ComponentSpace

Forums



Validate list of Destination in SAMLResponse


Validate list of Destination in SAMLResponse

Author
Message
ganeshsivam
ganeshsivam
New Member
New Member (10 reputation)New Member (10 reputation)New Member (10 reputation)New Member (10 reputation)New Member (10 reputation)New Member (10 reputation)New Member (10 reputation)New Member (10 reputation)New Member (10 reputation)

Group: Forum Members
Posts: 8, Visits: 40
Hi,
Our SSO app has different domain names (id.dev.acme.com, id.dev.acme.io, etc) and all point to same instance.
Hence ACS URL is different for each domain and I'm able to configure multiple SAML Configurations for each domain. 

In SP-init SSO, the ACS URL in SAMLRequest is https://id.dev.acme.com/SAML/AssertionConsumerService and in SAMLResponse the Destination URL is https://id.dev.acme.io/SAML/AssertionConsumerService. There is a mismatch and ComponentSpace throws below exception:

[ERR]  Saml Service Provider exception on RecieveSsoAsyncComponentSpace.Saml2.Exceptions.SamlProtocolException: The SAML response destination https://id.dev.acme.io/SAML/AssertionConsumerService doesn't match the local provider name or URL. at ComponentSpace.Saml2.SamlProvider.CheckDestination(StatusResponseType samlResponse, String destinationName, String destinationUrl) at ComponentSpace.Saml2.SamlServiceProvider.ProcessSamlResponseAsync(XmlElement samlResponseElement) at ComponentSpace.Saml2.SamlServiceProvider.ReceiveSsoAsync() at Identity.Service.Controllers.SamlController.AssertionConsumerService() in /tmp/Identity.Service/Controllers/SamlController.cs:line 93

So, my question: Is it possible to validate a list of Destination URL in SAMLResponse by ComponentSpace?

Thanks

ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
Please enable SAML trace and send the generated log file as an email attachment to [email protected] mentioning your forum post.

https://www.componentspace.com/Forums/7936/Enabling-SAML-Trace

Once the log has been captured and as a temporary fix, disable the destination check by setting the following in your PartnerIdentityProviderConfiguration:

   "DisableDestinationCheck": true



Regards
ComponentSpace Development
GO


Similar Topics


Execution: 0.000. 1 query. Compression Enabled.
Login
Existing Account
Email Address:


Password:


Select a Forum....












Forums, Documentation & Knowledge Base - ComponentSpace


Search