ComponentSpace

Forums



SAMLController.ConfigurationID is empty in AssertionConsumerService


SAMLController.ConfigurationID is empty in AssertionConsumerService

Author
Message
shillman
shillman
New Member
New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)

Group: Forum Members
Posts: 1, Visits: 11
I have a multi-tenant configuration.
One of my Azure customers gets an error the first time they log in.
When they try the same login url again, it works.

My AssertionConsumerService does not have the SAMLController.ConfigurationID set when the error occurs. Then they try again, it is set and everything is fine. This consistently happens after the user logouts and tries to log in again.

I enabled system.diagnostics (see below). One thing I noticed is the following line:
The SAML session cookie is marked as secure but the protocol is not HTTPS.
In my environment, I have a load balancer in front of IIS that handles the SSL. So the request going to IIS is not SSL. I am not sure if this is causing the issue. If it is, how can I configure Azure to pass the ID I need? I tried configuring Azure to pass a query parameter in the assertionconsumerservice url, but it doesn't seem to get to the  AssertionConsumerService page.

ComponentSpace.SAML2 Verbose: 0 : 5744/1: 2/16/2021 7:13:13 AM: ComponentSpace.SAML2, Version=3.1.0.0, Culture=neutral, PublicKeyToken=null, .NET v4.6.2 build, Licensed.
ComponentSpace.SAML2 Verbose: 0 : 5744/1: 2/16/2021 7:13:13 AM: CLR: 4.0.30319.42000, OS: Microsoft Windows NT 6.3.9600.0, Account: IIS APPPOOL\ReplixFaxPortal, Culture: English (United States)
ComponentSpace.SAML2 Verbose: 0 : 5744/1: 2/16/2021 7:13:13 AM: The SAML configurations have been set.
ComponentSpace.SAML2 Verbose: 0 : 5744/1: 2/16/2021 7:13:13 AM: <?xml version="1.0" encoding="utf-16"?>
<SAMLConfigurations xmlns="urn:componentspace:SAML:2.0:configuration">
<SAMLConfiguration ID="demo">
  <ServiceProvider Name="https://www.rpxtest.com" LocalCertificateFile="C:\Softlinx\WebPortal\Certificates\sp.pfx" LocalCertificatePassword="********" AssertionConsumerServiceUrl="https://www.rpxtest.com/SAML/AssertionConsumerService.aspx" />
  <PartnerIdentityProviders>
  <PartnerIdentityProvider Name="https://sts.windows.net/c6c7e2f4-317e-4bf9-b447-e0ba24bbab4e/" PartnerCertificateFile="C:\Softlinx\WebPortal\Certificates\demo.cer" SingleSignOnServiceUrl="https://login.microsoftonline.com/c6c7e2f4-317e-4bf9-b447-e0ba24bbab4e/saml2" />
  </PartnerIdentityProviders>
</SAMLConfiguration>
<SAMLConfiguration ID="ibm">
  <ServiceProvider Name="https://ibm.rpxtest.com" LocalCertificateFile="C:\Softlinx\WebPortal\Certificates\sp.pfx" LocalCertificatePassword="********" AssertionConsumerServiceUrl="https://ibm.rpxtest.com/SAML/AssertionConsumerService.aspx" />
  <PartnerIdentityProviders>
  <PartnerIdentityProvider Name="https://w3id.alpha.sso.ibm.com/auth/sps/samlidp2/saml20" PartnerCertificateFile="C:\Softlinx\WebPortal\Certificates\ibm.cer" SingleLogoutServiceUrl="https://w3id.alpha.sso.ibm.com/auth/sps/samlidp2/saml20/slo" SingleSignOnServiceUrl="https://w3id.alpha.sso.ibm.com/auth/sps/samlidp2/saml20/login" />
  </PartnerIdentityProviders>
</SAMLConfiguration>
<SAMLConfiguration ID="acme">
  <ServiceProvider Name="https://acme.rpxtest.com" LocalCertificateFile="C:\Softlinx\WebPortal\Certificates\sp.pfx" LocalCertificatePassword="********" AssertionConsumerServiceUrl="https://acme.rpxtest.com/SAML/AssertionConsumerService.aspx" />
  <PartnerIdentityProviders>
  <PartnerIdentityProvider Name="https://sts.windows.net/c6c7e2f4-317e-4bf9-b447-e0ba24bbab4e/" PartnerCertificateFile="C:\Softlinx\WebPortal\Certificates\acme.cer" SingleLogoutServiceUrl="https://login.microsoftonline.com/common/wsfederation?wa=wsignout1.0" SingleSignOnServiceUrl="https://login.microsoftonline.com/c6c7e2f4-317e-4bf9-b447-e0ba24bbab4e/saml2" />
  </PartnerIdentityProviders>
</SAMLConfiguration>
<SAMLConfiguration ID="bcbsne">
  <ServiceProvider Name="https://portal.rpxtest.com" LocalCertificateFile="C:\Softlinx\WebPortal\Certificates\sp.pfx" LocalCertificatePassword="********" AssertionConsumerServiceUrl="https://portal.rpxtest.com/SAML/AssertionConsumerService.aspx" />
  <PartnerIdentityProviders>
  <PartnerIdentityProvider Name="https://sts.windows.net/79631b5d-0010-4f79-aa0d-809ae3db725f/" PartnerCertificateFile="C:\Softlinx\WebPortal\Certificates\bcbsne.cer" SingleSignOnServiceUrl="https://login.microsoftonline.com/79631b5d-0010-4f79-aa0d-809ae3db725f/saml2" />
  </PartnerIdentityProviders>
</SAMLConfiguration>
<SAMLConfiguration ID="demossoa">
  <ServiceProvider Name="https://portal.rpxtest.com" LocalCertificateFile="C:\Softlinx\WebPortal\Certificates\sp.pfx" LocalCertificatePassword="********" AssertionConsumerServiceUrl="https://portal.rpxtest.com/SAML/AssertionConsumerService.aspx" />
  <PartnerIdentityProviders>
  <PartnerIdentityProvider Name="https://sts.windows.net/c6c7e2f4-317e-4bf9-b447-e0ba24bbab4e/" PartnerCertificateFile="C:\Softlinx\WebPortal\Certificates\demossoa.cer" SingleLogoutServiceUrl="https://login.microsoftonline.com/c6c7e2f4-317e-4bf9-b447-e0ba24bbab4e/saml2" SingleSignOnServiceUrl="https://login.microsoftonline.com/c6c7e2f4-317e-4bf9-b447-e0ba24bbab4e/saml2" />
  </PartnerIdentityProviders>
</SAMLConfiguration>
</SAMLConfigurations>
ComponentSpace.SAML2 Verbose: 0 : 5744/12: 2/16/2021 7:13:42 AM: The configuration ID for the session (923d92e6-bd43-4b9f-b8d6-67141e98fe42) is demossoa.
ComponentSpace.SAML2 Verbose: 0 : 5744/12: 2/16/2021 7:13:42 AM: Initializing the SAML environment.
ComponentSpace.SAML2 Verbose: 0 : 5744/12: 2/16/2021 7:13:42 AM: The SAML environment has been successfuly initialized.
ComponentSpace.SAML2 Verbose: 0 : 5744/12: 2/16/2021 7:13:42 AM: Initiating SSO to the partner identity provider https://sts.windows.net/c6c7e2f4-317e-4bf9-b447-e0ba24bbab4e/.
ComponentSpace.SAML2 Verbose: 0 : 5744/12: 2/16/2021 7:13:42 AM: Service provider session (923d92e6-bd43-4b9f-b8d6-67141e98fe42) state:
ComponentSpace.SAML2 Verbose: 0 : 5744/12: 2/16/2021 7:13:42 AM: Sending request over HTTP Redirect, baseURL=https://login.microsoftonline.com/c6c7e2f4-317e-4bf9-b447-e0ba24bbab4e/saml2, samlMessage=<samlp:AuthnRequest ID="_24c4b136-041b-49ba-8d1b-666b64d3e919" Version="2.0" IssueInstant="2021-02-16T12:13:42.292Z" Destination="https://login.microsoftonline.com/c6c7e2f4-317e-4bf9-b447-e0ba24bbab4e/saml2" ForceAuthn="false" IsPassive="false" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" AssertionConsumerServiceURL="https://portal.rpxtest.com/SAML/AssertionConsumerService.aspx" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"><saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://portal.rpxtest.com</saml:Issuer><samlp:NameIDPolicy Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" AllowCreate="true" /></samlp:AuthnRequest>, relayState=demossoa
ComponentSpace.SAML2 Verbose: 0 : 5744/12: 2/16/2021 7:13:42 AM: Creating HTTP redirect query string.
ComponentSpace.SAML2 Verbose: 0 : 5744/12: 2/16/2021 7:13:42 AM: Encoding SAML message: <samlp:AuthnRequest ID="_24c4b136-041b-49ba-8d1b-666b64d3e919" Version="2.0" IssueInstant="2021-02-16T12:13:42.292Z" Destination="https://login.microsoftonline.com/c6c7e2f4-317e-4bf9-b447-e0ba24bbab4e/saml2" ForceAuthn="false" IsPassive="false" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" AssertionConsumerServiceURL="https://portal.rpxtest.com/SAML/AssertionConsumerService.aspx" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"><saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://portal.rpxtest.com</saml:Issuer><samlp:NameIDPolicy Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" AllowCreate="true" /></samlp:AuthnRequest>
ComponentSpace.SAML2 Verbose: 0 : 5744/12: 2/16/2021 7:13:42 AM: Encoded SAML message: fZJPj9MwEMW/SuS7k9i1UmK1lcpWiEoLRNvCgQuyncmuJccOHmcp354k5c9y6N6s0bx57zfjDareDXI/pif/AN9HwJQdD1vyjQsjNFtVtBRMU1FrRd+006uqKl2JdgU1q0n2BSLa4LeE5yXJjogjHD0m5dNUKjmjJaesOjMu2UoKnvOafyXZYXKxXqVF+ZTSgLIoXHi0Pu+tiQFDl4J31kNuQl+YyqyBd4Ku2Bqo0F1NtRBrCqVWXGittIBi5uAkexeigYVmSzrlEOZUjUK0z/C30sSQggnurfWt9Y9bMkYvg0KL0qseUCYjT/sP93KikvrahPL9+dzQ5tPpTLI9IsQ5/l3wOPYQTxCfrYHPD/f/gIYQk3J5HC5p4l1I5qHFLXGucLiQ7NI7j3I5y+vBht8UZLeZu+Wy/fhC/7pc/YlBdrcTb4oXo68+g/w4zToemuCs+TkvvFfpthXL2VKxLe2WVjl6HMDYzkI7bdK58OMugkrTeVIcp+sUu6vr/79y9ws=
ComponentSpace.SAML2 Verbose: 0 : 5744/12: 2/16/2021 7:13:42 AM: Query string: SAMLRequest=fZJPj9MwEMW%2FSuS7k9i1UmK1lcpWiEoLRNvCgQuyncmuJccOHmcp354k5c9y6N6s0bx57zfjDareDXI%2Fpif%2FAN9HwJQdD1vyjQsjNFtVtBRMU1FrRd%2B006uqKl2JdgU1q0n2BSLa4LeE5yXJjogjHD0m5dNUKjmjJaesOjMu2UoKnvOafyXZYXKxXqVF%2BZTSgLIoXHi0Pu%2BtiQFDl4J31kNuQl%2BYyqyBd4Ku2Bqo0F1NtRBrCqVWXGittIBi5uAkexeigYVmSzrlEOZUjUK0z%2FC30sSQggnurfWt9Y9bMkYvg0KL0qseUCYjT%2FsP93KikvrahPL9%2BdzQ5tPpTLI9IsQ5%2Fl3wOPYQTxCfrYHPD%2Ff%2FgIYQk3J5HC5p4l1I5qHFLXGucLiQ7NI7j3I5y%2BvBht8UZLeZu%2BWy%2FfhC%2F7pc%2FYlBdrcTb4oXo68%2Bg%2Fw4zToemuCs%2BTkvvFfpthXL2VKxLe2WVjl6HMDYzkI7bdK58OMugkrTeVIcp%2BsUu6vr%2F79y9ws%3D&RelayState=demossoa
ComponentSpace.SAML2 Verbose: 0 : 5744/12: 2/16/2021 7:13:42 AM: Redirect URL: https://login.microsoftonline.com/c6c7e2f4-317e-4bf9-b447-e0ba24bbab4e/saml2?SAMLRequest=fZJPj9MwEMW%2FSuS7k9i1UmK1lcpWiEoLRNvCgQuyncmuJccOHmcp354k5c9y6N6s0bx57zfjDareDXI%2Fpif%2FAN9HwJQdD1vyjQsjNFtVtBRMU1FrRd%2B006uqKl2JdgU1q0n2BSLa4LeE5yXJjogjHD0m5dNUKjmjJaesOjMu2UoKnvOafyXZYXKxXqVF%2BZTSgLIoXHi0Pu%2BtiQFDl4J31kNuQl%2BYyqyBd4Ku2Bqo0F1NtRBrCqVWXGittIBi5uAkexeigYVmSzrlEOZUjUK0z%2FC30sSQggnurfWt9Y9bMkYvg0KL0qseUCYjT%2FsP93KikvrahPL9%2BdzQ5tPpTLI9IsQ5%2Fl3wOPYQTxCfrYHPD%2Ff%2FgIYQk3J5HC5p4l1I5qHFLXGucLiQ7NI7j3I5y%2BvBht8UZLeZu%2BWy%2FfhC%2F7pc%2FYlBdrcTb4oXo68%2Bg%2Fw4zToemuCs%2BTkvvFfpthXL2VKxLe2WVjl6HMDYzkI7bdK58OMugkrTeVIcp%2BsUu6vr%2F79y9ws%3D&RelayState=demossoa
ComponentSpace.SAML2 Verbose: 0 : 5744/12: 2/16/2021 7:13:42 AM: Redirecting to: https://login.microsoftonline.com/c6c7e2f4-317e-4bf9-b447-e0ba24bbab4e/saml2?SAMLRequest=fZJPj9MwEMW%2FSuS7k9i1UmK1lcpWiEoLRNvCgQuyncmuJccOHmcp354k5c9y6N6s0bx57zfjDareDXI%2Fpif%2FAN9HwJQdD1vyjQsjNFtVtBRMU1FrRd%2B006uqKl2JdgU1q0n2BSLa4LeE5yXJjogjHD0m5dNUKjmjJaesOjMu2UoKnvOafyXZYXKxXqVF%2BZTSgLIoXHi0Pu%2BtiQFDl4J31kNuQl%2BYyqyBd4Ku2Bqo0F1NtRBrCqVWXGittIBi5uAkexeigYVmSzrlEOZUjUK0z%2FC30sSQggnurfWt9Y9bMkYvg0KL0qseUCYjT%2FsP93KikvrahPL9%2BdzQ5tPpTLI9IsQ5%2Fl3wOPYQTxCfrYHPD%2Ff%2FgIYQk3J5HC5p4l1I5qHFLXGucLiQ7NI7j3I5y%2BvBht8UZLeZu%2BWy%2FfhC%2F7pc%2FYlBdrcTb4oXo68%2Bg%2Fw4zToemuCs%2BTkvvFfpthXL2VKxLe2WVjl6HMDYzkI7bdK58OMugkrTeVIcp%2BsUu6vr%2F79y9ws%3D&RelayState=demossoa
ComponentSpace.SAML2 Verbose: 0 : 5744/12: 2/16/2021 7:13:42 AM: Request sent over HTTP Redirect.
ComponentSpace.SAML2 Verbose: 0 : 5744/12: 2/16/2021 7:13:42 AM: SAML message sent: partner=https://sts.windows.net/c6c7e2f4-317e-4bf9-b447-e0ba24bbab4e/, message=<samlp:AuthnRequest ID="_24c4b136-041b-49ba-8d1b-666b64d3e919" Version="2.0" IssueInstant="2021-02-16T12:13:42.292Z" Destination="https://login.microsoftonline.com/c6c7e2f4-317e-4bf9-b447-e0ba24bbab4e/saml2" ForceAuthn="false" IsPassive="false" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" AssertionConsumerServiceURL="https://portal.rpxtest.com/SAML/AssertionConsumerService.aspx" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"><saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://portal.rpxtest.com</saml:Issuer><samlp:NameIDPolicy Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" AllowCreate="true" /></samlp:AuthnRequest>, relay state=demossoa, destination URL=https://login.microsoftonline.com/c6c7e2f4-317e-4bf9-b447-e0ba24bbab4e/saml2
ComponentSpace.SAML2 Verbose: 0 : 5744/12: 2/16/2021 7:13:42 AM: Service provider session (923d92e6-bd43-4b9f-b8d6-67141e98fe42) state:
Pending response state:
Action: ReceiveSamlResponse
Partner name: https://sts.windows.net/c6c7e2f4-317e-4bf9-b447-e0ba24bbab4e/
Relay state:
In response to: _24c4b136-041b-49ba-8d1b-666b64d3e919

ComponentSpace.SAML2 Verbose: 0 : 5744/12: 2/16/2021 7:13:42 AM: Initiation of SSO to the partner identity provider https://sts.windows.net/c6c7e2f4-317e-4bf9-b447-e0ba24bbab4e/ has completed successfully.
ComponentSpace.SAML2 Verbose: 0 : 5744/7: 2/16/2021 7:13:42 AM: The SAML session cookie is marked as secure but the protocol is not HTTPS.
ComponentSpace.SAML2 Verbose: 0 : 5744/7: 2/16/2021 7:13:42 AM: The SAML_SessionId cookie with value 3edd570c-5d25-4624-98e5-b7e3a5cb0ee0 has been set.
ComponentSpace.SAML2 Verbose: 0 : 5744/7: 2/16/2021 7:13:42 AM: Exception: ComponentSpace.SAML2.Exceptions.SAMLConfigurationException: Multiple SAML configurations exist but a configuration ID hasn't been specified.
ComponentSpace.SAML2 Verbose: 0 : 5744/7: 2/16/2021 7:13:42 AM:  at ComponentSpace.SAML2.Configuration.SAMLConfigurations.GetConfiguration(String configurationID)
 at ComponentSpace.SAML2.Configuration.Resolver.SAMLConfigurationResolver.GetLocalServiceProviderConfiguration(String configurationID)
 at ComponentSpace.SAML2.InternalSAMLServiceProvider..ctor()
 at ComponentSpace.SAML2.SAMLServiceProvider.ReceiveSSO(HttpRequest httpRequest, Boolean& isInResponseTo, String& partnerIdP, String& authnContext, String& userName, IDictionary`2& attributes, String& relayState)
 at SAML_AssertionConsumerService.Page_Load(Object sender, EventArgs e) in C:\Program Files (x86)\Softlinx\ReplixFax Web Portal\SAML\AssertionConsumerService.aspx.cs:line 89
 at System.Web.UI.Control.OnLoad(EventArgs e)
 at System.Web.UI.Control.LoadRecursive()
 at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
 at System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
 at System.Web.UI.Page.ProcessRequest()
 at System.Web.UI.Page.ProcessRequest(HttpContext context)
 at ASP.saml_assertionconsumerservice_aspx.ProcessRequest(HttpContext context)
 at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
 at System.Web.HttpApplication.ExecuteStepImpl(IExecutionStep step)
 at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
 at System.Web.HttpApplication.PipelineStepManager.ResumeSteps(Exception error)
 at System.Web.HttpApplication.BeginProcessRequestNotification(HttpContext context, AsyncCallback cb)
 at System.Web.HttpRuntime.ProcessRequestNotificationPrivate(IIS7WorkerRequest wr, HttpContext context)
 at System.Web.Hosting.PipelineRuntime.ProcessRequestNotificationHelper(IntPtr rootedObjectsPointer, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags)
 at System.Web.Hosting.PipelineRuntime.ProcessRequestNotification(IntPtr rootedObjectsPointer, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags)





ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
The SAML_SessionId cookie isn't being sent by the browser along with the HTTP Post of the SAML response.

Please use the browser developer tools (F12) to capture the network traffic and send the saved HAR file as an email attachment to [email protected] mentioning your forum post. Please capture the initiation of SSO through to the error. Make sure that all instances of the browser are closed to clear all session cookies.

The message "The SAML session cookie is marked as secure but the protocol is not HTTPS" is meant to be informative and isn't necessarily an error. If SSL is terminated by a load balancer etc, this is to be expected. It's more for the case where there's no SSL at all.

Regards
ComponentSpace Development
GO


Similar Topics


Execution: 0.000. 1 query. Compression Enabled.
Login
Existing Account
Email Address:


Password:


Select a Forum....












Forums, Documentation & Knowledge Base - ComponentSpace


Search