ComponentSpace

Forums



Setting SAMLController.ConfigurationID removes the pending authentication request


Setting SAMLController.ConfigurationID removes the pending...

Author
Message
rb
rb
New Member
New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)

Group: Forum Members
Posts: 5, Visits: 20
We are planning the use multi-tenancy by using the URI to decide which IDP we're going to use.
We use the following code:

[AllowAnonymous]
[Route("saml/{idp}/ssoservice")]
public async Task<ActionResult> SsoServiceForBrin(string idp, [System.Web.Http.FromBody] string samlrequest)
{
  var configurationId = _configuration.GetConfigurationIdFromProviderId(idp);
  SAMLController.ConfigurationID = configurationId;
  // ConfigurationID is set in Redis with the provided configurationID 

  SAMLIdentityProvider.ReceiveSSO(Request, out var partnerSp);
  // ConfigurationID is now gone in Redis

  return RedirectToAction("SsoServicePostLogin", new { sid = temporarySessionId });
}

[Authorize]
public async Task<ActionResult> SsoServicePostLogin(string sid)
{
  SAMLController.ConfigurationID = RetrieveSession(sid);
  // ConfigurationID is set in Redis with the provided configurationID 
  // --> AND removing the pending authentication request

  SAMLIdentityProvider.SendSSO(Response, nepri, attributes);
  // An error is shown "There is no pending service provider authentication request"
  // Which makes sense because it's overwritten with the ConfigurationID

  return new EmptyResult();
}
// Load configuration at runtime.
private GetConfigurationIdFromProviderId(string idp)
{
  var samlConfiguration = new SAMLConfiguration
  {
    ID = providerId,
    LocalIdentityProviderConfiguration = new LocalIdentityProviderConfiguration
    {
      Name = GetEntityIdForProviderId(providerId),
      Description = $"Tenant {providerId}",
      LocalCertificateFile = locationPath,
      LocalCertificatePassword = password,
    },
    PartnerServiceProviderConfigurations = SAMLConfigurationFile.Load("config/saml-idp.config").First().Value.PartnerServiceProviderConfigurations // Loading them from the configuration file
  };
  SAMLController.Configurations.Add(providerId, samlConfiguration);
}


We store these sessions in Redis. Without setting the SAMLController.ConfigurationID it is working for a single tenant.
It returns an error that there is no pending service provider authentication request.

What are we doing wrong? I expected that the ConfigurationID is stored in the pending authentication request.
We user version 2.8.0

Thanks in advance. 
René Bosma

ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
Hi René, 
Setting the SAMLController.COnfigurationID should't cause this error. Instead, it occurs if you call SAMLIdentityProvider.SendSSO with no prior call to SAMLIdentityProvider.ReceiveSSO or the SAML session state used to remember the previous SAMLIdentityProvider.ReceiveSSO isn't present. In version 2.8.0 the SAML session state is stored in the ASP.NET session. Is it possible the ASP.NET session has been cleared? Are you using a web farm and, if so, are you either using a central store for the ASP.NET sessions or a load balancer with sticky sessions? If not, the ReceiveSSO and SendSSO calls could be occurring on different servers.
If there's still an issue, please enable SAML trace and send the generated log file as an email attachment to [email protected] mentioning your forum post.
https://www.componentspace.com/Forums/17/Enabing-SAML-Trace


Regards
ComponentSpace Development
rb
rb
New Member
New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)

Group: Forum Members
Posts: 5, Visits: 20
We have an implementation of the AbstractSSOSessionStore for Redis. Setting it at SAMLController.SSOSessionStore.
I am running this locally on my development machine.

I will create a trace. Thanks

ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
Ok, thanks.

Regards
ComponentSpace Development
rb
rb
New Member
New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)

Group: Forum Members
Posts: 5, Visits: 20
ComponentSpace - 6/17/2019
Ok, thanks.

Here is the log

rb
rb
New Member
New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)

Group: Forum Members
Posts: 5, Visits: 20
I've found the problem. We had an implementation of the AbstractSSOSessionStore. Apparently only for a single tenant. We did nothing with the type. That's why it was overwritten.  public override object Load(Type type)

public override object Load(Type type){}
public override void Save(object ssoSession){}


That was a gotcha! It makes sense now. Do you have documentation that addresses this?

Thanks



ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
Thanks for the update and the comments regarding the documentation. I'll see that we make this clearer in a future documentation update.

Regards
ComponentSpace Development
GO


Similar Topics


Execution: 0.000. 2 queries. Compression Enabled.
Login
Existing Account
Email Address:


Password:


Select a Forum....












Forums, Documentation & Knowledge Base - ComponentSpace


Search