ComponentSpace

Forums



CanSLO in service provider returning false, after successful authentication from IDP.


CanSLO in service provider returning false, after successful...

Author
Message
prasadrao
prasadrao
New Member
New Member (6 reputation)New Member (6 reputation)New Member (6 reputation)New Member (6 reputation)New Member (6 reputation)New Member (6 reputation)New Member (6 reputation)New Member (6 reputation)New Member (6 reputation)

Group: Awaiting Activation
Posts: 4, Visits: 21
I have successfully authenticated ffrom IDP, after successfull authentication, I clicked on my logout button and iam trying to logout from IDP.
Iam calling to check the SLO status, It is returning false on first time click, on the second click it is returning true. and SLO is getting executed.

ComponentSpace.SAML2.SAMLServiceProvider.CanSLO(WebConfigurationManager.AppSettings["partnerIdP"].ToString())  is returning false, when iam trying to logout.
ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
If you're using a version earlier than 3.0.0, make sure you're not clearing or abandoning the ASP.NET session as part of logout.
If there's still an issue, please enable SAML trace and send the generated log file as an email attachment to [email protected] mentioning your forum post.
https://www.componentspace.com/Forums/17/Enabing-SAML-Trace


Regards
ComponentSpace Development
prasadrao
prasadrao
New Member
New Member (6 reputation)New Member (6 reputation)New Member (6 reputation)New Member (6 reputation)New Member (6 reputation)New Member (6 reputation)New Member (6 reputation)New Member (6 reputation)New Member (6 reputation)

Group: Awaiting Activation
Posts: 4, Visits: 21
after putting the trace file, I am getting below log message.

10652/9: 04-12-2018 16:14:49: Checking if the partner identity provider http://localhost:51801 has successfully completed SSO and also supports SLO.
10652/9: 04-12-2018 16:14:49: Service provider session (1089cd33-3f8c-4cc8-a9d6-9d9c679c04bf) state:
10652/9: 04-12-2018 16:14:49: SLO to the partner identity provider http://localhost:51801 cannot occur.
ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
The service provider session state is empty. That explains why CanSLO is returning false.
Either a new session was created (ie new browser session) or the existing session was cleared or abandoned.
If you email the entire log file I can confirm this but that looks like the case from what you've sent.

Regards
ComponentSpace Development
ahmad1357
ahmad1357
New Member
New Member (36 reputation)New Member (36 reputation)New Member (36 reputation)New Member (36 reputation)New Member (36 reputation)New Member (36 reputation)New Member (36 reputation)New Member (36 reputation)New Member (36 reputation)

Group: Forum Members
Posts: 14, Visits: 71
ComponentSpace - 12/4/2018
The service provider session state is empty. That explains why CanSLO is returning false.
Either a new session was created (ie new browser session) or the existing session was cleared or abandoned.
If you email the entire log file I can confirm this but that looks like the case from what you've sent.

I also have the same issue. can you help me with that?
ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
Please enable SAML trace and send the generated log file as an email attachment to [email protected] mentioning your forum post.
https://www.componentspace.com/Forums/17/Enabing-SAML-Trace

Regards
ComponentSpace Development
ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
We use a SAML session cookie to support the SAML protocol and maintain SAML session state.
This state includes whether SAML SSO has completed and therefore SLO is possible.
By default this cookie is marked as secure.
The log includes:
"The SAML session cookie is marked as secure but the protocol is not HTTPS."
As HTTPS isn't being used, the browser is not returning the cookie and therefore we’ve lost track of the SAML session state.
The best option is to use HTTPS for all communications.
Alternatively, specify that the SAML session cookie shouldn’t be marked as secure.


using ComponentSpace.SAML2.Data;

protected void Application_Start(object sender, EventArgs e)
{
  SessionIDDelegates.SecureSAMLCookie = false;
}





Regards
ComponentSpace Development
ahmad1357
ahmad1357
New Member
New Member (36 reputation)New Member (36 reputation)New Member (36 reputation)New Member (36 reputation)New Member (36 reputation)New Member (36 reputation)New Member (36 reputation)New Member (36 reputation)New Member (36 reputation)

Group: Forum Members
Posts: 14, Visits: 71
ComponentSpace - 3/11/2019
We use a SAML session cookie to support the SAML protocol and maintain SAML session state.
This state includes whether SAML SSO has completed and therefore SLO is possible.
By default this cookie is marked as secure.
The log includes:
"The SAML session cookie is marked as secure but the protocol is not HTTPS."
As HTTPS isn't being used, the browser is not returning the cookie and therefore we’ve lost track of the SAML session state.
The best option is to use HTTPS for all communications.
Alternatively, specify that the SAML session cookie shouldn’t be marked as secure.


using ComponentSpace.SAML2.Data;

protected void Application_Start(object sender, EventArgs e)
{
  SessionIDDelegates.SecureSAMLCookie = false;
}




Thanks now it's working.
ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
You're welcome.

Regards
ComponentSpace Development
Charaka
Charaka
New Member
New Member (8 reputation)New Member (8 reputation)New Member (8 reputation)New Member (8 reputation)New Member (8 reputation)New Member (8 reputation)New Member (8 reputation)New Member (8 reputation)New Member (8 reputation)

Group: Forum Members
Posts: 6, Visits: 63
Hi Support,

We got the same problem of CanSLO is returning false. seems like SAML session is missing when try to logout. we don't abord asp.net session before logout. how can we get fix this?

i will send the SAML trace file to [email protected]

Thanks,
Charaka
GO


Similar Topics


Execution: 0.000. 2 queries. Compression Enabled.
Login
Existing Account
Email Address:


Password:


Select a Forum....












Forums, Documentation & Knowledge Base - ComponentSpace


Search