Closed talessio-mmehl closed 3 months ago
Could it be that there is no Issuer in the Saml Response? It is valid to not have an issuer if the signature is no the assertion level. However, this library (version 1-2) expects an issuer to be present.
To workaround you can override the GetIdentityProvider notification. The EntityId is in the dictionary so you can use that to get the right entry from the IdentityProviders collection.
Hi,
thanks for the response. I identified the root cause a bit more. Obviously, the issuer is mentioned in the assertion, but not directly in the response. Is there a more general approach to fix that issue?
Cheers, Michael
The issuer element is optional on the Saml response level, but the v1+v2 versions of this library requires it to be present. V3 (work in progress) only requires an issuer on the assertion. If the response is signed, the standard still requires an issuer on the response.
Hello,
we're currently working on an ASP.NET Core web app (.NET 8.0) and Sustainsys.Saml2 version 2.9.2 and Sustainsys.Saml2.AspNetCore2 2.9.2 nuget packages.
In Program.cs we have added:
Authentication requests are sent correctly, traces look good, however, after receiving back the SAML response, we receive this error:
How can we adjust this to get the correct mapping?
Cheers and thanks, Michael