SustainSys has been working for webforms, ASP.NET MVC on .NET 4.8, and ASP.NET Core on one server for a while.
I want to move the apps to some other servers using the same certificate. I was able to get the ASP.NET Core ones working. I only changed 2 of these values in appsettings.json:
"Saml": {
"SPEntityId": "newurl",
"IDPEntityId": "nochange",
"MetadataUrl": "new appid changed only"
}
For ASP.NET MVC on .NET 4.8, I'm getting this error:
The signature verified correctly with the key contained in the signature, but that key is not trusted
I changed these values in web.config:
<sustainsys.saml2 entityId="newurl" returnUrl="newurl/Saml2/Acs">
<federations>
<add metadataLocation="new appid changed only" allowUnsolicitedAuthnResponse="true" />
</federations>
</sustainsys.saml2>
I used a SAML tracer extension and noticed a difference in the calls to the login URL.
- First call is to the URL and returns a 302, which is expected.
- Second call goes to url/Saml2/SignIn?ReturnUrl=%2fendofUrlname
The second call shows this in the tracer:
Upgrade-Insecure-Requests: 1
When I run this on the old server which works, I'm not getting Upgrade-Insecure-Requests on that call.
Do you know what settings I should change to get ASP.NET MVC on .NET 4.8 to work?
