We store the SAML session state in a separate "SAML_SessionId" cookie. By default this cookie is marked as secure. In the current release, if you're using HTTP rather than HTTPS the browser won't send the cookie and therefore the session information is being lost. I suspect that might be what's happening here. To turn off the secure flag, set the ComponentSpace.SAML2.Data.SessionIDDelegates.SecureSAMLCookie property to false at application start-up. If there's still an issue, please enable SAML trace and send the generated log file as an email attachment to [email protected] mentioning your forum post. https://www.componentspace.com/Forums/17/Enabing-SAML-TraceNB. In an upcoming release we don't set the secure flag if HTTP is being used. Of course, we recommend using HTTPS in production.
Regards ComponentSpace Development
|