search

Sustainsys / Saml2

Saml2 Authentication services for ASP.NET
Other
960 stars 602 forks source link

GetExternalLoginInfoAsync is null #543

Closed KalyaniVishnu closed 8 years ago

KalyaniVishnu commented 8 years ago

Hi, I am using Okta as Identity Provider using SAML 2.0 Protocol. I am using Kentor.Authservices to connect to Okta sing MVC Owin middleware.

 Below are the configuration I did to connect to Okta.

      var authServicesOktaOptions = new KentorAuthServicesAuthenticationOptions(false)
        {
            SPOptions = new SPOptions
            {
                AuthenticateRequestSigningBehavior = SigningBehavior.Never,
                EntityId = new EntityId("http://Core/Account/ExternalLoginCallback"),
                ReturnUrl = new Uri("http://Core/Account/ExternalLoginCallback"),
            },
            AuthenticationType = "okta-oan",
            Caption = "Login With ITG",
            SignInAsAuthenticationType = DefaultAuthenticationTypes.ExternalCookie,
        };

        var idpOkta = new IdentityProvider(new EntityId("http://www.okta.com/exk2bm6xe5eT3jQkN1t6"), authServicesOktaOptions.SPOptions)
        {
            LoadMetadata = true,
            MetadataLocation = "https://<CompanyName>.okta.com/app/exk2bm6xe5eT3jQkN1t6/sso/saml/metadata",
        };

Findings

(1) I noticed after adding AuthenticationType as 'okta-oan' and run the application I saw AuthenticationChallengeResponse one of the attribute AuthenticationType: 'okta-oan', and saw the AuthenticationResponseGrant and AuthenticationResponseInvoke and can able to see the claims under AuthenticationResponseGrant. But after the first execution when I run immediately for the second time I cannot see any data for AuthenticationChallengeResponse, Grant or Invoke. Tried again after restarting the machine, restart IIS, clear the cache cookies. But still no response.

(2)

In Chrome and Firefox installed SAML Tracer and analyzed the request and response. I can see the SAML Request and SAML Response for the corresponding SAML RequestID with email
id as claim when click on the ExternalLoginCallBack URL get's called and execution completed. The moment it hits ExternalLoginCallBack function the I cannot see any external cookies under resources. Followed this link https://github.com/KentorIT/authservices/issues/289 to debug the middleware and I cannot find AuthenticationResponseGrant.

(3)

Tried to install the Kentor.OwinCookieSaver, but it is saying unable to install in .Net framework 4.5.1.

Let me know for any more informations.

Please can you help on this issue.

Regards, Vishnu

OktaConfiguration.txt SAMLRequest.txt

AndersAbel commented 8 years ago

This case is too complex too be handled as a simple github issue.

himalpatel81 commented 6 years ago

I'm hitting the same exact error. and stretching my head for 2 days :( Appreciate any help with this.

AndersAbel commented 6 years ago

Check if the ExternalCookie is really set. See https://coding.abel.nu/2014/06/understanding-the-owin-external-authentication-pipeline/ for overview of external auth. It might be a cookie monster issue https://coding.abel.nu/2014/11/catching-the-system-webowin-cookie-monster/

denisedelbando commented 3 years ago

i have the same issue. Works on MiniOrange SSO and if working locally using https://www.miniorange.com/ but when i moved the project to our UAT server with client's SSO, I am getting the same issue.