Closed IhaleCMN closed 2 years ago
Update: after changing the EntityId to baseUrl + "/Saml2" I no longer get the 404 error. However Okta never redirects it just hangs on the log in animation. Examining the XML from the SAML panel Chrome extension it is getting a success but it never seems to redirect to anything. And instead it downloads an xml file..
The library is confirmed to work with .NET 5. This looks like a configuration issue.
There is also not any controller representing the /Saml2 endpoint - those are handled by the authentication handler.
@AndersAbel I don't see in the docs or examples how to set up the Authentication handler. In the old version we would pass it in and assign it like this
spOptions.SystemIdentityModelIdentityConfiguration.ClaimsAuthenticationManager = authManager;
but I no longer see that as an option.
Update: This is done in the DI you don't have to manually wire this up.
If anyone else stumbles down this path here was the issue that plagued us:
The old library allowed a custom path for Authentication Handler stuff (I think). in the code snippet above you will see this expectation we had as:
options.SPOptions.EntityId = new EntityId(baseUrl + "AuthServices/Acs");
But in reality that is mapping to Restricted Audience in Okta and can be set to anything as long as it matches in Okta. Doesn't have to be a URL, it can be Bannanaramma if you want. Just has to match.
What you do need to do is change the SSO URL in Okta to {Youraddress}/Saml2/Acs (ex. https://localhost:44383/Saml2/Acs) and then it will work correctly. This is in .Net Core 5 not sure if other environments experience this.
The Identity Provider Entity Id, I should note, does have to be the Identity "Provider Issuer:" value from Okta and can be found on the page that gives you the cert and SSO URL in Okta.
@IhaleCMN The ClaimsAuthenticationManager
belonged to System.IdentityModel which is only availabe in the 1.x versions that depend on that library. For 2.x, please use the AcsCommandResultCreated
notification instead.
I have only seen that there is support for .Net 3.x for this project. Using .Net 5 I am able to get the authentication to work but the SSO redirect url is not being mapped in the project. This results in a 404 error since the controller and action don't actually exist in the project.
Is support for .Net 5 upcoming or do you know of any work arounds that we could use in the mean time.
` var oktaConfig = builder.Configuration.GetSection("Okta");