This project is read-only.

Getting a TypeInitializationException when accessing the Metadata.ashx handler

Feb 3, 2016 at 9:32 PM
Hi,

I've configured the SAML2 lib in my web project and I am trying to federate authentication with the enterprise' SiteMinder IdP.

I got the certificate CER file from the IdP folks, and imported to my local machine cert store. Then, once I added the SAML2 DLL reference to the web project, I configured the web.config with the custom config section, handlers, and the saml element per documentation as below:
<saml2>
    <allowedAudienceUris>
      <audience uri="urn:MyAwesomeSP" />
    </allowedAudienceUris>
    <serviceProvider id="urn:MyAwesomeSP" server="https://MYAPPURLHERE/">
      <signingCertificate findValue="SOMEVALUEHEREFROMCERT" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySerialNumber" />
      <endpoints>
        <endpoint localPath="Login.ashx" type="SignOn" redirectUrl="/" />
        <endpoint localPath="Logout.ashx" type="Logout" redirectUrl="/Logout.aspx" />
        <endpoint localPath="Metadata.ashx" type="Metadata" />
      </endpoints>
    </serviceProvider>
    <identityProviders metadata="Metadata">
      <add id="SiteMinder" default="true">
        <endpoints>
          <endpoint type="SignOn" url="https://Url/Provided/By/SiteMinder/foo.aspx" />
          <endpoint type="Logout" url="https://Url/Provided/By/SiteMinder/foo.aspx" />
        </endpoints>
      </add>
    </identityProviders>
  </saml2>
However, when I run the app and try to browse to the /Metadata.ashx handler URL, I get a yellow screen of death with the following stack trace.

Do you have any ideas what could be causing this?

[NullReferenceException: Object reference not set to an instance of an object.]
   SAML2.Logging.LoggerProvider.LoggerFor(Type type) +54
   SAML2.Config.IdentityProviderCollection.ParseFile(String file) +597
   SAML2.Config.IdentityProviderCollection.Refresh() +1373
   SAML2.Config.Saml2Config.GetConfig() +271
   SAML2.Logging.LoggerProvider..cctor() +49

[TypeInitializationException: The type initializer for 'SAML2.Logging.LoggerProvider' threw an exception.]
   SAML2.Logging.LoggerProvider.LoggerFor(Type type) +0
   SAML2.Protocol.AbstractEndpointHandler..cctor() +76

[TypeInitializationException: The type initializer for 'SAML2.Protocol.AbstractEndpointHandler' threw an exception.]
   SAML2.Protocol.AbstractEndpointHandler..ctor() +0
   SAML2.Protocol.Saml20MetadataHandler..ctor() +29

[TargetInvocationException: Exception has been thrown by the target of an invocation.]
   System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandleInternal& ctor, Boolean& bNeedSecurityCheck) +0
   System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean skipCheckThis, Boolean fillCache, StackCrawlMark& stackMark) +113
   System.RuntimeType.CreateInstanceDefaultCtor(Boolean publicOnly, Boolean skipCheckThis, Boolean fillCache, StackCrawlMark& stackMark) +232
   System.Activator.CreateInstance(Type type, Boolean nonPublic) +83
   System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes, StackCrawlMark& stackMark) +1122
   System.Activator.CreateInstance(Type type, BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes) +128
   System.Activator.CreateInstance(Type type, BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture) +18
   System.Web.HttpRuntime.CreateNonPublicInstance(Type type, Object[] args) +60
   System.Web.Configuration.HandlerFactoryCache..ctor(String type) +46
   System.Web.HttpApplication.GetFactory(String type) +86
   System.Web.MaterializeHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +262
   System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +155
Feb 4, 2016 at 12:20 AM
Never mind....

found the issue - a coworker had forked this project and tweaked the metadata parsing because he was working with a project that got a "less than standard" XML schema for the metadata. He'd added some extra logging with NLog, and when I just took his forked DLL and added as a lib reference in my project, i didn't have NLog configured.

I've reverted to using the Nuget package for this project and it got me further along....

but now I need to get the SiteMinder team to provide a PFX not a CER file so I can import and have access to the private key - which may be another battle to fight :)
Marked as answer by tafs7 on 2/3/2016 at 4:20 PM
Feb 4, 2016 at 8:14 PM
Looks like it has problems reading the metadata file that they sent you. Off the top of my head, a few suggestions: 1. Are you sure you are pointing to a DIRECTORY containing the metadata file, and not an actual file? 2. Looks like you are adding a site
by an ID that doesn't match a URI scheme. The original SAML specification says that an entityId shall be a URI (https://docs.oasis-open.org/security/saml/v2.0/saml-metadata-2.0-os.pdf section 2.2.1), and the parser for metadata documents follows that specification.
I'm just guessing here, since you added the identityProvider as "SiteMinder", that maybe the metadata document they sent you doesn't follow that?