By [email protected] - 8/29/2018
I'm in the process of setting up SAML on my ASP.NET Core Identity Server 4 project. I'm acting as the Service Provider and have utilized the ExampleIdentityProvider project in the samples folder to act as the IdP.
Everything's working as I would expect with the exception of the ".redirect" AuthenticationProperty which is constructed inside the HandleSsoAsync method of the SamlAuthenticationHandler.
The source of this method looks something like this:
authenticationProperties2.RedirectUri = this.GetLoginRedirectUrl(!ssoResult.IsInResponseTo ? ssoResult.RelayState : (string) null); authenticationProperties2.Items[".redirect"] = authenticationProperties2.RedirectUri;
The result of this is that the HandleSsoAsync method redirects to /Account/ExternalLogin?handler=Callback and the .redirect claim is assigned the same value. Essentially, I've lost access to the original RedirectUrl that came through in the RelayState (/api/values).
Does anyone have any pointers on this. It looks like a bug but I suspect its something I'm missing about the SP-init SSO flow with SAML.
|
By ComponentSpace - 8/29/2018
Please enable SAML trace at the SP and send the generated log file as an email attachment to [email protected], also mentioning your forum post. https://www.componentspace.com/Forums/7936/Enabling-SAML-Trace
|
|