Closed Bal000 closed 4 years ago
Bal000
commented
5 years ago I can also see that the AuthRequest and AuthResponse differs in some sections.
Can these values break the SAML process somehow?
Thanks!
i8beef
commented
5 years ago See #20, SHA256 is not supported with this library. Unfortunately, that change will require someone with an actual setup that can test the change. Unfortunately, I no longer have an environment to maintain the project, so that story is waiting for some enterprising individual that needs it to pick it up and put in a PR.
Bal000
commented
5 years ago Ok, I see!
Do you think that is the issue? I mean shouldn't break then, because sha256 is not supported? Right now I see the response (Request.Params["SAMLresponse"]) in to my controller, but later down the chain in the "Handle" method of the SingOnHandler Request.Params["SAMLResponse"] is empty.
So the Handle method defaults to doing a new AuthRequest instead. Why is that?
I can change so that the IDP sends sha-1 instead.
I really appreciate your fast response! Thanks I8beef!
i8beef
commented
5 years ago Its probably one of your issues.
The signon handler assumes if there is no SAML response, that you are hitting it to initiate a new auth handshake (i.e., if you want to login, you redirect the user's browser to the signon handler endpoint and it kicks off the login process, redirects to IDP where you login, it redirects BACK to the SignOn handler endpoint with a response, and then the SignOn handler auths and redirects the users browser to the specified redirectUrl).
How do you have a controller in the middle of that though? The IDP should be sending the response back to the SignOn handler endpoint, not one of your controllers.
i8beef
commented
4 years ago Closing as stale.
Hi!
I have a problem with handling the AuthResonse from the IDP. When the IDP redirects the AuthResponse to the AssertionConsumerServiceUrl in my api it contains the AuthResponse. But when the signOnHandler starts processing the request (Handle method) the SAMLresponse is gone, so its creates a new AuthRequest instead and send that back to the IDP. And this is just repeating over and over in a never ending loop.
In my AssertionConsumerServiceUrl endpoint I just have this line to make the signOnHandler process the response:
public ActionResult SignIn() { return Redirect("~/Login.ashx"); }If it is to any help the action that starts the flow by creating the AuthRequest looks like this:
public ActionResult Login() { return Redirect("~/Login.ashx"); }Am I missing something? I couldn't find any examples of how to implement this in a MVC Controller. I have clearly miss configured something in my controller or web.config.
Any help would be highly appreciated.
Thanks in advance
/Daniel