Closed nreddipalle closed 3 years ago
It looks like its failing here: https://github.com/i8beef/SAML2/blob/master/src/SAML2/State/SessionStateService.cs#L41
Note thats in the Session based state storage, which I moved away from some time ago as default. The CacheStateService ended up being more reliable once some of the extra Cookie security options got turned on in browsers by default. Or are you running an old version?
Do you want me to try with the new version? the same dll is working fine with other URL like
<saml2>
<allowedAudienceUris>
<audience uri="https://URL1/" />
</allowedAudienceUris>
<serviceProvider id="https://URL1/" server="https://URL1/">
<signingCertificate findValue="0A6157784F3DD0157475C5CE09CEB98534739338" storeLocation="CurrentUser" storeName="My" x509FindType="FindByThumbprint" />
<endpoints>
<endpoint index="0" localPath="/SAML/Login.ashx" redirectUrl="/login" type="SignOn" />
<endpoint index="1" localPath="/SAML/Metadata.ashx" type="Metadata" />
</endpoints>
</serviceProvider>
<identityProviders metadata="D:\home\site\wwwroot\saml_metadata">
<add allowUnsolicitedResponses="true" default="true" id="http://idp.com/adfs/services/trust" omitAssertionSignatureCheck="true">
<certificateValidations>
<add type="SAML2.Specification.SelfIssuedCertificateSpecification, SAML2" />
</certificateValidations>
</add>
</identityProviders>
<actions>
<clear />
<action name="SetSamlPrincipal" type="SAML2.Actions.SamlPrincipalAction, SAML2" />
<action name="FormsAuthentication" type="Klick.Intranet.Web.SAMLFormsAuthenticationHandler, Klick.Intranet.Web" />
<action name="Redirect" type="SAML2.Actions.RedirectAction, SAML2" />
</actions>
</saml2>
but not with another URL
<saml2>
<allowedAudienceUris>
<audience uri="https://dryrun.URL1.com/" />
</allowedAudienceUris>
<serviceProvider id="https://dryrun.URL1.com/" server="https://dryrun.URL1.com/">
<signingCertificate findValue="0A6157784F3DD0157475C5CE09CEB98534739338" storeLocation="CurrentUser" storeName="My" x509FindType="FindByThumbprint" />
<endpoints>
<endpoint index="0" localPath="/SAML/Login.ashx" redirectUrl="/login" type="SignOn" />
<endpoint index="1" localPath="/SAML/Metadata.ashx" type="Metadata" />
</endpoints>
</serviceProvider>
<identityProviders metadata="D:\home\site\wwwroot\saml_metadata">
<add allowUnsolicitedResponses="true" default="true" id="http://idp.com/adfs/services/trust" omitAssertionSignatureCheck="true">
<certificateValidations>
<add type="SAML2.Specification.SelfIssuedCertificateSpecification, SAML2" />
</certificateValidations>
</add>
</identityProviders>
<actions>
<clear />
<action name="SetSamlPrincipal" type="SAML2.Actions.SamlPrincipalAction, SAML2" />
<action name="FormsAuthentication" type="Klick.Intranet.Web.SAMLFormsAuthenticationHandler, Klick.Intranet.Web" />
<action name="Redirect" type="SAML2.Actions.RedirectAction, SAML2" />
</actions>
</saml2>
I am using the same federation metadata.xml file.. trying to understand what part is lacking which is causing an object reference exception. I see that ReturnURL is coming fine as part of SAML/Login.ashx API request.
I think I overcome this error after using the latest dll file..
Glad to hear it. It may have indeed been that cookie issue that the new version switches to using cache instead of session then. A few months back the rules for how cookies get sent changed so that they don't get sent anymore if the referring site wasn't the same... which is kinda how SAML works with a POST binding. The new version allowed us to use our own cookie instead of relying on the session cookie that no longer comes through.
This old sessionState approach was left in for people who still wanted to use the old way by changing their global site session cookie settings.
@i8beef I see this error now post login with the latest dll
The error code is actually confusing there as it isn't logging the actual status VALUE, but basically the response from your IDP for the initial auth request is telling you something failed. You'll have to debug into this / look at your IDP logs to see what it doesn't like.
@i8beef I am receiving this error and unable to figure out the issue..