search

Sustainsys / Saml2

Saml2 Authentication services for ASP.NET
Other
960 stars 602 forks source link

Identity is being set, but still page show not authenticated #447

Closed bibhukdas closed 8 years ago

bibhukdas commented 8 years ago

Hi Team,

I am new to OKta and Kentor, and was trying out a POC using Kentor Git Code.

I have changed the Statup.auth.cs code to use okta single sign-on. and see that the identity is fetch correctly, but the page still comes up as not authenticated

`using System; using Microsoft.AspNet.Identity; using Microsoft.AspNet.Identity.Owin; using Microsoft.Owin; using Microsoft.Owin.Security.Cookies; using Microsoft.Owin.Security.Google; using Owin; using SampleOwinApplication.Models; using Kentor.AuthServices.Owin; using Kentor.AuthServices.Configuration; using System.IdentityModel.Metadata; using System.Globalization; using Kentor.AuthServices.Metadata; using Kentor.AuthServices; using Kentor.AuthServices.WebSso; using System.Security.Cryptography.X509Certificates; using System.Web.Hosting; using System.IdentityModel.Selectors; using System.IdentityModel.Tokens;

namespace SampleOwinApplication { public partial class Startup { // For more information on configuring authentication, please visit http://go.microsoft.com/fwlink/?LinkId=301864 public void ConfigureAuth(IAppBuilder app) { // Configure the db context, user manager and signin manager to use a single instance per request app.CreatePerOwinContext(ApplicationDbContext.Create); app.CreatePerOwinContext(ApplicationUserManager.Create); app.CreatePerOwinContext(ApplicationSignInManager.Create);

        // Enable the application to use a cookie to store information for the signed in user
        // and to use a cookie to temporarily store information about a user logging in with a third party login provider
        // Configure the sign in cookie
        //app.UseCookieAuthentication(new CookieAuthenticationOptions
        //{
        //    AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
        //    LoginPath = new PathString("/Account/Login"),
        //    Provider = new CookieAuthenticationProvider
        //    {
        //        // Enables the application to validate the security stamp when the user logs in.
        //        // This is a security feature which is used when you change a password or add an external login to your account.  
        //        OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>(
        //            validateInterval: TimeSpan.FromMinutes(30),
        //            regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager))
        //    }
        //});
        app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);

        app.UseKentorAuthServicesAuthentication(CreateAuthServicesOptions());
    }

    private static KentorAuthServicesAuthenticationOptions CreateAuthServicesOptions()
    {
        SPOptions spOptions = new SPOptions
        {
            AuthenticateRequestSigningBehavior = SigningBehavior.Never,
            EntityId = new EntityId("http://localhost:57294/AuthServices"),
            ReturnUrl = new Uri("http://localhost:57294/Home/Index")
        };
        var authServicesOptions = new KentorAuthServicesAuthenticationOptions(false)
        {
            SPOptions = spOptions,
            AuthenticationType = "okta",
            Caption = "Okta",
        };

        var idp = new IdentityProvider(new EntityId("http://www.okta.com/exk65mphudkXTxVBS0h7"), spOptions)
        {
            AllowUnsolicitedAuthnResponse = true,
            Binding = Saml2BindingType.HttpRedirect,
            LoadMetadata=true,
            MetadataLocation= "https://dev-618930.oktapreview.com/app/exk65mphudkXTxVBS0h7/sso/saml/metadata",
            SingleSignOnServiceUrl = new Uri("https://dev-618930.oktapreview.com/home/solarcitydev618930_mvcstore_1/0oa65mphueFhipsym0h7/aln65nn84sXwrZ52B0h7")
        };

        //idp.SigningKeys.AddConfiguredKey(
        //    new X509Certificate2(
        //        HostingEnvironment.MapPath(
        //            "~/App_Data/okta.cert")));

        authServicesOptions.IdentityProviders.Add(idp);

        // It's enough to just create the federation and associate it
        // with the options. The federation will load the metadata and
        // update the options with any identity providers found.
        //new Federation("http://localhost:57294/", true, authServicesOptions);

        return authServicesOptions;
    }
}

}` 1 2

Can someone please advise ?

AndersAbel commented 8 years ago

Don't comment out app.UseCookieAuthentication. See this blog post for an explanation of how external authentication works and why the cooke auth is needed.

bibhukdas commented 8 years ago

Thanks @AndersAbel Can I just use the kentor and okta based authentication, without local identity.. I am getting the response back now, but it has only the local identity and claims.

AndersAbel commented 8 years ago

See https://coding.abel.nu/2014/11/using-owin-external-login-without-asp-net-identity/

bibhukdas commented 8 years ago

Worked like a charm.

Thanks @AndersAbel :)

hmarcelodn commented 8 years ago

@bibhukdas did var loginInfo = await AuthenticationManager.GetExternalLoginInfoAsync(); work with okta?