madjufra
commented
3 years ago So I had another look at this and found some more information
I think the problem lies in the fact that the entityid is different from the metadata location.
Our setup initializes the IDP like this:
var idp = new IdentityProvider(new EntityId(provider.EntityId), options.SPOptions) { LoadMetadata = true, MetadataLocation = provider.MetadataLocation, };
And the provider.EntityId is different from the provider.Metadatalocation.
The documentation strongly suggest that those should be the same, but for reasons unknown to me they are not. I would expect it to load the metadata from the provided metadatalocation, but what happens is it actually uses the EntityId and that gives nothing in return, which is why we get a parser error on the xml.
So the xml is actually valid, it is just not being loaded from the correct location.
Are we doing something wrong?
explunit
Gwergilius
Non Security Issues
Information needed
What is the expected behavior? When loading valid metadata xml it does not work.
What happens instead. In the case of an exception, this includes the exception typ, complete exception message (personal information may be redacted) and a stack trace.
When loading metadata xml from the following url:
https://belden-test-dam.digizuite.com/meta/metadata.xml
The sustainsys library throws the below exception
6/7/2021 2:00:31 PM [0551f1] [c9e012] Error Request failed: The data at the root level is invalid. Line 1, position 1. { "exceptionMessage": "The data at the root level is invalid. Line 1, position 1." } System.Xml.XmlException: The data at the root level is invalid. Line 1, position 1. at System.Xml.XmlExceptionHelper.ThrowXmlException(XmlDictionaryReader reader, String res, String arg1, String arg2, String arg3) at System.Xml.XmlUTF8TextReader.Read() at Sustainsys.Saml2.Metadata.FilteringXmlDictionaryReader.Read() at System.Xml.XmlReader.MoveToContent() at System.Xml.XmlReader.IsStartElement(String localname, String ns) at Sustainsys.Saml2.Metadata.MetadataSerializer.ReadMetadataCore(XmlReader reader, SecurityTokenResolver tokenResolver) at Sustainsys.Saml2.Metadata.MetadataSerializer.ReadMetadata(XmlReader reader, SecurityTokenResolver tokenResolver) at Sustainsys.Saml2.Metadata.MetadataSerializer.ReadMetadata(XmlReader reader) at Sustainsys.Saml2.Metadata.MetadataLoader.Load(XmlDictionaryReader reader) at Sustainsys.Saml2.Metadata.MetadataLoader.Load(String metadataLocation, IEnumerable1 signingKeys, Boolean validateCertificate, String minIncomingSigningAlgorithm) at Sustainsys.Saml2.Metadata.MetadataLoader.LoadIdp(String metadataLocation, Boolean unpackEntitiesDescriptor) at Sustainsys.Saml2.IdentityProvider.DoLoadMetadata() at Sustainsys.Saml2.IdentityProvider.set_LoadMetadata(Boolean value) at LoginService.Startup.<>c_DisplayClass11_0.<SetupSaml2>b_0(Saml2Options options) in C:\BuildAgent\work\9e2bcdf0585101e4\apps\LoginService\Startup.cs:line 176 at Microsoft.Extensions.Options.ConfigureNamedOptions1.Configure(String name, TOptions options) at Microsoft.Extensions.Options.OptionsFactory1.Create(String name) at Sustainsys.Saml2.AspNetCore2.Saml2Handler.<>c_DisplayClass7_0.<InitializeAsync>b_0() at System.Lazy1.ViaFactory(LazyThreadSafetyMode mode) — End of stack trace from previous location where exception was thrown — at System.Lazy1.CreateValue() at Sustainsys.Saml2.AspNetCore2.Saml2Handler.InitializeAsync(AuthenticationScheme scheme, HttpContext context) at Microsoft.AspNetCore.Authentication.AuthenticationHandlerProvider.GetHandlerAsync(HttpContext context, String authenticationScheme) at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context) at Swashbuckle.AspNetCore.SwaggerUI.SwaggerUIMiddleware.Invoke(HttpContext httpContext) at Swashbuckle.AspNetCore.Swagger.SwaggerMiddleware.Invoke(HttpContext httpContext, ISwaggerProvider swaggerProvider) at Prometheus.HttpMetrics.HttpRequestDurationMiddleware.Invoke(HttpContext context) at Prometheus.HttpMetrics.HttpRequestCountMiddleware.Invoke(HttpContext context) at Prometheus.HttpMetrics.HttpInProgressMiddleware.Invoke(HttpContext context) at Digizuite.Logging2.LogClient.LoggerRequestMiddleware.InvokeAsync(HttpContext context, RequestDelegate next) in C:\BuildAgent\work\9e2bcdf0585101e4\Libs\LogClient\LoggerRequestMiddleware.cs:line 47 6/7/2021 2:00:31 PM [1e43bf] [3f9d70] Error Connection ID "1657324677367862983", Request ID "800090f1-0003-1700-b63f-84710c7967bb": An unhandled exception was thrown by the application. {} at Microsoft.AspNetCore.Server.IIS.Core.IISHttpContext.Log.ApplicationError(ILogger logger, String connectionId, String traceIdentifier, Exception ex) at Microsoft.AspNetCore.Server.IIS.Core.IISHttpContextOfT1.ProcessRequestAsync() at Microsoft.AspNetCore.Server.IIS.Core.IISHttpContext.HandleRequest() at Microsoft.AspNetCore.Server.IIS.Core.IISHttpContext.Execute() at System.Threading.ThreadPoolWorkQueue.Dispatch()I cannot understand why this happens. I have tried the following:
I am running out of ideas here.
The XML is valid, but apparently this library does not think so.
What am I doing wrong?