ComponentSpace

Forums



SP Initiated SSO - "The pending SAML action is being overridden."


SP Initiated SSO - "The pending SAML action is being overridden."

Author
Message
[email protected]
sid@thoughtfarmer.com
New Member
New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)

Group: Forum Members
Posts: 2, Visits: 13
Hi team Component Space,

This is my first post here so please excuse any noob mistakes. I am seeing the below error messages during a SP-initiated authentication. Additionally I am seeing the same session ID with two different inResponseTo ids. I found the below post that seemed related but there was no solution posted. So I have emailed you the detailed SAML trace as you suggested in that post and have referenced this post in that email. 

The pending SAML action is being overridden.

ComponentSpace.Saml2.Exceptions.SamlProtocolException: There is no service provider pending a SAML response.

   at ComponentSpace.Saml2.SamlIdentityProvider.SendSsoAsync(String userID, IList`1 attributes, String authnContext, Status status)

   at ComponentSpace.Saml2.SamlIdentityProvider.SendSsoAsync(String userID, IList`1 attributes, String authnContext)


https://www.componentspace.com/forums/10279/sp-initiated-sso--the-pending-saml-action-is-being-overridden
session id: e7721615-953c-47e5-ab37-16d4ebf17357
In response to1: _d8e708ff-d3df-4b88-acf9-5e05119e8716
In response to2: _941072a3-96b9-4bba-b00b-d5bda63a9223

Any help will be appreciated.

Regards,
Sid


ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
Thanks for sending the log file. It includes a number of instances where a SAML authn request is sent twice (ie The pending SAML action ReceiveSamlResponse is being overridden).

This can lead to issues with the SAML response received from the IdP not matching the expected response as outlined below.

1. InitiateSsoAsync to create and send SAML authn request #1. Expect SAML response for #1.
2. InitiateSsoAsync to create and send SAML authn request #2. Now expect SAML response for #2.
3. IdP sends SAML response for #1.
4. ReceiveSsoAsync to receive and process the SAML response for #1.
5. Error as expecting SAML response for #2.

To avoid this issue, please ensure you don't call InitiateSsoAsync a second time.

You can call GetStatusAsync().IsSsoCompletionPending() to check whether a SAML response is pending.

Alternatively, disable the UI (eg button etc) that initiates SSO if this has already been done.
 

Regards
ComponentSpace Development
[email protected]
sid@thoughtfarmer.com
New Member
New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)

Group: Forum Members
Posts: 2, Visits: 13
ComponentSpace - 7/24/2021
Thanks for sending the log file. It includes a number of instances where a SAML authn request is sent twice (ie The pending SAML action ReceiveSamlResponse is being overridden).

This can lead to issues with the SAML response received from the IdP not matching the expected response as outlined below.

1. InitiateSsoAsync to create and send SAML authn request #1. Expect SAML response for #1.
2. InitiateSsoAsync to create and send SAML authn request #2. Now expect SAML response for #2.
3. IdP sends SAML response for #1.
4. ReceiveSsoAsync to receive and process the SAML response for #1.
5. Error as expecting SAML response for #2.

To avoid this issue, please ensure you don't call InitiateSsoAsync a second time.

You can call GetStatusAsync().IsSsoCompletionPending() to check whether a SAML response is pending.

Alternatively, disable the UI (eg button etc) that initiates SSO if this has already been done.
 

Hi,

Thanks for your prompt response. Could you please provide a code sample for using GetStatusAsync().IsSsoCompletionPending()? Eg: What would the appropriate response/redirect be in the scenario where it is true.

Regards,
Sid
ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
Hi Sid,

That depends on your application. If SSO was triggered by a user clicking a button, the button click event would call GetStatusAsync().IsSsoCompletionPending() to check if there’s a pending SSO and if there is it would most likely do nothing. Alternatively, it could display a message saying SSO is in progress.

Normally once the SSO flow starts, control will be immediately passed to the IdP’s website so the user won’t have an opportunity to initiate SSO again. However, it can occur if they use the back button etc.



Regards
ComponentSpace Development
GO


Similar Topics


Execution: 0.000. 2 queries. Compression Enabled.
Login
Existing Account
Email Address:


Password:


Select a Forum....












Forums, Documentation & Knowledge Base - ComponentSpace


Search