ComponentSpace

Forums



SAML Configuration Testing


SAML Configuration Testing

Author
Message
dmitry.karabanovich
dmitry.karabanovich
New Member
New Member (15 reputation)New Member (15 reputation)New Member (15 reputation)New Member (15 reputation)New Member (15 reputation)New Member (15 reputation)New Member (15 reputation)New Member (15 reputation)New Member (15 reputation)

Group: Forum Members
Posts: 10, Visits: 85
Hello everyone,

I have almost the same situation as described in this post (https://www.componentspace.com/Forums/11054/Setup-Customer-Testing-of-Idp-Configuration)
Short explanation
1. There is a Services Provider application;
2. There is a feature that allows users to configure information about IdentityProvider manually or using metadata xml file;
3. There are InitiateSingleSignOn and AssertionConsumerService  endpoints;
4. It is necessary to implement functionality that will allow the user to test the correctness of the configuration.

Based on the attached forum post, testing could be performed by Initiating SSO from another browser tab. In this case, IdP will send a response to AssertionConsumerService endpoint where we need to know that this call comes from Test action and not from real SSO process. So, is there a way to handle when testing is performed on not? In addition, is there a ComponentSpace build-in solution for testing such behavior?

Some ideas about it:
1. Send serialized object with information (bool IsTest at least) as relayState and work with it in AssertionConsumerService to understand if this is response come from test request;
2. Create TestInitiateSingleSignOn and TestAssertionConsumerService and provide information about these endpoints to a user with a disclaimer that this configuration has to be used only for testing.

Best regards, Dmitry!
 

ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (3.8K reputation)ComponentSpace Development (3.8K reputation)ComponentSpace Development (3.8K reputation)ComponentSpace Development (3.8K reputation)ComponentSpace Development (3.8K reputation)ComponentSpace Development (3.8K reputation)ComponentSpace Development (3.8K reputation)ComponentSpace Development (3.8K reputation)ComponentSpace Development (3.8K reputation)

Group: Administrators
Posts: 2.7K, Visits: 8.4K
Hi Dmitry,

There isn't anything built into our library to distinguish between test and live SSO. You would have to make this distinction at the application level.

Both of your ideas sound good.

Another option is to save the IsTest flag in the ASP.NET session or as a separate custom cookie. You set the flag when the test is initiated and check for the flag when the SAML response is received. That way you're not impacting on either the relay state or the SAML endpoints.




Regards
ComponentSpace Development
dmitry.karabanovich
dmitry.karabanovich
New Member
New Member (15 reputation)New Member (15 reputation)New Member (15 reputation)New Member (15 reputation)New Member (15 reputation)New Member (15 reputation)New Member (15 reputation)New Member (15 reputation)New Member (15 reputation)

Group: Forum Members
Posts: 10, Visits: 85
ComponentSpace - 11/11/2020
Hi Dmitry,

There isn't anything built into our library to distinguish between test and live SSO. You would have to make this distinction at the application level.

Both of your ideas sound good.

Another option is to save the IsTest flag in the ASP.NET session or as a separate custom cookie. You set the flag when the test is initiated and check for the flag when the SAML response is received. That way you're not impacting on either the relay state or the SAML endpoints.



Thank you for the response. Is it possible to know the list of possible text for SAMLException errors message?

ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (3.8K reputation)ComponentSpace Development (3.8K reputation)ComponentSpace Development (3.8K reputation)ComponentSpace Development (3.8K reputation)ComponentSpace Development (3.8K reputation)ComponentSpace Development (3.8K reputation)ComponentSpace Development (3.8K reputation)ComponentSpace Development (3.8K reputation)ComponentSpace Development (3.8K reputation)

Group: Administrators
Posts: 2.7K, Visits: 8.4K
Please take a look at our Reference Guide.

https://www.componentspace.com/Forums/9107/Reference-Guide

The exceptions are listed under the ComponentSpace.SAML2.Exceptions namespace.

We don't document the actual text descriptions for these exceptions.

In most cases, all exceptions should be handled the same way. We recommend the exception is logged and the user redirected to a generic error page. 

Regards
ComponentSpace Development
dmitry.karabanovich
dmitry.karabanovich
New Member
New Member (15 reputation)New Member (15 reputation)New Member (15 reputation)New Member (15 reputation)New Member (15 reputation)New Member (15 reputation)New Member (15 reputation)New Member (15 reputation)New Member (15 reputation)

Group: Forum Members
Posts: 10, Visits: 85
ComponentSpace - 11/18/2020
Please take a look at our Reference Guide.

https://www.componentspace.com/Forums/9107/Reference-Guide

The exceptions are listed under the ComponentSpace.SAML2.Exceptions namespace.

We don't document the actual text descriptions for these exceptions.

In most cases, all exceptions should be handled the same way. We recommend the exception is logged and the user redirected to a generic error page. 

Thank you for the response!
ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (3.8K reputation)ComponentSpace Development (3.8K reputation)ComponentSpace Development (3.8K reputation)ComponentSpace Development (3.8K reputation)ComponentSpace Development (3.8K reputation)ComponentSpace Development (3.8K reputation)ComponentSpace Development (3.8K reputation)ComponentSpace Development (3.8K reputation)ComponentSpace Development (3.8K reputation)

Group: Administrators
Posts: 2.7K, Visits: 8.4K
You're welcome.

Regards
ComponentSpace Development
GO


Similar Topics


Execution: 0.000. 2 queries. Compression Enabled.
Login
Existing Account
Email Address:


Password:


Social Logins

Select a Forum....









Forums, Documentation & Knowledge Base - ComponentSpace


Search