Cryptography.RSACryptoServiceProvider.EncryptKey(SafeKeyHandle pKeyContext, Byte[] pbKey, Int32 cbKey, Boolean fOAEP, ObjectHandleOnStack ohRetEncryptedKey)
   at System.Security.Cryptography.RSACryptoServiceProvider.Encrypt(Byte[] rgb, Boolean fOAEP)
   at System.Security.Cryptography.CngLightup.OaepSha1Encrypt(RSA rsa, Byte[] data)
   at System.IdentityModel.RsaEncryptionCookieTransform.Encode(Byte[] value)
   at System.IdentityModel.Tokens.SessionSecurityTokenHandler.ApplyTransforms(Byte[] cookie, Boolean outbound)
   at System.IdentityModel.Tokens.SessionSecurityTokenHandler.WriteToken(XmlWriter writer, SecurityToken token)
   at System.IdentityModel.Tokens.SessionSecurityTokenHandler.WriteToken(SessionSecurityToken sessionToken)
   at System.IdentityModel.Services.SessionAuthenticationModule.WriteSessionTokenToCookie(SessionSecurityToken sessionToken)
   at Thinktecture.IdentityServer.Protocols.AuthenticationHelper.SetSessionToken(String userName, String authenticationMethod, Boolean isPersistent, Int32 ttl, IEnumerable`1 additionalClaims)
   at Thinktecture.IdentityServer.Protocols.AccountControllerBase.SignIn(String userName, String authenticationMethod, String returnUrl, Boolean isPersistent, Int32 ttl, IEnumerable`1 additionalClaims)
   at Thinktecture.IdentityServer.Web.Controllers.AccountController.SignIn(SignInModel model)
   at lambda_method(Closure , ControllerBase , Object[] )
   at System.Web.Mvc.ActionMethodDispatcher.Execute(ControllerBase controller, Object[] parameters)
   at System.Web.Mvc.ReflectedActionDescriptor.Execute(ControllerContext controllerContext, IDictionary`2 parameters)
   at System.Web.Mvc.ControllerActionInvoker.InvokeActionMethod(ControllerContext controllerContext, ActionDescriptor actionDescriptor, IDictionary`2 parameters)
   at System.Web.Mvc.Async.AsyncControllerActionInvoker.<>c.<BeginInvokeSynchronousActionMethod>b__9_0(IAsyncResult asyncResult, ActionInvocation innerInvokeState)
   at System.Web.Mvc.Async.AsyncResultWrapper.WrappedAsyncResult`2.CallEndDelegate(IAsyncResult asyncResult)
   at System.Web.Mvc.Async.AsyncResultWrapper.WrappedAsyncResultBase`1.End()
   at System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeActionMethod(IAsyncResult asyncResult)
   at System.Web.Mvc.Async.AsyncControllerActionInvoker.AsyncInvocationWithFilters.<>c__DisplayClass11_0.<InvokeActionMethodFilterAsynchronouslyRecursive>b__0()
   at System.Web.Mvc.Async.AsyncControllerActionInvoker.AsyncInvocationWithFilters.<>c__DisplayClass11_2.<InvokeActionMethodFilterAsynchronouslyRecursive>b__2()
   at System.Web.Mvc.Async.AsyncControllerActionInvoker.AsyncInvocationWithFilters.<>c__DisplayClass11_2.<InvokeActionMethodFilterAsynchronouslyRecursive>b__2()
   at System.Web.Mvc.Async.AsyncControllerActionInvoker.AsyncInvocationWithFilters.<>c__DisplayClass11_2.<InvokeActionMethodFilterAsynchronouslyRecursive>b__2()
   at System.Web.Mvc.Async.AsyncControllerActionInvoker.AsyncInvocationWithFilters.<>c__DisplayClass11_2.<InvokeActionMethodFilterAsynchronouslyRecursive>b__2()
   at System.Web.Mvc.Async.AsyncControllerActionInvoker.AsyncInvocationWithFilters.<>c__DisplayClass11_2.<InvokeActionMethodFilterAsynchronouslyRecursive>b__2()
   at System.Web.Mvc.Async.AsyncControllerActionInvoker.<>c__DisplayClass7_0.<BeginInvokeActionMethodWithFilters>b__1(IAsyncResult asyncResult)
   at System.Web.Mvc.Async.AsyncResultWrapper.WrappedAsyncResult`1.CallEndDelegate(IAsyncResult asyncResult)
   at System.Web.Mvc.Async.AsyncResultWrapper.WrappedAsyncResultBase`1.End()
   at System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeActionMethodWithFilters(IAsyncResult asyncResult)
   at System.Web.Mvc.Async.AsyncControllerActionInvoker.<>c__DisplayClass3_6.<BeginInvokeAction>b__4()
   at System.Web.Mvc.Async.AsyncControllerActionInvoker.<>c__DisplayClass3_1.<BeginInvokeAction>b__1(IAsyncResult asyncResult)
   at System.Web.Mvc.Async.AsyncResultWrapper.WrappedAsyncResult`1.CallEndDelegate(IAsyncResult asyncResult)
   at System.Web.Mvc.Async.AsyncResultWrapper.WrappedAsyncResultBase`1.End()
   at System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeAction(IAsyncResult asyncResult)
   at System.Web.Mvc.Controller.<>c.<BeginExecuteCore>b__152_1(IAsyncResult asyncResult, ExecuteCoreState innerState)
   at System.Web.Mvc.Async.AsyncResultWrapper.WrappedAsyncVoid`1.CallEndDelegate(IAsyncResult asyncResult)
   at System.Web.Mvc.Async.AsyncResultWrapper.WrappedAsyncResultBase`1.End()
   at System.Web.Mvc.Controller.EndExecuteCore(IAsyncResult asyncResult)
   at System.Web.Mvc.Controller.<>c.<BeginExecute>b__151_2(IAsyncResult asyncResult, Controller controller)
   at System.Web.Mvc.Async.AsyncResultWrapper.WrappedAsyncVoid`1.CallEndDelegate(IAsyncResult asyncResult)
   at System.Web.Mvc.Async.AsyncResultWrapper.WrappedAsyncResultBase`1.End()
   at System.Web.Mvc.Controller.EndExecute(IAsyncResult asyncResult)
   at System.Web.Mvc.Controller.System.Web.Mvc.Async.IAsyncController.EndExecute(IAsyncResult asyncResult)
   at System.Web.Mvc.MvcHandler.<>c.<BeginProcessRequest>b__20_1(IAsyncResult asyncResult, ProcessRequestState innerState)
   at System.Web.Mvc.Async.AsyncResultWrapper.WrappedAsyncVoid`1.CallEndDelegate(IAsyncResult asyncResult)
   at System.Web.Mvc.Async.AsyncResultWrapper.WrappedAsyncResultBase`1.End()
   at System.Web.Mvc.MvcHandler.EndProcessRequest(IAsyncResult asyncResult)
   at System.Web.Mvc.MvcHandler.System.Web.IHttpAsyncHandler.EndProcessRequest(IAsyncResult result)
   at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
   at System.Web.HttpApplication.ExecuteStepImpl(IExecutionStep step)
   at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
HttpApplication.RecordError => HttpApplication.RaiseOnError => ErrorModule.OnContextError
emoji
Rate translation
×
Suggest better translation
×
Parents

  • Hi Akheil

    Not sure if this is the issue but in your web.config file, did you update the thumbprint value under the “TrustedIssuers” section?

    • If you are using ADFS, this should be the thumbprint of the certificate used by the ADFS server to sign tokens.
    • If you are using a Security Token Service (STS) hosted on the Tridion Docs server, the thumbprint should correspond to the certificate bound to port 443 on that server.

     

    This thumbprint should match the one specified earlier in the “serviceCertificate” element of the same web.config file.
    emoji
Reply

  • Hi Akheil

    Not sure if this is the issue but in your web.config file, did you update the thumbprint value under the “TrustedIssuers” section?

    • If you are using ADFS, this should be the thumbprint of the certificate used by the ADFS server to sign tokens.
    • If you are using a Security Token Service (STS) hosted on the Tridion Docs server, the thumbprint should correspond to the certificate bound to port 443 on that server.

     

    This thumbprint should match the one specified earlier in the “serviceCertificate” element of the same web.config file.
    emoji
Children
No Data