Single sign-on Authentication Using Azure Ad

Where are you getting the certificate from? Is it from trusted authority?

Hi Juraj Thanks for the response

we are following this documentation for generating the X509 thumbprint certificate and we are using this

https://devnet.kentico.com/articles/integrate-azure-active-directory-with-kentico

we are getting this error when using certificate validator as Peer trust

error as The X.509 certificate CN=accounts.accesscontrol.windows.net is not in the trusted people store.

That article is just a proof of concept. I would recommend using Google to search for the untrusted certificate error - there are many discussions and articles on this topic. This is not related to Kentico.

Hi Juraj

Thanks for the response

As we are using the Trusted Certificate which is Licenced and this certificate Is also available in the Manage Computer Certificate --> Trusted People

But we are getting this error as The X.509 certificate CN=accounts.accesscontrol.windows.net chain building failed. The certificate that was used has a trust chain that cannot be verified. Replace the certificate or change the certificateValidationMode. A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.

Can you please suggest us which certificate needs to be imported and where.

Hi Juraj

Thanks For the Response

This is the process we are Currently following to Use Single sign-on Authentication using Azure Ad Claims Based authentication from Kentico settings

The certificate which we are using is secured And Licenced it is Present in the Manage Computer Certificate --> Trusted People

Claims Based Authentication Process We Are following:

identity provider url: https://login.microsoftonline.com/clientid/wsfed --> clientId we have generated through azure portal

Security Realm : https://example.portal.com/

Allowed Audience Url : https://example.portal.com/

Trusted Certificate Thumb Print:

For Generating thumb print we are following this process 1.https://login.microsoftonline.com/clientid/federationmetadata/2007-06/federationmetadata.xml --> pasting this url in the browser and by using Saml Tool we are trying to generate the thumb print this thumb print we are using in this path Trusted Certificate Thumb Print

        (or)

Do we need to use the Thumb Print From the certificate Configuration

Certificate Validator : Chain trust (Under Manage Computer Certificate--> Trust People ,so using this as referred from kentico documentation https://docs.kentico.com/k10/managing-users/user-registration-and-authentication/claims-based-authentication)

`when we use this we are getting this error:` Certificate Validator as : Chain Trust

The X.509 certificate CN=accounts.accesscontrol.windows.net is not in the trusted people store. The X.509 certificate CN=accounts.accesscontrol.windows.net chain building failed. The certificate that was used has a trust chain that cannot be verified. Replace the certificate or change the certificateValidationMode. A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.

When Checked with Certificate Validator as : None

getting this error

IssuerNameRegistry.GetIssuerName]: Untrusted certificate.

When Checked with Certificate Validator as : Peer Trust

getting this error

The X.509 certificate CN=accounts.accesscontrol.windows.net is not in the trusted people store.

Can You please suggest where we  are getting wrong and which certificate needs to be imported and where. 

Well, this error is not from Kentico. Have you tried searching online and e.g. tried any of the suggestions from Stackoverflow or other community portals? I would also reach out to the certificate issuer and check this with them. This does not sound to be a Kentico issue.

Hi Juraj

Thanks for the response

Please need your suggestion regarding which certificate do we need to use to have Single sign-on Authentication using Azure Ad for kentico claims based Authentication is it from Azure or any other?