ITfoxtec No RSA Private Key present in Signing Certificate

Question

I've already read this related post and if it answers the question, I don't understand it.

I'm trying to use this code to login to redirect the client to the login provider - it's pretty much the boilerplate from the samples:

public IActionResult RedirectToLogin(LoginInfo loginInfo)
{
    var binding = new Saml2RedirectBinding();

    var roundTripInfo = new Dictionary<string, string>
    {
        // some stuff
    };

    binding.SetRelayStateQuery(roundTripInfo);

    return binding.Bind(new Saml2AuthnRequest(config)).ToActionResult();
}

but the .Bind method is throwing this exception:

No RSA Private Key present in Signing Certificate or missing private key read credentials.

I am using a .cer file provided by the Azure Active Directory I'm trying to access - why would it need a private key?

EDIT - Appsettings

I checked my appsettings it doesn't even contain the SigningCertificateFile or SigningCertificatePassword properties, but I am still getting the error:

"Saml2": {
    "CertificateValidationMode": "None", // or "ChainTrust"
    "IdPMetadata": "...[redacted]...",
    "Issuer": "...[redacted]...",
    "RevocationMode": "NoCheck",
    "SignatureAlgorithm": "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256",
},

Answer 1

A .cer file do not contain a private key. But you do not need a private key to do login in Azure, it is only required by the ITfoxtec Identity SAML library to do logout.

You can remove the signing certificate configuration and the error will disappear in your login method.

From the sample, remove:

"SigningCertificateFile": "itfoxtec.identity.saml2.testwebappcore_Certificate.pfx",
"SigningCertificatePassword": "!QAZ2wsx",

EDITED

The exception is thrown in Saml2Binding.cs line 56 and only if Config.SigningCertificate != null. The signing certificate must be set in some way.