Hi Juraj
Thanks For the Response
This is the process we are Currently following to Use Single sign-on Authentication using Azure Ad Claims Based authentication from Kentico settings
The certificate which we are using is secured And Licenced it is Present in the Manage Computer Certificate --> Trusted People
Claims Based Authentication Process We Are following:
identity provider url
: https://login.microsoftonline.com/clientid/wsfed --> clientId we have generated through azure portal
Security Realm
: https://example.portal.com/
Allowed Audience Url
: https://example.portal.com/
Trusted Certificate Thumb Print
:
For Generating thumb print we are following this process
1.https://login.microsoftonline.com/clientid/federationmetadata/2007-06/federationmetadata.xml --> pasting this url in the browser and by using Saml Tool we are trying to generate the thumb print this thumb print we are using in this path Trusted Certificate Thumb Print
(or)
Do we need to use the Thumb Print From the certificate Configuration
Certificate Validator : Chain trust (Under Manage Computer Certificate--> Trust People ,so using this as referred from kentico documentation https://docs.kentico.com/k10/managing-users/user-registration-and-authentication/claims-based-authentication)
`when we use this we are getting this error:` Certificate Validator as : Chain Trust
The X.509 certificate CN=accounts.accesscontrol.windows.net is not in the trusted people store. The X.509 certificate CN=accounts.accesscontrol.windows.net chain building failed. The certificate that was used has a trust chain that cannot be verified. Replace the certificate or change the certificateValidationMode. A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
When Checked with Certificate Validator as : None
getting this error
IssuerNameRegistry.GetIssuerName]: Untrusted certificate.
When Checked with Certificate Validator as : Peer Trust
getting this error
The X.509 certificate CN=accounts.accesscontrol.windows.net is not in the trusted people store.
Can You please suggest where we are getting wrong and which certificate needs to be imported and where.