Home
Products
Downloads
Purchase
Support
Forums
About
Back
Forums, Documentation & Knowledge Base - ComponentSpace
Register
Login
ComponentSpace
Forums
Home
»
ComponentSpace Support Forums
»
Questions - SAML SSO for ASP.NET
»
Setting SAMLController.ConfigurationID removes the pending...
Setting SAMLController.ConfigurationID removes the pending authentication request
Post Reply
Setting SAMLController.ConfigurationID removes the pending...
View
Options
Author
Message
rb
rb
Posted 5 Years Ago
#10063
New Member
Group: Forum Members
Posts: 5,
Visits: 20
We are planning the use multi-tenancy by using the URI to decide which IDP we're going to use.
We use the following code:
[AllowAnonymous]
[Route("saml/{idp}/ssoservice")]
public async Task<ActionResult> SsoServiceForBrin(string idp, [System.Web.Http.FromBody] string samlrequest)
{
var configurationId = _configuration.GetConfigurationIdFromProviderId(idp);
SAMLController.ConfigurationID = configurationId;
// ConfigurationID is set in Redis with the provided configurationID
SAMLIdentityProvider.ReceiveSSO(Request, out var partnerSp);
// ConfigurationID is now gone in Redis
return RedirectToAction("SsoServicePostLogin", new { sid = temporarySessionId });
}
[Authorize]
public async Task<ActionResult> SsoServicePostLogin(string sid)
{
SAMLController.ConfigurationID = RetrieveSession(sid);
// ConfigurationID is set in Redis with the provided configurationID
// --> AND removing the pending authentication request
SAMLIdentityProvider.SendSSO(Response, nepri, attributes);
// An error is shown "There is no pending service provider authentication request"
// Which makes sense because it's overwritten with the ConfigurationID
return new EmptyResult();
}
// Load configuration at runtime.
private GetConfigurationIdFromProviderId(string idp)
{
var samlConfiguration = new SAMLConfiguration
{
ID = providerId,
LocalIdentityProviderConfiguration = new LocalIdentityProviderConfiguration
{
Name = GetEntityIdForProviderId(providerId),
Description = $"Tenant {providerId}",
LocalCertificateFile = locationPath,
LocalCertificatePassword = password,
},
PartnerServiceProviderConfigurations = SAMLConfigurationFile.Load("config/saml-idp.config").First().Value.PartnerServiceProviderConfigurations // Loading them from the configuration file
};
SAMLController.Configurations.Add(providerId, samlConfiguration);
}
We store these sessions in Redis. Without setting the SAMLController.ConfigurationID it is working for a single tenant.
It returns an error that there is no pending service provider authentication request.
What are we doing wrong? I expected that the ConfigurationID is stored in the pending authentication request.
We user version 2.8.0
Thanks in advance.
René Bosma
Reply
ComponentSpace
ComponentSpace
Posted 5 Years Ago
#10064
ComponentSpace Development
Group: Administrators
Posts: 3.2K,
Visits: 11K
Hi René,
Setting the SAMLController.COnfigurationID should't cause this error. Instead, it occurs if you call SAMLIdentityProvider.SendSSO with no prior call to SAMLIdentityProvider.ReceiveSSO or the SAML session state used to remember the previous SAMLIdentityProvider.ReceiveSSO isn't present. In version 2.8.0 the SAML session state is stored in the ASP.NET session. Is it possible the ASP.NET session has been cleared? Are you using a web farm and, if so, are you either using a central store for the ASP.NET sessions or a load balancer with sticky sessions? If not, the ReceiveSSO and SendSSO calls could be occurring on different servers.
If there's still an issue, please enable SAML trace and send the generated log file as an email attachment to
[email protected]
mentioning your forum post.
https://www.componentspace.com/Forums/17/Enabing-SAML-Trace
Regards
ComponentSpace Development
Reply
rb
rb
Posted 5 Years Ago
#10065
New Member
Group: Forum Members
Posts: 5,
Visits: 20
We have an implementation of the AbstractSSOSessionStore for Redis. Setting it at SAMLController.SSOSessionStore.
I am running this locally on my development machine.
I will create a trace. Thanks
Reply
ComponentSpace
ComponentSpace
Posted 5 Years Ago
#10066
ComponentSpace Development
Group: Administrators
Posts: 3.2K,
Visits: 11K
Ok, thanks.
Regards
ComponentSpace Development
Reply
rb
rb
Posted 5 Years Ago
#10067
New Member
Group: Forum Members
Posts: 5,
Visits: 20
+
x
ComponentSpace - 6/17/2019
Ok, thanks.
Here is the log
Reply
rb
rb
Posted 5 Years Ago
#10068
New Member
Group: Forum Members
Posts: 5,
Visits: 20
I've found the problem. We had an implementation of the AbstractSSOSessionStore. Apparently only for a single tenant. We did nothing with the type. That's why it was overwritten. public override object Load(Type type)
public override object Load(Type
type
){}
public override void Save(object
ssoSession
){}
That was a gotcha! It makes sense now. Do you have documentation that addresses this?
Thanks
Reply
ComponentSpace
ComponentSpace
Posted 5 Years Ago
#10074
ComponentSpace Development
Group: Administrators
Posts: 3.2K,
Visits: 11K
Thanks for the update and the comments regarding the documentation. I'll see that we make this clearer in a future documentation update.
Regards
ComponentSpace Development
Reply
GO
Post Reply
Similar Topics
Post Quoted Reply
Login
Existing Account
Email Address:
Password:
Reset Your Password
Remember Me
Select a Forum....
ComponentSpace Support Forums
Questions - SAML SSO for ASP.NET
Questions - SAML SSO for ASP.NET Core
Questions - OpenID for ASP.NET Core
ComponentSpace Documentation
Announcements
Documentation - SAML SSO for ASP.NET
Documentation - SAML SSO for ASP.NET Core
Documentation - OpenID for ASP.NET Core
ComponentSpace Knowledge Bases
Knowledge Base - SAML SSO for ASP.NET
Knowledge Base - SAML SSO for ASP.NET Core
Knowledge Base - OpenID for ASP.NET Core
Explore
Home
Latest
Popular
Search
Tags
Forums
ComponentSpace Support Forums
Questions - SAML SSO for ASP.NET
Questions - SAML SSO for ASP.NET Core
Questions - OpenID for ASP.NET Core
ComponentSpace Documentation
Announcements
Documentation - SAML SSO for ASP.NET
Documentation - SAML SSO for ASP.NET Core
Documentation - OpenID for ASP.NET Core
ComponentSpace Knowledge Bases
Knowledge Base - SAML SSO for ASP.NET
Knowledge Base - SAML SSO for ASP.NET Core
Knowledge Base - OpenID for ASP.NET Core
Forums, Documentation & Knowledge Base - ComponentSpace
Login
Register
Search
Flat Ascending
Flat Descending
Threaded
Subscribe to topic
Print This Topic
Goto Topics Forum
Jump To Page
Jump To Page