search

i8beef / SAML2

Other
88 stars 43 forks source link

SAML SignOn Error #66

Closed nreddipalle closed 3 years ago

nreddipalle commented 3 years ago

I am constantly getting a bounce back error during login with these two status code repeated.. Here are my stats for Responder/Success Trips 1-6 urn:oasis:names:tc:SAML:2.0:status:Success Trips 7-8 urn:oasis:names:tc:SAML:2.0:status:Responder Trips 9-13 urn:oasis:names:tc:SAML:2.0:status:Success Trips 15-16 urn:oasis:names:tc:SAML:2.0:status:Responder Trips 17-22 urn:oasis:names:tc:SAML:2.0:status:Success Trips 23-24 urn:oasis:names:tc:SAML:2.0:status:Responder Trip 25 urn:oasis:names:tc:SAML:2.0:status:Success

Could it be anything with the config?? Thanks

i8beef commented 3 years ago

Sorry, I am not sure what it is exactly you are seeing. Those status messages don't mean much by themselves. But yes, most likely you have something configured wrong.

nreddipalle commented 3 years ago

When trying to authenticate between SP and IDP.. its going to error page and running a bounce back to login.ashx and then to error page and then back to login.ashx and then eventually logging in.. when noticing receiving a StatusCode of responder during error page and success and then after multiple bounce back it is eventually logging in.. (sometimes after 5 times, sometimes after 10 times etc)

i8beef commented 3 years ago

Have you tried wiring up the logging and seeing what its spitting out?

nreddipalle commented 3 years ago

I did the following changes:

  1. Set allowUnsolicitedResponses="true" and omitAssertionSignatureCheck="true"
  2. Used one of the old dll version (which we were using successfully for other customers..) Version 3.0.0.6

Now there is no bounce back and able to login fine on first attempt..

i8beef commented 3 years ago

If you're that far back you might find that Chrome no longer works due to the cookie policy changes made there (and later in other browsers) that broke everything, and a bad HttpContext reuse bug, just a warning.

nreddipalle commented 3 years ago

Understood but I am unable to figure out the root cause using the newer version dll and setting allowUnSolicitedResponses and omitAssertionSignatureCheck to false.. on trying to login, it keep bouncing back almost 5-10 times before logging in successfully..

i8beef commented 3 years ago

I highly recommend you don't sleep on that upgrade. Attaching a logging provider will allow you to actually see where things are failing, and give me information necessary to make recommendations about where you are failing. Posting your (redacted) config would also help.