.net core PEM_read_bio_PUBKEY向Auth0发送签名的SAMLRequest时失败

.net core PEM_read_bio_PUBKEY向Auth0发送签名的SAMLRequest时失败,.net-core,certificate,auth0,itfoxtec-identity-saml2,.net Core,Certificate,Auth0,Itfoxtec Identity Saml2,我试图用Auth0对(ITfoxtec Identity SAML2)SAMLRequests和测试进行签名,但在Auth0端出现以下错误: 无效的\u请求:PEM\u读取\u bio\u公钥失败 我在他们的配置中填写了公钥 { "signatureAlgorithm": "rsa-sha256", "digestAlgorithm": "sha256", "signingCert":

我试图用Auth0对(ITfoxtec Identity SAML2)SAMLRequests和测试进行签名,但在Auth0端出现以下错误:

无效的\u请求:PEM\u读取\u bio\u公钥失败

我在他们的配置中填写了公钥

{
  "signatureAlgorithm": "rsa-sha256",
  "digestAlgorithm": "sha256",
  "signingCert": "-----BEGIN PUBLIC KEY-----\nMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAqt7eddg/N9MgaivTEWif\n...\nnmEbAFKJtjieiwu1JjsMsdUCAwEAAQ==\n-----END PUBLIC KEY-----\n"
}
下面是我如何生成密钥的:

openssl req -x509 -sha256 -newkey rsa:4096 -keyout auth0samlprivate.key -out auth0samlpublic.pem -days 3650 -nodes -subj "/CN=mydomain.com"

# then i generate the public key to fill in the configuration of Auth0
openssl x509 -pubkey -noout -in auth0samlpublic.pem  > auth0samlpublickey.pem

# then I generate the .pfx file to use server side for the private key
openssl pkcs12 -export -out auth0saml.pfx -inkey auth0samlprivate.key -in auth0samlpublic.cer
然后在代码中:

config.SignAuthnRequest = true;
config.SigningCertificate = CertificateUtil.Load("Path/To/auth0saml.pfx", "myPassword");
在浏览器中,我被重定向到包含签名查询参数的正确URL,因此它似乎被正确处理,但Auth0似乎无法读取它


我错过了什么?我不熟悉其中的证书部分。

问题是关于生成的证书

首先,尽管Auth0中的示例使用私钥,但使用证书也可以

以下命令对我很有效:

openssl req -x509 -sha256 -newkey rsa:2048 -keyout auth0samlprivate.pem -out auth0samlpublic.pem -days 3650 -nodes -subj "/CN=thefiftyapp.com"

openssl pkcs12 -export -in auth0samlpublic.pem -inkey auth0samlprivate.pem -out auth0saml.pfx
我认为真正的问题是在不使用命令行的情况下手动将pem文件更改为cer文件

以及Auth0配置:

{
  "signatureAlgorithm": "rsa-sha256",
  "digestAlgorithm": "sha256",
  "signingCert": "-----BEGIN CERTIFICATE-----\nMIIDFTCCAf2gAwIBAgIUXg1jHZ9qRIrtySCsF/bK2JvYxMQwDQYJKoZIhvcNAQEL\n...\n53f63eKJn9PMmyqIYl9/K48ABR3Bf8exfvK4HRudkSU66pQsj8biIxl4MSDMg/6G\naHUZoTBJbJ/sXmoExGpltvFDcNMITfJMKGFCIBO9VnlsJrXdwalSTpxg/9Yi79GD\n5yMXEjicqion8KE0LMsk93LVS92bkujhSg==\n-----END CERTIFICATE-----\n"
}