Path to certificate

socialink
(@socialink)

1 week ago

We have one other question here – we’ve uploaded the x509 Certificate Path (public key) to our WP base path (so its at https://oursite.org/sso-signing.pem. However we keep getting errors on the wp-login page that indicate ‘idp_cert_or_fingerprint_not_found_and_required’. We’ve tried the following in the x509 Certificate Path field:

ABSPATH/sso-signing.pem

ABSPATH . ‘sso-signing.pem’

Simply ABSPATH

All seem to generate the same error. We’ve even tried a URL there (https://publicuniversity.org/sso-signing.phm). Can you assist please with the correct format? Thanks.

Viewing 5 replies - 1 through 5 (of 5 total)

Plugin Contributor Anais Pantheor
(@anaispantheor)

1 week ago

Hi @socialink,

The “x509 Certificate” field expects the certificate content (the base64-encoded string), not a file path or URL.

Open your sso-signing.pem file in a text editor — it will look something like this:

-----BEGIN CERTIFICATE----- MIIDpDCCAoygAwIBAgIGAX… (many lines of base64 text) … -----END CERTIFICATE-----

Copy everything between the BEGIN and END lines (without those lines themselves) and paste that into the x509 Certificate field.

Your IdP (Duo) should also provide this certificate in their SAML metadata or admin panel if you don’t have the file handy.

Also, version 2.3.2 has been released with security fixes for vulnerabilities in the robrichards/xmlseclibs and onelogin/php-saml dependencies.
Please update when you get a chance.

Hope this helps!

Thread Starter socialink
(@socialink)

1 week ago

Thanks all! So to confirm, the *x509 Certificate Path* field expects the content of the cert, or the field titled Certificate Fingerprint has that key content, and leave Path empty? Please see screenshot:

https://i.postimg.cc/Dy4vbFNK/image.png

When I put it into the Cert Fingerprint field (not the Path field) per your instructions (eg between the BEGIN and END key), and I do the login (correctly) I get the following error:

https://i.postimg.cc/Bv8YsSQX/image.png

Thread Starter socialink
(@socialink)

1 day, 11 hours ago

Hi friends just wanted to follow up to see if there was a solution to this very last question. Thank you again for all your assistance on this plugin so far.
Plugin Contributor Anais Pantheor
(@anaispantheor)

11 hours, 10 minutes ago
Hi @socialink,

Following up — apologies for the earlier misdirection. I re-read your original message and your first attempt (ABSPATH/sso-signing.pem) was actually the correct approach.

If that’s still giving you the idp_cert_or_fingerprint_not_found_and_required error, the issue is likely that the .pem file isn’t in the directory where WordPress expects it. ABSPATH resolves to the WordPress installation root (the folder containing wp-config.php), which may not be the same as your web server’s document root.

Could you confirm:
- Where exactly on the server the sso-signing.pem file is located?
- Where wp-config.php lives on the server? The file needs to be in the same directory as wp-config.php for ABSPATH/sso-signing.pem to resolve correctly.
Thread Starter socialink
(@socialink)

5 hours, 25 minutes ago

Hi, thank you for your response! I went back and actually used ABSPATH/sso-signing.pem (without the quotes) and it worked! Thank you again for the support for this free plugin. I have some customization to do and other mapping tweaks (i needed to use the forma Name starting with urn:oid instead of the FriendlyName) but its working.

Viewing 5 replies - 1 through 5 (of 5 total)

You must be logged in to reply to this topic.