ComponentSpace

Forums



Get isInResponseTo before calling SAMLServiceProvider.ReceiveSSO


Get isInResponseTo before calling SAMLServiceProvider.ReceiveSSO

Author
Message
dmitry.karabanovich
dmitry.karabanovich
New Member
New Member (20 reputation)New Member (20 reputation)New Member (20 reputation)New Member (20 reputation)New Member (20 reputation)New Member (20 reputation)New Member (20 reputation)New Member (20 reputation)New Member (20 reputation)

Group: Forum Members
Posts: 13, Visits: 101
Hello ComponentSpace, 
There is the next situation: our application acts as SP with a multi-tenancy structure and we would like to support both SP-initiated and IdP-initiated SSO. In the case with SP-initiated we do not have any issues as SAMLController.ConfigurationID is set up before SAMLServiceProvider.InitiateSSO and stay the same after receiving SSO Response. But there is an issue with IdP-initiated as we do not know how to get the needed ConfigurationID. I checked "Configuration Documentation" and found several solutions:
• Separate subdomain names for each tenant - not applicable for us as we do not have subdomains
• Query string parameter - possible solution but as we allow to use the same IdP configuration across different tenants it is not possible to say IdP what exact tenant name should be sent with response as one IdP could access different tenants
• Special HTTP headers or cookies - the same thing as for previous one
• IP address ranges - not applicable for us


So, we decide to show users a page after receiving IdP response (in case of IdP-initiated flow) where they will choose what tenant they would like to access. In this case, we need to know whether it is IdP-initiated or SP-initiated flow before trying to read SSO Response. Could you please say whether it is possible to Get isInResponseTo before calling SAMLServiceProvider.ReceiveSSO or you could advise any other possible solutions.

Best Regards
Dmitry
ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
Hi Dmitry,

The isInResponseTo output parameter isn't available until after the call to SAMLServiceProvider.ReceiveSSO returns.

However, you can call SAMLServiceProvider.IsSSOCompletionPending(), prior to calling SAMLServiceProvider.ReceiveSSO, to determine whether this is IdP-initiated or SP-initiated SSO.

SAMLServiceProvider.IsSSOCompletionPending() returns true if this is SP-initiated SSO (ie there's been a previous call to SAMLServiceProvider.InitiateSSO). It returns false if this is IdP-initiated SSO.


Regards
ComponentSpace Development
dmitry.karabanovich
dmitry.karabanovich
New Member
New Member (20 reputation)New Member (20 reputation)New Member (20 reputation)New Member (20 reputation)New Member (20 reputation)New Member (20 reputation)New Member (20 reputation)New Member (20 reputation)New Member (20 reputation)

Group: Forum Members
Posts: 13, Visits: 101
ComponentSpace - 10/26/2021
Hi Dmitry,

The isInResponseTo output parameter isn't available until after the call to SAMLServiceProvider.ReceiveSSO returns.

However, you can call SAMLServiceProvider.IsSSOCompletionPending(), prior to calling SAMLServiceProvider.ReceiveSSO, to determine whether this is IdP-initiated or SP-initiated SSO.

SAMLServiceProvider.IsSSOCompletionPending() returns true if this is SP-initiated SSO (ie there's been a previous call to SAMLServiceProvider.InitiateSSO). It returns false if this is IdP-initiated SSO.

Great, thank you for the response!
ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
You're welcome.

Regards
ComponentSpace Development
GO


Similar Topics


Execution: 0.000. 1 query. Compression Enabled.
Login
Existing Account
Email Address:


Password:


Select a Forum....












Forums, Documentation & Knowledge Base - ComponentSpace


Search