search

Sustainsys / Saml2

Saml2 Authentication services for ASP.NET
Other
940 stars 606 forks source link

404 when trying to obtain metadata from /Saml2 #1410

Closed dgates82 closed 9 months ago

dgates82 commented 9 months ago

I am trying to get the metadata to provide to my IDP for registration by going to https://localhost:44344/Saml2, but I always get a 404.

I've reviewed the question here: https://github.com/Sustainsys/Saml2/issues/1262 which had the same symptom, however, I am using "/Saml2" in the correct case.

I copied the configuration from the sample found here: https://github.com/Sustainsys/Saml2.Samples/tree/main/v2/AspNetCore

I was originally trying on an asp.net core MVC project, but I have since created a Razor Pages project to mirror the sample as closely as possible, but still receive the same 404.

Using Sustainsys.Saml2.AspNetCore2 2.9.2 package

Here is my current configuration in program.cs (with idp settings removed for security)

var builder = WebApplication.CreateBuilder(args);

// Add services to the container.
builder.Services.AddRazorPages();

builder.Services.AddAuthentication(opt =>
{
    opt.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
    opt.DefaultChallengeScheme = Saml2Defaults.Scheme;
})
.AddCookie()
.AddSaml2(opt =>
{                
    opt.SPOptions.EntityId = new EntityId("https://localhost:44344/Saml2");                                
    opt.SPOptions.ServiceCertificates.Add(new X509Certificate2("Sustainsys.Saml2.Tests.pfx"));                                
    opt.IdentityProviders.Add(new IdentityProvider(                    
        new EntityId("RemovedForSecurity"),
        opt.SPOptions)
    {                    
        LoadMetadata = true,
        MetadataLocation = "RemovedForSecurity" 
    });
});

var app = builder.Build();

// Configure the HTTP request pipeline.
if (!app.Environment.IsDevelopment())
{
    app.UseExceptionHandler("/Error");
    // The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
    app.UseHsts();
}

app.UseHttpsRedirection();
app.UseStaticFiles();

app.UseRouting();

app.UseAuthorization();

app.MapRazorPages();

app.Run();
AndersAbel commented 9 months ago

app.UseAuthentication() is missing. It should go right before app.UseAuthorization().

dgates82 commented 9 months ago

I just found that in another thread. Trying now. Thanks!

dgates82 commented 9 months ago

And that was it... 🤦‍♂️

dgates82 commented 9 months ago

Closing