I am trying to configure my nestjs app with passport-saml for a new client (a new Okta test account). The code has been proven in the past and my old okta account has been disabled.
I created a new app in okta, saml 2.0. Go through all the configurations. I download the cert file (and I have also used the value in between <ds:X509Certificate></ds:X509Certificate>.
I copy the contents of the cert file to my app configuration.
When launching the app with SSO I get the following:
context: {
exception: Error: error:09091064:PEM routines:PEM_read_bio_ex:bad base64 decode
at Sign.sign (internal/crypto/sig.js:103:29)
at SAML.signRequest (/www/myapp/AuthApi/node_modules/passport-saml/src/node-saml/saml.ts:230:36)
at SAML._requestToUrlAsync (/www/myapp/AuthApi/node_modules/passport-saml/src/node-saml/saml.ts:477:12)
at processTicksAndRejections (internal/process/task_queues.js:97:5)
at SAML.getAuthorizeUrlAsync (/www/myapp/AuthApi/node_modules/passport-saml/src/node-saml/saml.ts:530:12)
at login-request (/www/myapp/AuthApi/node_modules/passport-saml/src/passport-saml/strategy.ts:139:29) {
library: 'PEM routines',
function: 'PEM_read_bio_ex',
reason: 'bad base64 decode',
code: 'ERR_OSSL_PEM_BAD_BASE64_DECODE'
}
},
// Update 5/31 10:00pm
I am assuming maybe that it is a configuration issue or something on the application side. Inside of Okta if I click on my application I am successfully forwarded to my app and logged in.
when logging into my app via SSO it doesn't even look like I am getting to Okta, I am erroring before that. (Still checking that assumption)
If I manually follow the configured endpoint (to Okta) it works. I get the Okta login screen so that and the cert are correct.
The problem was a bad privateKey.