Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

The data protection operation was unsuccessful

Tags:

okta

kentor-authservices

I'm trying to get the sample MVC application from Kentor AuthServices deployed to Azure and using Okta as the IDP. I've jumped a few hurdles but have stumbled on the CryptographicException "The data protection operation was unsuccessful". I'm unsure how to resolve it.

When this occurs the URL in the browser is https://mysite.azurewebsites.net/AuthServices/Acs

Any assistance is appreciated, thanks.

Below is the kentor section of my web.config. I don't have an identity server so removed all the federation config..

<kentor.authServices entityId="https://mysite.azurewebsites.net/AuthServices"
               returnUrl="https://mysite.azurewebsites.net/"
               authenticateRequestSigningBehavior="Never">
<identityProviders>
  <add entityId="http://www.okta.com/1111111"
       allowUnsolicitedAuthnResponse="true" binding="HttpRedirect" 
       metadataLocation="https://dev-11111.oktapreview.com/app/1111111/sso/saml/metadata"
       loadMetadata="true">
    <signingCertificate fileName="~/App_Data/okta.cert" />
  </add>
</identityProviders>

Let me know if I can provide any further info to assist you in assisting me!

like image 220
Steve Avatar asked Jan 22 '26 16:01

Steve

2 Answers

It was actually an Azure issue as Anders points out. The fix was to add the following to web.config:

<system.identityModel>
    <identityConfiguration>
      <securityTokenHandlers>
        <add type="System.IdentityModel.Services.Tokens.MachineKeySessionSecurityTokenHandler, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
        <remove type="System.IdentityModel.Tokens.SessionSecurityTokenHandler, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
      </securityTokenHandlers>
    </identityConfiguration>
  </system.identityModel>
like image 89
Steve Avatar answered Jan 25 '26 19:01

Steve

Looks like a bug in Kentor.AuthServices. I've recently done some rewriting which makes use of data protection API so something might be wrong there. Please file an issue at the github site and include the stack trace of the exception as well as information on what API module you are using (MVC, HttpModule or OWIN).

like image 44
Anders Abel Avatar answered Jan 25 '26 20:01

Anders Abel
Sign in to Comment

Related questions

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!