ComponentSpace SAML SSO for ASP.NET and ASP.NET Core
Forums, Documentation & Knowledge Base - ComponentSpace
ComponentSpace

Forums



The pending SAML action is being overidden


The pending SAML action is being overidden

View Options
Author
Message
AdamMos
AdamMos
AdamMos
Posted Last Year
#12128
AdamMos
New Member
New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)

Group: Forum Members
Posts: 2, Visits: 4
SP Initiated SSO - "The pending SAML action is being overridden." (componentspace.com)

Hi,

We are facing the same issue as boyd98.
We have combed over the Service Web.Config/Saml.Config and they are the same, the IDP settings are the same the SAML assertion is the same, but it works for other case, for this case the page just gets stuck in an infinite loop and the log says that "this action is being overridden".

Will send the SAML Log to the email provided in the last post. 

Regards,
Adam
Reply
ComponentSpace
ComponentSpace
ComponentSpace
Posted Last Year
#12129
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.2K reputation)ComponentSpace Development (4.2K reputation)ComponentSpace Development (4.2K reputation)ComponentSpace Development (4.2K reputation)ComponentSpace Development (4.2K reputation)ComponentSpace Development (4.2K reputation)ComponentSpace Development (4.2K reputation)ComponentSpace Development (4.2K reputation)ComponentSpace Development (4.2K reputation)

Group: Administrators
Posts: 3.1K, Visits: 10K
Thanks for sending the log file.

Please note that the "pending SAML action is being overridden" is a debug message and doesn't necessarily indicate an error.

The log shows the following sequence:

1. SAMLServiceProvider.InitiateSLO is called to create and send a SAML logout request to the IdP.
2. SAMLServiceProvider.InitiateSSO is called to create and send a SAML authn request to the same IdP.

This results in the debug message you see as we're expecting to receive a SAML logout response.

If the sequence was the following, you wouldn't see this debug message:

1. SAMLServiceProvider.InitiateSLO is called to create and send a SAML logout request to the IdP.
2. SAMLServiceProvider.ReceiveSLO to receive and process the SAML logout response from the IdP.
3. SAMLServiceProvider.InitiateSSO is called to create and send a SAML authn request to the same IdP.

Make sure that your logout service endpoint calls SAMLServiceProvider.ReceiveSLO to receive and process the SAML logout response. This completes the SAML logout flow.

Once that completes, the user is able to again SSO to the IdP.

You can keep track of this state within your application. Alternatively, SAMLServiceProvider.IsSLOCompletionPending() returns true if a SAML logout response is pending.

 

Regards
ComponentSpace Development
Reply
AdamMos
AdamMos
AdamMos
Posted Last Year
#12130
AdamMos
New Member
New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)

Group: Forum Members
Posts: 2, Visits: 4
ComponentSpace - 6/23/2022
Thanks for sending the log file.

Please note that the "pending SAML action is being overridden" is a debug message and doesn't necessarily indicate an error.

The log shows the following sequence:

1. SAMLServiceProvider.InitiateSLO is called to create and send a SAML logout request to the IdP.
2. SAMLServiceProvider.InitiateSSO is called to create and send a SAML authn request to the same IdP.

This results in the debug message you see as we're expecting to receive a SAML logout response.

If the sequence was the following, you wouldn't see this debug message:

1. SAMLServiceProvider.InitiateSLO is called to create and send a SAML logout request to the IdP.
2. SAMLServiceProvider.ReceiveSLO to receive and process the SAML logout response from the IdP.
3. SAMLServiceProvider.InitiateSSO is called to create and send a SAML authn request to the same IdP.

Make sure that your logout service endpoint calls SAMLServiceProvider.ReceiveSLO to receive and process the SAML logout response. This completes the SAML logout flow.

Once that completes, the user is able to again SSO to the IdP.

You can keep track of this state within your application. Alternatively, SAMLServiceProvider.IsSLOCompletionPending() returns true if a SAML logout response is pending.

 

Yes. We noticed that too, the issue is we are calling SAMLServiceProvider.ReceiveSSO so it's not even clear to us why it's attempting an SLO, it doesn't get to anywhere that should trigger an SLO. Sorry I'm a newbie to this so if something else can trigger a Single Logout then please let me know. 
Reply
ComponentSpace
ComponentSpace
ComponentSpace
Posted Last Year
#12131
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.2K reputation)ComponentSpace Development (4.2K reputation)ComponentSpace Development (4.2K reputation)ComponentSpace Development (4.2K reputation)ComponentSpace Development (4.2K reputation)ComponentSpace Development (4.2K reputation)ComponentSpace Development (4.2K reputation)ComponentSpace Development (4.2K reputation)ComponentSpace Development (4.2K reputation)

Group: Administrators
Posts: 3.1K, Visits: 10K
The log shows SAMLServiceProvider.InitiateSLO is being called.

Please check your code. It's normally part of the logout sequence.

Perhaps breakpoint in your code or add some application logging wherever you call SAMLServiceProvider.InitiateSLO.

Regards
ComponentSpace Development
Reply
GO


Similar Topics


Post Quoted Reply
Execution: 0.000. 4 queries. Compression Enabled.
Login
Existing Account
Email Address:


Password:
Social Logins
Select a Forum....

Forums, Documentation & Knowledge Base - ComponentSpace

Search

Copyright © ComponentSpace Pty. Ltd. All rights reserved.

Jump To Page
Jump To Page