ComponentSpace

Forums



There is no pending service provider authentication request.


There is no pending service provider authentication request.

Author
Message
mviglianco
mviglianco
New Member
New Member (4 reputation)New Member (4 reputation)New Member (4 reputation)New Member (4 reputation)New Member (4 reputation)New Member (4 reputation)New Member (4 reputation)New Member (4 reputation)New Member (4 reputation)

Group: Forum Members
Posts: 3, Visits: 8
I am pretty new to MVC but have implemented ComponentSpace SAML2 SSO in Webforms. In learning MVC I am just trying to create a simple SP and IdP in MVC C# utilizing code structure I got from the examples and our previous Webforms applications.

One issue has been killing me this afternoon and evening. Once the IdP's SAML controller redirects to it's login controller I seem to lose the pending authentication request that am pretty sure I was able to successfully get initially. When I am back at the SAML controller and SSOService action I get the error in subject when I send the SSO. With a few tests checking the IsSSOCompletionPending() goes from true to false as soon as I leave the initial action.  Any ideas? I don't know if I am doing something boneheaded as an MVC newbie but it seems the received request is not being stored in session as I assumed it would be by default.

Here is the SAML Controller. I would be happy to post more if it's helpful


public class SAMLController : Controller
  {
   private const string ssoPendingSessionKey = "ssoPending";


   [AllowAnonymous]
   public ActionResult SSOService()
   {
    // Is an authorization request pending?
    bool ssoPending = Session[ssoPendingSessionKey] != null && (bool)Session[ssoPendingSessionKey] == true;

    //ControllerContext.HttpContext.Response.Write("Session: " + ssoPending.ToString() + "<br>");

    if (!(ssoPending && User.Identity.IsAuthenticated))
    {

      //Receive the authn request from the service provider (SP-initiated SSO).
      SAMLIdentityProvider.ReceiveSSO(Request, out string partnerSP);

      //If the user isn't logged in at the identity provider, force the user to login.
      if (! User.Identity.IsAuthenticated)
      {
       Session[ssoPendingSessionKey] = true;
       return RedirectToAction("Login", "Login");

      }

    }

    Session[ssoPendingSessionKey] = null;

    //ControllerContext.HttpContext.Response.Write("Session: " + ssoPending.ToString() + "<br>");

    // The user Is logged in at the identity provider.
    // Respond to the authn request by sending a SAML response containing a SAML assertion to the SP.
    // Use the configured Or logged in user name as the user name to send to the service provider (SP).
    // Include some user attributes.

    string userName = User.Identity.Name;
    Dictionary<string, string> attributes = new Dictionary<string, string>
    {
      ["username"] = userName,
      ["hbid"] = "hb12345",
      ["BSEGroup"] = "banker",
      ["firstName"] = "Michael",
      ["lastName"] = "Viglianco",
      ["email"] = "[email protected]"
    };


    SAMLIdentityProvider.SendSSO(Response, userName, attributes);
  

    return new EmptyResult();
   }
}
}


mviglianco
mviglianco
New Member
New Member (4 reputation)New Member (4 reputation)New Member (4 reputation)New Member (4 reputation)New Member (4 reputation)New Member (4 reputation)New Member (4 reputation)New Member (4 reputation)New Member (4 reputation)

Group: Forum Members
Posts: 3, Visits: 8
Follow up. Is the ComponentSpace session somehow different or hidden from standard session? If not then I see nothing being stored in session. If so is there something that needs to be enabled for this to work? I am also including the two saml configs below.

SP Config


<?xml version="1.0"?>
<SAMLConfiguration xmlns="urn:componentspace:SAML:2.0:configuration">
<ServiceProvider Name="http://Kyushu"
       Description="Sample MVC Service Provider for White Clay Consulting"
       LocalCertificateFile="SAML\Certificates\sp.pfx"
       LocalCertificatePassword="password"
       AssertionConsumerServiceUrl="~/SAML/CompleteSAMLLogin" />
<PartnerIdentityProviders>
  <PartnerIdentityProvider Name="http://SampleMVCIdP"
       Description="Sample MVC Indentity Provider for White Clay Consulting"
       SignAuthnRequest="true"
       SingleSignOnServiceUrl="/MVCIdP/SAML/SSOService"
       SingleSignOnServiceBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
       SingleLogoutServiceUrl="/MVCIdP/SAML/SLOService"
       PartnerCertificateFile="SAML\Certificates\idp.cer"/>
</PartnerIdentityProviders>
</SAMLConfiguration>



IdP Config


<SAMLConfiguration xmlns="urn:componentspace:SAML:2.0:configuration">
<IdentityProvider Name="http://SampleMVCIdP"
       Description="Sample MVC Identity Provider for White Clay Consulting"
       LocalCertificateFile="SAML\Certificates\idp.pfx"
       LocalCertificatePassword="password"/>
<PartnerServiceProviders>
  <!-- Web forms example -->
  <PartnerServiceProvider Name="http://kyushu"
          Description="Sample MVC Service Provider for White Clay Consulting"
          WantAuthnRequestSigned="true"
          SignSAMLResponse="true"
          SignAssertion="false"
          EncryptAssertion="false"
          AssertionConsumerServiceUrl="/Kyushu/SAML/SSOCompletionService"
          SingleLogoutServiceUrl="/Kyushu/SAML/SLOService"
          PartnerCertificateFile="SAML\Certificates\sp.cer"/>
</PartnerServiceProviders>
</SAMLConfiguration>



ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
We store the SAML session state in a separate "SAML_SessionId" cookie.
By default this cookie is marked as secure.
In the current release, if you're using HTTP rather than HTTPS the browser won't send the cookie and therefore the session information is being lost.
I suspect that might be what's happening here.
To turn off the secure flag, set the ComponentSpace.SAML2.Data.SessionIDDelegates.SecureSAMLCookie property to false at application start-up.
If there's still an issue, please enable SAML trace and send the generated log file as an email attachment to [email protected] mentioning your forum post.
https://www.componentspace.com/Forums/17/Enabing-SAML-Trace
NB. In an upcoming release we don't set the secure flag if HTTP is being used. Of course, we recommend using HTTPS in production.


Regards
ComponentSpace Development
mviglianco
mviglianco
New Member
New Member (4 reputation)New Member (4 reputation)New Member (4 reputation)New Member (4 reputation)New Member (4 reputation)New Member (4 reputation)New Member (4 reputation)New Member (4 reputation)New Member (4 reputation)

Group: Forum Members
Posts: 3, Visits: 8
ComponentSpace - 5/13/2019
We store the SAML session state in a separate "SAML_SessionId" cookie.
By default this cookie is marked as secure.
In the current release, if you're using HTTP rather than HTTPS the browser won't send the cookie and therefore the session information is being lost.
I suspect that might be what's happening here.
To turn off the secure flag, set the ComponentSpace.SAML2.Data.SessionIDDelegates.SecureSAMLCookie property to false at application start-up.
If there's still an issue, please enable SAML trace and send the generated log file as an email attachment to [email protected] mentioning your forum post.
https://www.componentspace.com/Forums/17/Enabing-SAML-Trace
NB. In an upcoming release we don't set the secure flag if HTTP is being used. Of course, we recommend using HTTPS in production.

This makes sense as the working versions I have use https. I changed that for this version while I was getting everything else worked out. Thanks. I will get back to this soon and return if I have further questions.
ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
You're welcome.

Regards
ComponentSpace Development
GO


Similar Topics


Execution: 0.000. 2 queries. Compression Enabled.
Login
Existing Account
Email Address:


Password:


Select a Forum....












Forums, Documentation & Knowledge Base - ComponentSpace


Search