ERR_OSSL_PEM_BAD_BASE64_DECODE / Okta #700
Replies: 5 comments 1 reply
-
|
Please close or delete. Not sure what changed but now appears to be working. |
Beta Was this translation helpful? Give feedback.
-
|
Problem still exists. It occurs when I try to SSO from my application. It works if I am in Okta and click on the app button to my application. |
Beta Was this translation helpful? Give feedback.
-
|
If I manually follow the configured entry point it works as expected. So the cert is correct, the entry point is correct. So it is at the very beginning of the password-saml implementation that it is failing. |
Beta Was this translation helpful? Give feedback.
-
|
@MarkusRissmann you provided following stack trace / context:
i.e. this line: passport-saml/src/node-saml/saml.ts Line 230 in 6ba76ba implicates that you have provided value to privateKey
My guess is that your first problem is that whatever value you have provided to You wrote that you have configured
Your second problem shall be that once you have configured proper You probably meant Related to your environment:
Third problem is that you are still using EOLed nodejs version (nodejs 12 reached end of life 30 April 2022). |
Beta Was this translation helpful? Give feedback.
-
|
Thanks much, I will review everything. Some of the items here were hand typed and not copied from code (shaw1, too many late nights). I am betting that it is the private key. I will get back to you. We are using sha256. |
Beta Was this translation helpful? Give feedback.
-
|
Confirmed. It was my issue. Thanks for your patience in helping me figure this out. |
Beta Was this translation helpful? Give feedback.
-
I have created a new account in Okta saml 2.0/ shaw1.
Downloaded the cert, removed the line endings (validated that it is still valid) and added it to my environment variables.
I am getting the following error:
context: {
exception: Error: error:09091064:PEM routines:PEM_read_bio_ex:bad base64 decode
at Sign.sign (internal/crypto/sig.js:103:29)
at SAML.signRequest (/www/myapp/AuthApi/node_modules/passport-saml/src/node-saml/saml.ts:230:36)
at SAML._requestToUrlAsync (/www/myapp/AuthApi/node_modules/passport-saml/src/node-saml/saml.ts:477:12)
at processTicksAndRejections (internal/process/task_queues.js:97:5)
at SAML.getAuthorizeUrlAsync (/www/myapp/AuthApi/node_modules/passport-saml/src/node-saml/saml.ts:530:12)
at login-request (/www/myapp/AuthApi/node_modules/passport-saml/src/passport-saml/strategy.ts:139:29) {
library: 'PEM routines',
function: 'PEM_read_bio_ex',
reason: 'bad base64 decode',
code: 'ERR_OSSL_PEM_BAD_BASE64_DECODE'
}
export class SamlStrategy extends PassportStrategy(Strategy) {
constructor(
) {
super({
entryPoint: 'http://xxx.okta.com/app',
issuer: 'http://www.okta.com/xxx',
cert: 'cert is here',
callbackUrl: 'https://authentication-xxx.xxx.com/api/auth/saml/callback)
digestAlgorithm: 'shaw1',
signatureAlgorithm: 'shaw1',
});
}
passport-samlversion: 3.2.1I am using nestjs/typescript.
Beta Was this translation helpful? Give feedback.
All reactions