Closed mjorrens1 closed 2 years ago
The solution to this problem turned out to be a security protocol issue.
In web.config for the SampleHttpModuleApplication, there is this line:
<system.web>
<httpRuntime targetFramework="4.5"/>
When using any framework less than or equal to 4.5, the System.Net.ServicePointManager.SecurityProtocol is set to SSL3 or TLS. Communicating with the OKTA metadata requires a minimum of TLS1.2 which was causing the failure when reading data from the WebClient. To correct the problem, you can set the protocol by doing this:
System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls12;
Or, you can simply target a framework > 4.5 in web.config which will target all of the available TLS protocols:
<system.web>
<httpRuntime targetFramework="4.6"/>
Hi @mjorrens1 , Could I have mail / discord / whatever contact with You? I'm trying to integrate OKTA and SAML by sustainsys but I'm totally new in that and don't understand some things.. It will be very helpful for me.. is there possibility for that?
I am working with a recent copy of the Sustainsys.Saml2 solution.
I have the following configured for the SampleAspNetCore2 example and it works fine:
Now, in the SampleHttpModuleApplication, I have the same general configuration with two providers now.
The application loads the metadata properly in method private static MetadataBase Load via the line using (var stream = client.OpenRead(metadataLocation)) for the first IdP (https://stubidp.sustainsys.com)
On loading the metadata for 2nd identity provider (http://www.okta.com/exk2heu5ncFkQedHp5d7) the line using (var stream = client.OpenRead(metadataLocation)) crashes with the error:
So the questions/comments are:
I am implementing Saml2 for a legacy WebForms application and the new version based upon Blazor so I need to get both the HttpModule and AspNetCore modules to work the same way.