Forums, Documentation & Knowledge Base - ComponentSpace

RelayState is overwritten by SamlAuthenticationHandler


https://www.componentspace.com/forums/Topic9181.aspx

By [email protected] - 8/29/2018

I'm in the process of setting up SAML on my ASP.NET Core Identity Server 4 project. I'm acting as the Service Provider and have utilized the ExampleIdentityProvider project in the samples folder to act as the IdP.

Everything's working as I would expect with the exception of the ".redirect" AuthenticationProperty which is constructed inside the HandleSsoAsync method of the SamlAuthenticationHandler.

The source of this method looks something like this:

authenticationProperties2.RedirectUri = this.GetLoginRedirectUrl(!ssoResult.IsInResponseTo ? ssoResult.RelayState : (string) null);
authenticationProperties2.Items[".redirect"] = authenticationProperties2.RedirectUri;

The result of this is that the HandleSsoAsync method redirects to /Account/ExternalLogin?handler=Callback and the .redirect claim is assigned the same value. Essentially, I've lost access to the original RedirectUrl that came through in the RelayState (/api/values).

Does anyone have any pointers on this. It looks like a bug but I suspect its something I'm missing about the SP-init SSO flow with SAML.

By ComponentSpace - 8/29/2018

Please enable SAML trace at the SP and send the generated log file as an email attachment to [email protected], also mentioning your forum post.
https://www.componentspace.com/Forums/7936/Enabling-SAML-Trace