AndersAbel
commented
4 years ago What do you get in the logs? If there's a 500 response there should be an exception logged.
Closed thdbased closed 2 years ago
AndersAbel
commented
4 years ago What do you get in the logs? If there's a 500 response there should be an exception logged.
thdbased
commented
4 years ago Thx for the response, that would indeed be something we will look at. We'll have to enable our Saml logger first though. Just wanted to see if anything comes to mind yet with the provided information. My thoughts were if the cookie wasn't passed, it would fail, so I was thinking why isn't it passed.
AndersAbel
commented
4 years ago When you say "Idp" is that Idp initiated? In that case there is no cookie.
thdbased
commented
4 years ago You are right indeed, anything else comes to mind as what could be the difference between the one working and the other not? Would be strange that we would have to make changes on our part if SP works fine.
p.s.: Will get the logs as well.
AndersAbel
commented
4 years ago Check the logs. The answer is in there. With Asp.Net Core, you do not have to do anything specific - the logs are wired up automatically to write to the Asp.Net Core logging system.
thdbased
commented
4 years ago Found this one? Could this be the problem? https://github.com/Sustainsys/Saml2/issues/1030 . We are definitely using GetExternalLoginInfoAsync. Again will check the logs when I get a chance.
thdbased
commented
4 years ago I have the logs @AndersAbel , we can spot this
info: Microsoft.AspNetCore.Hosting.Internal.WebHost[1] Request starting HTTP/2.0 POST https://xxxxx/signin-xxxa/Acs application/x-www-form-urlencoded 10235 info: Microsoft.AspNetCore.Cors.Infrastructure.CorsService[5] CORS policy execution failed. info: Microsoft.AspNetCore.Cors.Infrastructure.CorsService[6] Request origin xxxx does not have permission to access the resource.
Rings any bells?
AndersAbel
commented
4 years ago I have the logs @AndersAbel , we can spot this
info: Microsoft.AspNetCore.Hosting.Internal.WebHost[1] Request starting HTTP/2.0 POST https://xxxxx/signin-xxxa/Acs application/x-www-form-urlencoded 10235 info: Microsoft.AspNetCore.Cors.Infrastructure.CorsService[5] CORS policy execution failed. info: Microsoft.AspNetCore.Cors.Infrastructure.CorsService[6] Request origin xxxx does not have permission to access the resource.
Rings any bells?
No, those logs are not related to the Saml2 processing. You need to find the logs from the Saml2 library.
If you want more in depth help, please mail me at anders@sustainsys.com for info on commercial support options.
Hello,
We have an issue with an Idp triggered Saml authentication request using Okta as a provider (Sp works fine). When comparing the requests made to /Acs (POST) we can see that the cookie doesn't seem to be sent with the request, which leads to a 500 response.
Configuration Okta Saml provider AllowUnsolicitedAuthnResponse = true Haven't tried RelayStateUsedAsReturnUrl yet, as we don't have a relay state returned, when it's not working. Asp.net core 2.0 Sustainsys.Saml2.AspNetCore2 2.6.0
Working (SP)
Not working (Idp)
Failing POST