Gillardo
commented
3 years ago Any news on this please?
Closed Gillardo closed 3 years ago
Gillardo
commented
3 years ago Any news on this please?
explunit
commented
3 years ago Have you traced the cookie set during the initiation of the login flow and verified that it is being successfully sent back to your server in the Acs request? Cookie handling has become more difficult lately with Chrome and their SameSite restrictions, e.g. for non-SSL such as localhost.
Gillardo
commented
3 years ago Can see here that the calls seem fine. The one in red is the one that is reporting the error and that is to the saml2/acs route
The details of the one in red looks fine ? ( i have blanks out the idP as its our customers url)
explunit
commented
3 years ago Have you checked the cookies related to those requests? I find that the Chrome dev tools options for showing blocked cookies can sometimes be helpful:
There is a Saml2.xxxxx cookie written when the sign-on sequence starts, and you should see it in ACS request. If you don't, then that's the cause of the error.
Gillardo
commented
3 years ago On the original signOn request, i can see the cookie
But i cannot see this anywhere else in a response or request when Acs is called....
Acs request
How can i fix this?
I am only doing this to make sure that the querystring that i have put in my signon call is passed back after the signon is done.
[HttpGet]
[Route("SignOn")]
public ActionResult SignOn([FromQuery] string clientId)
{
// Request a redirect to the external login provider.
var provider = "Saml2";
var redirectUrl = Url.Action(nameof(SignOnCallback), "Saml", new { ReturnUrl = "" });
var properties = _signInManager.ConfigureExternalAuthenticationProperties(provider, redirectUrl);
properties.SetParameter("clientId", clientId);
return new ChallengeResult(provider, properties);
}I am guessing that where i set the clientId above, this is available here when the callback comes back??
[HttpGet]
public async Task<IActionResult> SignOnCallback(string returnUrl = null, string remoteError = null)
{
var loginInfo = await _signInManager.GetExternalLoginInfoAsync();
if (loginInfo == null)
return new BadRequestResult();
var username = loginInfo.ProviderKey;
// IS THIS CORRECT?
var clientId = loginInfo.AuthenticationProperties.GetParameter<string>("clientId");
var token = await _tokenService.SsoAsync(clientId, user);
}You can see the cookie alert in the first screenshot showing that SameSite on non-SSL is going to be blocked later.
The easiest solution is probably to run SSL even on localhost so that it's a better simulation of what you're running in production.
Gillardo
commented
3 years ago Is this the correct way to pass something to the callback though? See above i want to pass the clientId
Gillardo
commented
3 years ago Right, i have done that and set to use https, that is all fine. But how come my AuthenticationProperties of clientId is not passed back?
Gillardo
commented
3 years ago Never mind, i added it to Items and works
Information needed
What nuget packages are you using
<PackageReference Include="Sustainsys.Saml2.AspNetCore2" Version="2.7.0" />What is the expected behaviour Not to get the error message and to login normal.
What happens instead. In the case of an exception, this includes the exception type, complete exception message (personal information may be redacted) and a stack trace.
I am getting this error message.
I have set this up on live and its working fine. But this seems to happen when i am running it locally on my machine using localhost:5000 (
dotnet run)No idea what it is
Additional info
Please include using
net5