Closed marco-maroni-spot-software closed 9 months ago
Dipende dalla response che ti viene inviata in fase di test, probabilmente è malformata o manca qualcosa. Ad esempio demo.spid non invia la firma (è una issue nota) sulla response di signout.
L'errore si verifica con l'ambiente di collaudo/preproduzione del Poligrafico, quindi mi aspetterei una risposta conforme. Ma come giustamente dici tu anche Demo Spid dovrebbe essere corretta ed invece non lo è.
Riesci a intercettare la Response che ti arriva e verificare che sia conforme?
La Response è questa:
Request finished HTTP/2 GET https://sportellovirtuale.bonificaromagna.it/signout-cie?SAMLResponse=pVJBbtswEPyKwLskipYji7AUBA0KBEiQIHJy6CWgqJVKVF6qXMot8vrSTty6PuSSE7HkzOzsLNeXv7djtANHxmLFsoSzCFDbzuBQsafN13jFLus1qe0oJnlrBzv7R6DJIkEUqEjy7a1is0NpFRmSqLZA0mvZXN3dSpFwOTnrrbYji66BvEHlD%2B2%2Bez%2BRTNOg5zyMo90Z52c1QtJaNL3RytmtGlAlxqdkBgzdY22ARTfXFXtZLhf9qtDLrOxBg4KyFFov2pXueQtdWwYYHs1ubCDwoigueJvFRS%2B6OO9LiBW0F3GeQQdLlecFbwOJaIYbJK%2FQV0xwIWJexNliw0sphMxXScnFNxY9H1MLE7L3jOSB7E6j%2BTgZRQRunwarj2lMDkJe3fwabiExXQCEBSX7w7yaMH5i0INDmwx2t0%2FGdFMg2d6MkO6FRfpw32zSprlfp6eu%2Fu6x8crPdFZ%2BsR1Ez2qc4WPHdEDLR%2Fg5h12CY5%2FTecIfaH%2FhgzOozaRGltbvrk8Fz3rcAZEaoL7CCJyzLrJaz85Bl5xxj8Cz63%2F1%2F1%2B6%2FgM%3D&RelayState=077760b1-7f2d-4f9e-aeb6-41ede5a4470b&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=OOLb4BcwgdGBvtj1stBYU0gWjMwVyK4k38CvSRNDSOZBvfK0gD4l36gdqcf1SSO%2FjXyW6g7pf9mosTAzHE3WFNw6elD%2Fg0ztaLYvK0EoWMMsYqPcU5sysYBdeEUPRuTSmxijFrjAiN8Y%2F2b5roPk4HdcLLd0tMLnHnp5OA6DDmdMoQE9xk5STq1DFlK66tCzu3ngp3sJLc2SiHk4bqAZj7fQ%2FvV3lpG6SgqLz46arJS1kR1XNfh7I9aOj2CUYXY40Hx44pthscu5LmDnNbgyzr3BycXM2zFSZ0%2Fa7bDmZz7q9CPBdYrMqBgCGkmo9kdXzNEyzAHRVkxWcAyrqUy8zg%3D%3D - - - 302 - - 18.1716ms
Verificare che sia conforme, come potrei fare, senza poter andare in debug della libreria?
Il problema è che la decodifica della SAMLResponse, quando è in GET, non è banale da fare senza eseguire il debug. Te lo chiedevo perchè la NullReferenceException, nel metodo ValidateSignOutResponse, potrebbe essere lanciata quando cerca di valutare l'espressione "response.Status.StatusCode.Value == SamlConst.Success". E' possibile che nella response non vi sia il tag Status o che StatusCode non sia valorizzato.
Come miglioria per la libreria non sarebbe male aggiungere un _logger.Debug(..) con le varie response SAML che riceve.
sono aperto a PR :-)
Visto che già loggo gli eventi secondo le specifiche potrei sfruttare i CieEvents per loggare in qualche modo senza modificare la libreria? O quell'eccezioen avviene prima della chiamata CieEvents.RemoteSignOut ?
Purtroppo avviene prima della chiamata all'handler HandleRemoteSignOut di CieEvents
Ho aggiunto qualche trace alla libreria e ho scoperto che Response è null, guardando nel codice qualle che potrebbe fallire a questo punto è ExtractInfoFromSignOutResponse()
private async Task<(string Id, LogoutResponseType Message)> ExtractInfoFromSignOutResponse()
{
if (HttpMethods.IsPost(Request.Method)
&& !string.IsNullOrEmpty(Request.ContentType)
&& Request.ContentType.StartsWith("application/x-www-form-urlencoded", StringComparison.OrdinalIgnoreCase)
&& Request.Body.CanRead)
{
var form = await Request.ReadFormAsync();
return (
form["RelayState"].ToString(),
SamlHandler.GetLogoutResponse(form["SAMLResponse"][0])
);
}
return (null, null);
}
Ma a questo punto mi viene un dubbio se la request è in GET in questa forma
https://sportellovirtuale.bonificaromagna.it/signout-cie?SAMLResponse=pVLLbtswEPwVgXc9SMuyQlgKggYFAiRIEDk59FJsyJVKVF6qJOUW%2BfrSTty6PuTSE7HkzOzsLNeXv7ZjskPnjaWG8axgCZKy2tDQsKfN57Rml%2B3aw3YUk7y1g53DI%2FrJksckUsnLt7eGzY6kBW%2B8JNiil0HJ7uruVoqskJOzwSo7suQafTAE4dDuWwiTl3ke9VzAcbQ748IMI2YvlkxvFDi7hYEgMyH3ZqDYPVUGWXJz3bCvFagaSw1Kl6j7GpAX0L9oLvgSeF%2BvIoyOZjc2EvBCgOAaUw7VMi2FWKb1ihepqIryohQcFkUVSd7PeEM%2BAIWGiUKItFilfLHhC7moJRdZxRdfWPJ8TC1OyN4zkgeyO43m42TAe3T7NFh7TGNyGPPS82u8xczoCIgLyvaHeTVx%2FMxQQEc2G%2Bxun4zRUyTZ3oyY74VF%2FnDfbfKuu1%2Fnp67%2B7LELEGZ%2FVn6yGpNnGGf82LE%2FoOUj%2FpjjLtGx%2F9N5ou9kf9KDM6TMBCPL23fXp4JnPe7QexiwvaIEnbMusUrNzqHOzrhH4Nn13%2FrfL93%2BBg%3D%3D&RelayState=e92a21de-1a65-4225-8710-26049421a306&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=xVvfHuzNods9ZbpFk%2BHsDDOcGRU2TYZ3d0IBCl1DYS7HadEwmh9hs58t6%2B72mKhQpqln24JYPLL%2BThsoiwjvybXRl%2Fm9L7%2Bb2bzazioITFuVLhGM6Evwt%2BvagI3erb1Azv9DXhXUUzncvz%2BvfC3%2B9L%2FSSJpkULZ%2Fm7ZJaGNYizWIjskcWS2FWfS8T3ZDroO2ZHA5zj2Nklc3LWV9deTlrOQOV8q4M%2FhskK1aOFohFc4Touj01j9znIVENFS7tFfHUcNYNTQkPVvcaj3Hpp8KxQazu%2FB%2F5uq7LDtRWt%2FlS6k0geF8a7jnju9Sqdc0rEw2DIX3%2BCanZKnJmOQazc7ZUA%3D%3D
Il codice sembra sbagliato perché cerca SAMRequest nel body e non come parametro nel querystring. Sbaglio?
Si, è corretto, il codice attuale non prevede la response in GET. Dovrò correggerlo, grazie per la segnalazione
Ho pubblicato un nuovo package in versione prerelease, la 1.1.3-prerelease Potresti verificare che contiene il fix di modo tale da pubblicare la versione definitiva? Grazie
Ora ottengo l'errrore "Unable to converto base64 response to ascii string."
at CIE.AspNetCore.Authentication.Saml.SamlHandler.GetLogoutResponse(String base64Response) at CIE.AspNetCore.Authentication.CieHandler.ExtractInfoFromSignOutResponse() at CIE.AspNetCore.Authentication.CieHandler.HandleRemoteSignOutAsync() at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context) at CBR.PortaleConcessioni.WebApp.Middleware.HttpRequestErrorMiddleware.Invoke(HttpContext context) in
questa la request
https://sportellovirtuale.bonificaromagna.it/signout-cie?SAMLResponse=pZJNb9swDIb%2FiqG75Y%2FYiyPELooVAwK0aFGnPewy0BLtCnMoT5Kzob9%2BStZsWQ699CRQ4ku%2BfKj11a%2FdGO3ROm2oZhlPWYQkjdI01Oxp%2ByWu2FWzdrAb80ncmsHM%2FhHdZMhhFKTkxJ%2B3ms2WhAGnnSDYoRNeivb67lbkPBWTNd5IM7LoBp3XBP7Y7sX7yYkkCfWsx3E0e239DCPyzpDutQRrdjAQcO0TpwcK3WOpkUWbm5p9Wyyzqi9SUJ%2FKPsu7KlWq6yqVQlouYQFhlA2dzG5NEGCZqUqmXVz1VR8XEldx1xddvIJVUaquX5ZQBpFzM27IeSBfszzN8zhdxtlimxUiW4lyxfMy%2F8qi5xO1MCF7YySOYnuO5n0y4BzaAw3WnGhMFgMvNb%2BGW%2BRahYSwIH449KsO43NNHi0ZPpj9gYxWUxCZXo%2BYHArnycN9u03a9n6dnLv6u8fWg5%2FdRfjZKIyeYZzxfcfumC0e8cccdomWfazOE30n85MerCapJxhZ0ry5Pi940eMOnYMBm2uK0FpjIyPlbC0qfqE9JV5c%2F4v%2F%2F9LNbw%3D%3D&RelayState=e51d8c0b-8f8f-4ce9-bf4b-9a945dbf75a5&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=aP9%2FQjDwSn5RyYdiEJwm5%2FBv9E9cv9w8lJcVO4WhjBtzZSr6sRdjt2%2BC7EwiZRlZOyeb%2By6RogsYWvvM4dsx7A2UWdVzz9y57%2BvcLtQMZnEQcpvnjjnqovR3WBjOgLLMKUbmrLknmkKIx13H5gcx5RlIttPyDh6Cr06JP9bgZ3IjluH%2BV%2FoXuk3LwAwpTJJqdqub5n7atL4DVIkmNyQvpJGxpWSfOpW6pL1Rnij%2BluSva%2BOx9qNiuTwZ96wM4zWKmEmtuhKvTnLe80E5yEuWS2cTDftzy5p8XMak0OpA%2F6VeF%2FQ8Ib9t%2BBorZnjFSIf8raxnU2dQqgDP7wpYfVN5hA%3D%3D
Dovrebbe esserci anche una InnerException, potresti riportarla?
'The input is not a valid Base-64 string as it contains a non-base 64 character, more than two padding characters, or an illegal character among the padding characters.'
Ok, trovato l'errore, ho pubblicato la versione 1.1.3-prerelease2. Potresti riprovare per favore?
Perdonami, versione 1.1.3-prerelease3, contenente un fix sulla verifica della firma del logout
Abbiamo fatto progressi, ma ancora il processo di logout fallisce "alla fine". Ma onestamente non riesco a capire quale sia il problema.
Nel log compare un "RemoteSignOutContext.Failed"
Questo il log completo della seguenza da quando ricevo il logout che lato mio è così cofigurato
SignOut(new AuthenticationProperties { RedirectUri = "/login" }, CieDefaults.AuthenticationScheme);
20220713-16:38:05 info: Microsoft.AspNetCore.Hosting.Diagnostics[2] => SpanId:4c06e79a9d49871f, TraceId:0016ffc4454f2911420e52d196b1f920, ParentId:0000000000000000 => RequestPath:/api/auth/logout RequestId:400001bf-0000-fb00-b63f-84710c7967bb Request finished HTTP/2 GET https://sportellovirtuale.bonificaromagna.it/api/auth/logout - - - 200 - - 29.2840ms
20220713-16:38:05 info: Microsoft.AspNetCore.Hosting.Diagnostics[1] => SpanId:a7be182f083a2e17, TraceId:0abb0e17a6b4bf0a25425dd8f341f979, ParentId:0000000000000000 => RequestPath:/signout-cie RequestId:400001c1-0000-fb00-b63f-84710c7967bb Request starting HTTP/2 GET https://sportellovirtuale.bonificaromagna.it/signout-cie?SAMLResponse=pZLBbtswDIZfxdDdsiw7TizELooVAwK0aNGkPexSyDLtCXMoT5KzoU8%2FOW22LIdeehIo8Sd%2FftT66vd%2BiA5gnTZYkZQyEgEq02rsK%2FK0%2BxqvyFW9dnI%2F8FHcmt5M%2FhHcaNBBFKToxNtbRSaLwkinnUC5Bye8Etvru1vBKROjNd4oM5DoBpzXKP2x3XfvRyeSJNSzHobBHLT1kxyANgZ1p5W0Zi97lFT7xOkeQ%2FdYaSDR5qYiL12XdeWiKEF1wNtmlRWplFmRN8BYwVgYZYMnszszC9KmXGbFKi7ytIjzLM%2FjhjEVNwsoGVfQ8HQWOTfBBp2X6CvCGecxW8ZptktzkS3FoqScFd9I9HyiFiYk74zEUWzP0XxMRjoHdqZB6hON0ULg1U6v4RaobkNCWBCdD%2F2qw%2FhUoweLhvbmMJPR7RhEptMDJHNhnjzcb3fJdnu%2FTs5d%2Fd3j1ks%2FuYvwi2khepbDBB87dsds8Qg%2Fp7BLsORzdZ7wB5pf%2BGA1Kj3KgST1u%2Bvzghc97sA52UN9jRFYa2xklJqshZZeaE%2BJF9f%2F4v%2B%2FdP0H&RelayState=f1b97368-6416-4344-b00c-b5e902ceb210&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=xnt30%2FQlGii%2Bo6cm9F5UAU2YGvzcgWs2XauX2mv0o%2BQUqOf%2FjpcSnKx3svislqLWQOEJMh9vpMutDtTqyL0ocYQJL%2BwWzb62q289ndNmjO%2Flnw5U1H%2FNH2%2FdlKP63Wbjb4Ca73DsIrIhv6C%2FowGTp9k9WqtLvOy7T0I1c0Yu%2Buf00zzrzmnzrZc3kEiAWIMIhZYT9atLU34h6LAHBoCjNIlL5O0YZHbHNRB2wBMHpWxWZ8E58AYfeNaFsMjxfES8oCZ0hAMAzQGnlsweIJto19w6sXGWH5uMWMcT%2BT3K%2F%2F4Pg7peuNa0IX1Nu2TQlUqgcDpr77NqQ524R8scTx%2BVZQ%3D%3D - -
20220713-16:38:05 dbug: Microsoft.AspNetCore.StaticFiles.StaticFileMiddleware[4] => SpanId:a7be182f083a2e17, TraceId:0abb0e17a6b4bf0a25425dd8f341f979, ParentId:0000000000000000 => RequestPath:/signout-cie RequestId:400001c1-0000-fb00-b63f-84710c7967bb The request path /signout-cie does not match a supported file type
20220713-16:38:05 dbug: Microsoft.AspNetCore.Routing.Matching.DfaMatcher[1001] => SpanId:a7be182f083a2e17, TraceId:0abb0e17a6b4bf0a25425dd8f341f979, ParentId:0000000000000000 => RequestPath:/signout-cie RequestId:400001c1-0000-fb00-b63f-84710c7967bb 1 candidate(s) found for the request path '/signout-cie'
20220713-16:38:05 dbug: Microsoft.AspNetCore.Routing.Matching.DfaMatcher[1005] => SpanId:a7be182f083a2e17, TraceId:0abb0e17a6b4bf0a25425dd8f341f979, ParentId:0000000000000000 => RequestPath:/signout-cie RequestId:400001c1-0000-fb00-b63f-84710c7967bb Endpoint 'Fallback {*path:nonfile}' with route pattern '{*path:nonfile}' is valid for the request path '/signout-cie'
20220713-16:38:05 dbug: Microsoft.AspNetCore.Routing.EndpointRoutingMiddleware[1] => SpanId:a7be182f083a2e17, TraceId:0abb0e17a6b4bf0a25425dd8f341f979, ParentId:0000000000000000 => RequestPath:/signout-cie RequestId:400001c1-0000-fb00-b63f-84710c7967bb Request matched endpoint 'Fallback {*path:nonfile}'
20220713-16:38:05 fail: CIE.AspNetCore.Authentication.CieHandler[7] => SpanId:a7be182f083a2e17, TraceId:0abb0e17a6b4bf0a25425dd8f341f979, ParentId:0000000000000000 => RequestPath:/signout-cie RequestId:400001c1-0000-fb00-b63f-84710c7967bb RemoteSignOutContext.Failed
20220713-16:38:05 dbug: Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationHandler[8] => SpanId:a7be182f083a2e17, TraceId:0abb0e17a6b4bf0a25425dd8f341f979, ParentId:0000000000000000 => RequestPath:/signout-cie RequestId:400001c1-0000-fb00-b63f-84710c7967bb AuthenticationScheme: Cookies was successfully authenticated.
20220713-16:38:05 info: Microsoft.AspNetCore.Routing.EndpointMiddleware[0] => SpanId:a7be182f083a2e17, TraceId:0abb0e17a6b4bf0a25425dd8f341f979, ParentId:0000000000000000 => RequestPath:/signout-cie RequestId:400001c1-0000-fb00-b63f-84710c7967bb Executing endpoint 'Fallback {*path:nonfile}'
20220713-16:38:05 info: Microsoft.AspNetCore.StaticFiles.StaticFileMiddleware[2] => SpanId:a7be182f083a2e17, TraceId:0abb0e17a6b4bf0a25425dd8f341f979, ParentId:0000000000000000 => RequestPath:/signout-cie RequestId:400001c1-0000-fb00-b63f-84710c7967bb Sending file. Request path: '/index.html'. Physical path: 'C:\inetpub\wwwroot\PortaleConcessioni\wwwroot\index.html'
20220713-16:38:05 info: Microsoft.AspNetCore.Routing.EndpointMiddleware[1] => SpanId:a7be182f083a2e17, TraceId:0abb0e17a6b4bf0a25425dd8f341f979, ParentId:0000000000000000 => RequestPath:/signout-cie RequestId:400001c1-0000-fb00-b63f-84710c7967bb Executed endpoint 'Fallback {*path:nonfile}'
20220713-16:38:05 info: Microsoft.AspNetCore.Hosting.Diagnostics[2] => SpanId:a7be182f083a2e17, TraceId:0abb0e17a6b4bf0a25425dd8f341f979, ParentId:0000000000000000 => RequestPath:/signout-cie RequestId:400001c1-0000-fb00-b63f-84710c7967bb Request finished HTTP/2 GET https://sportellovirtuale.bonificaromagna.it/signout-cie?SAMLResponse=pZLBbtswDIZfxdDdsiw7TizELooVAwK0aNGkPexSyDLtCXMoT5KzoU8%2FOW22LIdeehIo8Sd%2FftT66vd%2BiA5gnTZYkZQyEgEq02rsK%2FK0%2BxqvyFW9dnI%2F8FHcmt5M%2FhHcaNBBFKToxNtbRSaLwkinnUC5Bye8Etvru1vBKROjNd4oM5DoBpzXKP2x3XfvRyeSJNSzHobBHLT1kxyANgZ1p5W0Zi97lFT7xOkeQ%2FdYaSDR5qYiL12XdeWiKEF1wNtmlRWplFmRN8BYwVgYZYMnszszC9KmXGbFKi7ytIjzLM%2FjhjEVNwsoGVfQ8HQWOTfBBp2X6CvCGecxW8ZptktzkS3FoqScFd9I9HyiFiYk74zEUWzP0XxMRjoHdqZB6hON0ULg1U6v4RaobkNCWBCdD%2F2qw%2FhUoweLhvbmMJPR7RhEptMDJHNhnjzcb3fJdnu%2FTs5d%2Fd3j1ks%2FuYvwi2khepbDBB87dsds8Qg%2Fp7BLsORzdZ7wB5pf%2BGA1Kj3KgST1u%2Bvzghc97sA52UN9jRFYa2xklJqshZZeaE%2BJF9f%2F4v%2B%2FdP0H&RelayState=f1b97368-6416-4344-b00c-b5e902ceb210&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=xnt30%2FQlGii%2Bo6cm9F5UAU2YGvzcgWs2XauX2mv0o%2BQUqOf%2FjpcSnKx3svislqLWQOEJMh9vpMutDtTqyL0ocYQJL%2BwWzb62q289ndNmjO%2Flnw5U1H%2FNH2%2FdlKP63Wbjb4Ca73DsIrIhv6C%2FowGTp9k9WqtLvOy7T0I1c0Yu%2Buf00zzrzmnzrZc3kEiAWIMIhZYT9atLU34h6LAHBoCjNIlL5O0YZHbHNRB2wBMHpWxWZ8E58AYfeNaFsMjxfES8oCZ0hAMAzQGnlsweIJto19w6sXGWH5uMWMcT%2BT3K%2F%2F4Pg7peuNa0IX1Nu2TQlUqgcDpr77NqQ524R8scTx%2BVZQ%3D%3D - - - 200 6328 text/html 50.8065ms
E il cookie Cie.Properties è ancora valido mi permette di chiamare le mia API quindi confermo che il logout non si è concluso come doveva.
RemoteSignOutContext.Failed viene lanciato quando la verifica della firma viene superata, ma fallisce il controllo (response.InResponseTo == request.ID) Potresti verificare che gli ID di request e response coincidano?
Questa mattina non riesco nemmeno a fare login ha iniziato a darmi "Signature non valida", pur non avendo cambiato nulla :-( Ti risulta ci sia qualche problema sul server di collaudo preproduzione?
System.Exception: Signature non valida
at CIE.AspNetCore.Authentication.Helpers.BusinessValidation.ValidationCondition(Func`1 condition, String error) in C:\Sources\cie-aspnetcore\CIE.AspNetCore.Authentication\CIE.AspNetCore.Authentication\Helpers\BusinessValidation.cs:line 17
at CIE.AspNetCore.Authentication.Saml.SamlHandler.ValidateAuthnResponse(ResponseType response, AuthnRequestType request, EntityDescriptorType metadataIdp, String serializedResponse) in C:\Sources\cie-aspnetcore\CIE.AspNetCore.Authentication\CIE.AspNetCore.Authentication\Saml\SamlHandler.cs:line 228
at CIE.AspNetCore.Authentication.CieHandler.ValidateAuthenticationResponse(ResponseType response, AuthnRequestType request, AuthenticationProperties properties, String serializedResponse) in C:\Sources\cie-aspnetcore\CIE.AspNetCore.Authentication\CIE.AspNetCore.Authentication\CieHandler.cs:line 283
at CIE.AspNetCore.Authentication.CieHandler.HandleRemoteAuthenticateAsync() in C:\Sources\cie-aspnetcore\CIE.AspNetCore.Authentication\CIE.AspNetCore.Authentication\CieHandler.cs:line 145
Il call stack che vedi è della versione debug che mi sono compilato io, a cui avevo aggiunto un trace per controllare quello che mi avevi chiesto, ma mi da lo stesso problema con la versione 1.1.3-prerealease3
Ho pubblicato la prerelease4. Perdona il fastidio, ma la modifica porta con se conseguenze complesse, soprattutto se non si ha la possibilità di testare.
No anzi mi fa piacere testare ed essere utile, appena riesco verifico...
Ti confermo che response.InResponseTo == request.ID ma continuo a ricevere "RemoteSignOutContext.Failed"
Questo il log con il mio trace che conferma l'uguaglianza.
20220714-11:37:10 dbug: CIE.AspNetCore.Authentication.CieHandler[0] => SpanId:8cb043357c5f8b79, TraceId:2adced52463242704ec314784430adbc, ParentId:0000000000000000 => RequestPath:/signout-cie RequestId:400003b2-0001-f500-b63f-84710c7967bb response.InResponseTo: _945fabe9-5065-4f25-afa1-268c86d71cae, request.ID: _945fabe9-5065-4f25-afa1-268c86d71cae
20220714-11:37:10 fail: CIE.AspNetCore.Authentication.CieHandler[7] => SpanId:8cb043357c5f8b79, TraceId:2adced52463242704ec314784430adbc, ParentId:0000000000000000 => RequestPath:/signout-cie RequestId:400003b2-0001-f500-b63f-84710c7967bb RemoteSignOutContext.Failed
questo la modifica che ho fatto per ottenere quel trace
Potresti provare il flusso di logout con la versione 2.0.1 del package e dirmi se riscontri ancora il problema? Grazie
Inoltre, se implementi un tuo LogHandler, puoi vedere le request/response grezze che vengono scambiate https://github.com/italia/cie-aspnetcore#log-handling
Con la versione 2.0.1 al logout ottengo un errore diverso:
mi viene chiamato questo url che però fallisce, poi fa fall back sulla pagina che gestisce il 404
https://sportellovirtuale.bonificaromagna.it/signout-cie?SAMLResponse=pZJNT9wwEIb%2FSuR7vj9IrE0QKkJCAoHIwqGXyoknqdXsOHicbdVfX2fLlmUPXHqyxp535p1nvLn8tZu8PRhSGmsWBxHzAHstFY41e97e%2BCW7bDYkdlMy8zs96sU%2BAc0aCTwnReJ%2F32q2GORakCKOYgfEbc%2Fbq%2Fs7ngQRn422utcT866BrEJhD%2B2%2BWzsTD0NXz1iYJr1Xxi5igqDTqAbVC6N3YkQRKBuSGtF193sFzLu9rtm3opBdNcgKZCKytEqj4QKyVOSi7FIpyjUNj2a32glgyLui6GI%2Fr4T0s7ICv5S99Mu8yy6GpErSWDoR0QK3SFagrVkSJakfZX6cbOOY5yWP4qAo4q%2FMezlScxOyN0b8IDanaD4nI4jArDRYc6ShpLtyKwnWQ%2F1WbuBAoQWDOhj1fmWh5Bw6poOaIFxLJeHjQ7sN2%2FZhE576%2BLe51gq70Fn4RUvwXsS0wOce6ZDNn%2BB1cdsDw%2F6vzjP%2BQP0TH43CXs1iYmHz5vq04FmPeyASIzRX6IEx2ni67xdjQAZn2mPi2fV7%2FPETN38A&RelayState=ef5b66b1-59ad-489e-8dcd-85b47f29231d&SigAlg=http:%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=fuvksaXPPvdF%2F7xeB1gCOGpWGJRKok%2BO7d91k1hFdWTOFsdcAa7dndFJPgoL51RS1fZtP7f08n1I7vExU8xGMvnEi5WziYs%2B5WG%2FF7dvqXHF0KvmdOfmIegVHJF7IsPNf2EozaTEsxolthhGlLFEMAJUVASllsFqhyF8fDVClIegT9B9EaLuf9pUuPH%2B7L88pwcFsQ1QmeIHvUMDCiaQ4msjR9AEns2TdHptpEhd3QjYGZ4YA8HuSb4UWUNLPMxo9EjtHyfy4Vs7zDk4pk3tWFhajCQ9d5CANhJn7%2FcKQU2klauZ8gLi%2FPUaecpFF95ZBegADIGe8Lp6AKuUb44SFQ%3D%3D
Questo il log dall'avvio dell'app su IIS al suo stop
20230412-13:56:15 dbug: Microsoft.Extensions.Hosting.Internal.Host[1]
Hosting starting
20230412-13:56:15 warn: Microsoft.AspNetCore.DataProtection.Repositories.EphemeralXmlRepository[50]
Using an in-memory repository. Keys will not be persisted to storage.
20230412-13:56:15 warn: Microsoft.AspNetCore.DataProtection.KeyManagement.XmlKeyManager[59]
Neither user profile nor HKLM registry available. Using an ephemeral key repository. Protected data will be unavailable when application exits.
20230412-13:56:15 warn: Microsoft.AspNetCore.DataProtection.KeyManagement.XmlKeyManager[35]
No XML encryptor configured. Key {8a34d886-fab8-4db4-87cd-6098d8876021} may be persisted to storage in unencrypted form.
20230412-13:56:15 info: Microsoft.Hosting.Lifetime[0]
Application started. Press Ctrl+C to shut down.
20230412-13:56:15 info: Microsoft.Hosting.Lifetime[0]
Hosting environment: Production
20230412-13:56:15 info: Microsoft.Hosting.Lifetime[0]
Content root path: C:\inetpub\wwwroot\PortaleConcessioni\
20230412-13:56:15 dbug: Microsoft.Extensions.Hosting.Internal.Host[2]
Hosting started
20230412-13:56:20 dbug: CBR.PortaleConcessioni.WebApp.Middleware.CieLogHandler[0]
=> SpanId:170fb601fdb8ac31, TraceId:da3d60fbd6aac766243fb8001fd59494, ParentId:0000000000000000 => RequestPath:/api/auth/login-cie RequestId:40000284-0001-ff00-b63f-84710c7967bb => CBR.PortaleConcessioni.WebAPI.Controllers.AuthController.LoginCie (CBR.PortaleConcessioni.WebApp)
PostRequest Url:https://idserver.servizicie.interno.gov.it/idp/profile/SAML2/POST/SSO SAMLRequest:PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48c2FtbHA6QXV0aG5SZXF1ZXN0IHhtbG5zOnNhbWw9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iIElEPSJfZjA1ZjlkYmEtZmI4Mi00NTExLThiYzQtN2YxMzBkYWIxOTE2IiBWZXJzaW9uPSIyLjAiIElzc3VlSW5zdGFudD0iMjAyMy0wNC0xMlQxMTo1NjoxOS4zMTNaIiBEZXN0aW5hdGlvbj0iaHR0cHM6Ly9pZHNlcnZlci5zZXJ2aXppY2llLmludGVybm8uZ292Lml0L2lkcC9wcm9maWxlL1NBTUwyL1BPU1QvU1NPIiBGb3JjZUF1dGhuPSJ0cnVlIiBBc3NlcnRpb25Db25zdW1lclNlcnZpY2VJbmRleD0iMCIgQXR0cmlidXRlQ29uc3VtaW5nU2VydmljZUluZGV4PSIwIiB4bWxuczpzYW1scD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnByb3RvY29sIj48c2FtbDpJc3N1ZXIgTmFtZVF1YWxpZmllcj0iaHR0cHM6Ly9zcG9ydGVsbG92aXJ0dWFsZS5ib25pZmljYXJvbWFnbmEuaXQiIEZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOm5hbWVpZC1mb3JtYXQ6ZW50aXR5Ij5odHRwczovL3Nwb3J0ZWxsb3ZpcnR1YWxlLmJvbmlmaWNhcm9tYWduYS5pdDwvc2FtbDpJc3N1ZXI+PFNpZ25hdHVyZSB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyI+PFNpZ25lZEluZm8+PENhbm9uaWNhbGl6YXRpb25NZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiIC8+PFNpZ25hdHVyZU1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMDQveG1sZHNpZy1tb3JlI3JzYS1zaGEyNTYiIC8+PFJlZmVyZW5jZSBVUkk9IiNfZjA1ZjlkYmEtZmI4Mi00NTExLThiYzQtN2YxMzBkYWIxOTE2Ij48VHJhbnNmb3Jtcz48VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI2VudmVsb3BlZC1zaWduYXR1cmUiIC8+PFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIgLz48L1RyYW5zZm9ybXM+PERpZ2VzdE1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMDQveG1sZW5jI3NoYTI1NiIgLz48RGlnZXN0VmFsdWU+WERNaGlqMEFQdUx5YkdhblgzRndORWJPU3ZWK2wvbldsbHA5K015MW82ND08L0RpZ2VzdFZhbHVlPjwvUmVmZXJlbmNlPjwvU2lnbmVkSW5mbz48U2lnbmF0dXJlVmFsdWU+dkloSlh3b0EwOVgzRTVpdTN3VGtrVEJicXVwU2plQkJiY294TDFNMjlzS3AvNzVXU25hM01YTkVMbzlvOTZhSDZHWURNbGsyZWRMcklpM3FQWjdCUnRNNmI2R3ZXay9hT251OGp2aHZLbGtzVXhRT1ovTy9GZHpwbjRzN2JyV240QVJYOXZpeWF4V21aWXFoc1JPWEEvQzNLbkNSbXVwTUt6dXM1WnV0Q2FlQzNmTkYwcEphUnp6MEVPbXRKSlRmdGwwTElsN08raG1KRU1LbnFsYVdxbVlUZXh4KzhpcHBZUzliRVJLd0dySGJZQ0FtQVA3ZDVlbU4yVWRSTk8xaDVJWjVjcHQ4VHZ0ODkvSFVqclFQNnNlSmJuNmRrZGd4dTE4Njk3WW1CcGEyeDhPd0lmeW9Wa0R0MmJmSVVRN0NiNFNwd2ZvdlBjVENNWW80N2xxYXJTdllDSDh2Tld6TEd2SFYyOUcyQzNIQlIrcDN3SjhrbVJxMGhBMVpSai9zQXcyR2Fnb2o5WHJEaVNlRzIrMGlUSEtHc0NnWjhCMEVIZVBnb1RpdlBJZCtVQisvdFRvc1h0OW00U2pPUFFGVUlualN1a25MNGE3Q21QZkt4R3F3L0FyVi9rbjVxcnZ5RUFNLzJ1MFVWMDd3a1JSM2hwaXV6VndJNVovMDNlUU08L1NpZ25hdHVyZVZhbHVlPjxLZXlJbmZvPjxYNTA5RGF0YT48WDUwOUNlcnRpZmljYXRlPk1JSUc2RENDQlZDZ0F3SUJBZ0lVZGpkTUxCWTYzczV4K1VxT1JCQzJDMlBpRUxzd0RRWUpLb1pJaHZjTkFRRUxCUUF3Z2NveExEQXFCZ05WQkFvTUkwTnZibk52Y25wcGJ5QmthU0JDYjI1cFptbGpZU0JrWld4c1lTQlNiMjFoWjI1aE1TMHdLd1lEVlFRRERDUnpjRzl5ZEdWc2JHOTJhWEowZFdGc1pTNWliMjVwWm1sallYSnZiV0ZuYm1FdWFYUXhOVEF6QmdOVkJGTU1MR2gwZEhCek9pOHZjM0J2Y25SbGJHeHZkbWx5ZEhWaGJHVXVZbTl1YVdacFkyRnliMjFoWjI1aExtbDBNUll3RkFZRFZRUmhEQTFRUVRwSlZDMWpZbkpmTURRd01Rc3dDUVlEVlFRR0V3SkpWREVQTUEwR0ExVUVCd3dHUTJWelpXNWhNQjRYRFRJeU1EWXlPVEEzTkRVME5Wb1hEVEl6TURZeU9UQTNORFUwTlZvd2djb3hMREFxQmdOVkJBb01JME52Ym5OdmNucHBieUJrYVNCQ2IyNXBabWxqWVNCa1pXeHNZU0JTYjIxaFoyNWhNUzB3S3dZRFZRUUREQ1J6Y0c5eWRHVnNiRzkyYVhKMGRXRnNaUzVpYjI1cFptbGpZWEp2YldGbmJtRXVhWFF4TlRBekJnTlZCRk1NTEdoMGRIQnpPaTh2YzNCdmNuUmxiR3h2ZG1seWRIVmhiR1V1WW05dWFXWnBZMkZ5YjIxaFoyNWhMbWwwTVJZd0ZBWURWUVJoREExUVFUcEpWQzFqWW5KZk1EUXdNUXN3Q1FZRFZRUUdFd0pKVkRFUE1BMEdBMVVFQnd3R1EyVnpaVzVoTUlJQm9qQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FZOEFNSUlCaWdLQ0FZRUE2N2hQUnBEMEl2dllrOE1keEhxSTMwUTRrMzJTbmxJcnNERVZsOFRna0tacWdiMHZCZkUvOWZFc21zV0lhVUpWUHNUYmZHbTd1VDEvQ0d5L3NHRmoySTlBMEJqaEFwQ0JTc0tqTStySWtXRUQ3TU9hNnpOamZzNktKMmQ0b0ZXdDFFanBFUFlpZDBSVTdIdlRFK2RWK1BTRFMvZ2VWdnhkYUhRdmJlWTc2dlRHOVplNDlKWnpsS1lJaXEwbmduOUpmSXZjWHl6SXgxaE5WVG9EQlZXRmZVb2RQYTUyb1ZPVDhUbzRXTmhoSDFjRkxRT3prU2tCUDNKcGRudC9TV1FUcWhmMmFqVVhRdlhUUkhITjhHa1BUWnFkWHJzQW5pNCthWGVsVlJVMHhGWU53a3hrbGVZVTRRVSs0N1V4WHNBRkh1bXIzZENScG9WWWNORSs3b29rRGlIbnc5dHJoV1pDRlRpTUpwOFhKelZVUlRvT01MckcrYU1LVE1BMzBwRjEyUUVBN0pwSTFrZjdJL0xld2J5YnBNdFpMbmk5RldNY0YwNi9Lc1JjRHpyamJjRjN2a2ZpOEdLdGw1Tnk0dDRUbG9rZ2JOcFVxSzhJSHRHKzY4MG9uRytwVEVkeEU1NWJjMDBOUWl2cGpNdXJDWVJBV1NJZTNRcGRlaFllUXVhZEFnTUJBQUdqZ2dIQ01JSUJ2akFKQmdOVkhSTUVBakFBTUE0R0ExVWREd0VCL3dRRUF3SUd3REJ6QmdOVkhTQUViREJxTUI4R0F5dE1FREFZTUJZR0NDc0dBUVVGQndJQ01Bb01DRUZuU1VSeWIyOTBNQ0FHQkN0TUVBWXdHREFXQmdnckJnRUZCUWNDQWpBS0RBaGhaMGxFWTJWeWREQWxCZ1lyVEJBRUFnRXdHekFaQmdnckJnRUZCUWNDQWpBTkRBdGpaWEowWDFOUVgxQjFZakFkQmdOVkhRNEVGZ1FVNDNicXA0YitvNUNDQS9Nc1QwUWpWQnY2OTdzd2dnRUxCZ05WSFNNRWdnRUNNSUgvZ0JUamR1cW5odjZqa0lJRDh5eFBSQ05VRy9yM3U2R0IwS1NCelRDQnlqRXNNQ29HQTFVRUNnd2pRMjl1YzI5eWVtbHZJR1JwSUVKdmJtbG1hV05oSUdSbGJHeGhJRkp2YldGbmJtRXhMVEFyQmdOVkJBTU1KSE53YjNKMFpXeHNiM1pwY25SMVlXeGxMbUp2Ym1sbWFXTmhjbTl0WVdkdVlTNXBkREUxTURNR0ExVUVVd3dzYUhSMGNITTZMeTl6Y0c5eWRHVnNiRzkyYVhKMGRXRnNaUzVpYjI1cFptbGpZWEp2YldGbmJtRXVhWFF4RmpBVUJnTlZCR0VNRFZCQk9rbFVMV05pY2w4d05EQXhDekFKQmdOVkJBWVRBa2xVTVE4d0RRWURWUVFIREFaRFpYTmxibUdDRkhZM1RDd1dPdDdPY2ZsS2prUVF0Z3RqNGhDN01BMEdDU3FHU0liM0RRRUJDd1VBQTRJQmdRQy9HeVBjNTAramZhdmNMK29hZS9kWXBVY2FrOG5RR052QkRkdVhtR1M4ZHVuUUVFNURvdVRhWDQxYU9DcVE2aFNpakt3cHlCcWVqZmhQOTVFaDdsNUNlb3pHbUduSGJuWlAzK09PRWg2QnZkanh0VzVZc2hsTXBNSXhLaEdoL0dGTmRYMk8xTlBTWlZ2NDZ2cWRrbzdZSTkrQXJYSEREMHMrVmRVOE54NEl6TllZUm5CNThBL3pja3drVERkRmt3a2tXelhOdHF1ZElHNXRvK0hUS2pvdmE5SmpYT1VnU25LU1FNWjBqT2dQZzB6RWxnWGN1QUJyOGpDQzJTRHRDVVJ4MUJSaHdES0N4MDI3U0ZmQml4Q3A5WXFZajF1Nm9zM2QrVmVlaGtGSTlmZmJiektPL1ZaUTg1bEVESHloOUNzSnhpcGIvdnFtZlJCSDNFRHAxcngvR0ZtTWFMRTc5V05GNlZNbzkvMlNqd1hmTStDQnhDSVc0QXdwU1duYTZ0SkFSeGRNMzZxbzV1Q0hXcG4xR3YzbldVU3hWWGhzOTlxeUFVME4rNHdMaDJXMUlPRXFtdnRIKzBTYWsva1JqbllUU3BVdmt2c0hFMkUzTk0wbDBBSWhMeGVhZGhSNmJrdE12dUUwc08xRWtZVzFqZEtnTncvQTNIa2dOUXNBTnRVPTwvWDUwOUNlcnRpZmljYXRlPjwvWDUwOURhdGE+PC9LZXlJbmZvPjwvU2lnbmF0dXJlPjxzYW1scDpOYW1lSURQb2xpY3kgRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6bmFtZWlkLWZvcm1hdDp0cmFuc2llbnQiIC8+PHNhbWw6Q29uZGl0aW9ucyBOb3RCZWZvcmU9IjIwMjMtMDQtMTJUMTE6NDY6MTkuMzEzWiIgTm90T25PckFmdGVyPSIyMDIzLTA0LTEyVDEyOjA2OjE5LjMxM1oiIC8+PHNhbWxwOlJlcXVlc3RlZEF1dGhuQ29udGV4dCBDb21wYXJpc29uPSJtaW5pbXVtIj48c2FtbDpBdXRobkNvbnRleHRDbGFzc1JlZj5odHRwczovL3d3dy5zcGlkLmdvdi5pdC9TcGlkTDI8L3NhbWw6QXV0aG5Db250ZXh0Q2xhc3NSZWY+PC9zYW1scDpSZXF1ZXN0ZWRBdXRobkNvbnRleHQ+PC9zYW1scDpBdXRoblJlcXVlc3Q+
20230412-13:56:20 info: CIE.AspNetCore.Authentication.CieHandler[12]
=> SpanId:170fb601fdb8ac31, TraceId:da3d60fbd6aac766243fb8001fd59494, ParentId:0000000000000000 => RequestPath:/api/auth/login-cie RequestId:40000284-0001-ff00-b63f-84710c7967bb => CBR.PortaleConcessioni.WebAPI.Controllers.AuthController.LoginCie (CBR.PortaleConcessioni.WebApp)
AuthenticationScheme: Cie was challenged.
20230412-13:57:23 dbug: CBR.PortaleConcessioni.WebApp.Controllers.UserController[0]
=> SpanId:3da33afe473121a4, TraceId:6acfd88968561e90972ad893ef1a5fe9, ParentId:0000000000000000 => RequestPath:/api/user/me RequestId:40001347-0000-fa00-b63f-84710c7967bb => CBR.PortaleConcessioni.WebApp.Controllers.UserController.Get (CBR.PortaleConcessioni.WebApp)
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier:[]
Name:[]
FamilyName:[]
FiscalNumber:[]
DateOfBirth:[]
20230412-13:58:03 dbug: CBR.PortaleConcessioni.WebApp.Middleware.CieLogHandler[0]
=> SpanId:20b086ee2b2006d9, TraceId:8c47c7c05b8406660aad0dde7520d4ad, ParentId:0000000000000000 => RequestPath:/api/auth/logout RequestId:40001349-0000-fa00-b63f-84710c7967bb => CBR.PortaleConcessioni.WebAPI.Controllers.AuthController.Logout (CBR.PortaleConcessioni.WebApp)
PostRequest Url:https://idserver.servizicie.interno.gov.it/idp/profile/SAML2/POST/SLO SAMLRequest:PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48c2FtbHA6TG9nb3V0UmVxdWVzdCB4bWxuczpzYW1sPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIiBJRD0iX2VmNWI2NmIxLTU5YWQtNDg5ZS04ZGNkLTg1YjQ3ZjI5MjMxZCIgVmVyc2lvbj0iMi4wIiBJc3N1ZUluc3RhbnQ9IjIwMjMtMDQtMTJUMTE6NTg6MDMuMzMwWiIgRGVzdGluYXRpb249Imh0dHBzOi8vaWRzZXJ2ZXIuc2Vydml6aWNpZS5pbnRlcm5vLmdvdi5pdC9pZHAvcHJvZmlsZS9TQU1MMi9QT1NUL1NMTyIgUmVhc29uPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6bG9nb3V0OnVzZXIiIE5vdE9uT3JBZnRlcj0iMjAyMy0wNC0xMlQxMjowODowMy4zMzBaIiB4bWxuczpzYW1scD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnByb3RvY29sIj48c2FtbDpJc3N1ZXIgTmFtZVF1YWxpZmllcj0iaHR0cHM6Ly9zcG9ydGVsbG92aXJ0dWFsZS5ib25pZmljYXJvbWFnbmEuaXQiIEZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOm5hbWVpZC1mb3JtYXQ6ZW50aXR5Ij5odHRwczovL3Nwb3J0ZWxsb3ZpcnR1YWxlLmJvbmlmaWNhcm9tYWduYS5pdDwvc2FtbDpJc3N1ZXI+PFNpZ25hdHVyZSB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyI+PFNpZ25lZEluZm8+PENhbm9uaWNhbGl6YXRpb25NZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiIC8+PFNpZ25hdHVyZU1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMDQveG1sZHNpZy1tb3JlI3JzYS1zaGEyNTYiIC8+PFJlZmVyZW5jZSBVUkk9IiNfZWY1YjY2YjEtNTlhZC00ODllLThkY2QtODViNDdmMjkyMzFkIj48VHJhbnNmb3Jtcz48VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI2VudmVsb3BlZC1zaWduYXR1cmUiIC8+PFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIgLz48L1RyYW5zZm9ybXM+PERpZ2VzdE1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMDQveG1sZW5jI3NoYTI1NiIgLz48RGlnZXN0VmFsdWU+dlh1RmFJdDNVb3BUbFhDQ3QvSEk3Nmt0cEp6SEZ6SEh6Zjl1MTRtd1J5cz08L0RpZ2VzdFZhbHVlPjwvUmVmZXJlbmNlPjwvU2lnbmVkSW5mbz48U2lnbmF0dXJlVmFsdWU+YWtaRVQrVjRMemRsWXlHZVlEYmRhdWJ3NFpkVUoxY3g3SnMxVXE2clJsbUQzS0h5eVZUSEhNeG04QzdlSlVqSjR0cXJDMTJYMk1yNFpJek9td1JzMnlydWpNaXJLbnNCL3VoYUtoKy9wTHRURkR2bFZPdzFXVkpGcElYcTNybGxLcmc2d0RGeHFvZDJQM0N6Y3JjWFNaY2gvRGQrVmJycDlENkd0YkpxWXI2MGtHUlREOVI2blVjVUh3ZE02eFBkQTdhdkhmdkwrc05TdTVGM0RVdjI0R0NERW9XUTAwQjdYYnhuSk1TY1lOa25YZTVnaE1BcUZMWW9qdG1ocjNYNXpSZVBDU1hmbHRqaUJlLzVyME01NWV3MVNFRXc2bjFJNUpVMm9lMkFWN1lpL0hjNzFRZnl2alRvOC9uSjlVdXVYMEVKRlJWbGZXcmMvN1haUGUzWi9YUFpYazl4NFl3TE1tQ0RLcXJrdnVlTjF4M0NPc29IVzdqZXloZEhYRVFQUlBxM095aG5panJ5K1hObmxkbHdhTXRTK2FML01UdlJmRXJXRTl1ZEkxR3NTbXdkaFZBZFM2S0lZZlcycG9tRFFLMGFpTUIzVVFvbW1YMEs3WHJmTFdSTEViSmJnVFFFbHltSmdtQTRFVEpNWUZSek5rSm5SNU13RlFSVFZHVXQ8L1NpZ25hdHVyZVZhbHVlPjxLZXlJbmZvPjxYNTA5RGF0YT48WDUwOUNlcnRpZmljYXRlPk1JSUc2RENDQlZDZ0F3SUJBZ0lVZGpkTUxCWTYzczV4K1VxT1JCQzJDMlBpRUxzd0RRWUpLb1pJaHZjTkFRRUxCUUF3Z2NveExEQXFCZ05WQkFvTUkwTnZibk52Y25wcGJ5QmthU0JDYjI1cFptbGpZU0JrWld4c1lTQlNiMjFoWjI1aE1TMHdLd1lEVlFRRERDUnpjRzl5ZEdWc2JHOTJhWEowZFdGc1pTNWliMjVwWm1sallYSnZiV0ZuYm1FdWFYUXhOVEF6QmdOVkJGTU1MR2gwZEhCek9pOHZjM0J2Y25SbGJHeHZkbWx5ZEhWaGJHVXVZbTl1YVdacFkyRnliMjFoWjI1aExtbDBNUll3RkFZRFZRUmhEQTFRUVRwSlZDMWpZbkpmTURRd01Rc3dDUVlEVlFRR0V3SkpWREVQTUEwR0ExVUVCd3dHUTJWelpXNWhNQjRYRFRJeU1EWXlPVEEzTkRVME5Wb1hEVEl6TURZeU9UQTNORFUwTlZvd2djb3hMREFxQmdOVkJBb01JME52Ym5OdmNucHBieUJrYVNCQ2IyNXBabWxqWVNCa1pXeHNZU0JTYjIxaFoyNWhNUzB3S3dZRFZRUUREQ1J6Y0c5eWRHVnNiRzkyYVhKMGRXRnNaUzVpYjI1cFptbGpZWEp2YldGbmJtRXVhWFF4TlRBekJnTlZCRk1NTEdoMGRIQnpPaTh2YzNCdmNuUmxiR3h2ZG1seWRIVmhiR1V1WW05dWFXWnBZMkZ5YjIxaFoyNWhMbWwwTVJZd0ZBWURWUVJoREExUVFUcEpWQzFqWW5KZk1EUXdNUXN3Q1FZRFZRUUdFd0pKVkRFUE1BMEdBMVVFQnd3R1EyVnpaVzVoTUlJQm9qQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FZOEFNSUlCaWdLQ0FZRUE2N2hQUnBEMEl2dllrOE1keEhxSTMwUTRrMzJTbmxJcnNERVZsOFRna0tacWdiMHZCZkUvOWZFc21zV0lhVUpWUHNUYmZHbTd1VDEvQ0d5L3NHRmoySTlBMEJqaEFwQ0JTc0tqTStySWtXRUQ3TU9hNnpOamZzNktKMmQ0b0ZXdDFFanBFUFlpZDBSVTdIdlRFK2RWK1BTRFMvZ2VWdnhkYUhRdmJlWTc2dlRHOVplNDlKWnpsS1lJaXEwbmduOUpmSXZjWHl6SXgxaE5WVG9EQlZXRmZVb2RQYTUyb1ZPVDhUbzRXTmhoSDFjRkxRT3prU2tCUDNKcGRudC9TV1FUcWhmMmFqVVhRdlhUUkhITjhHa1BUWnFkWHJzQW5pNCthWGVsVlJVMHhGWU53a3hrbGVZVTRRVSs0N1V4WHNBRkh1bXIzZENScG9WWWNORSs3b29rRGlIbnc5dHJoV1pDRlRpTUpwOFhKelZVUlRvT01MckcrYU1LVE1BMzBwRjEyUUVBN0pwSTFrZjdJL0xld2J5YnBNdFpMbmk5RldNY0YwNi9Lc1JjRHpyamJjRjN2a2ZpOEdLdGw1Tnk0dDRUbG9rZ2JOcFVxSzhJSHRHKzY4MG9uRytwVEVkeEU1NWJjMDBOUWl2cGpNdXJDWVJBV1NJZTNRcGRlaFllUXVhZEFnTUJBQUdqZ2dIQ01JSUJ2akFKQmdOVkhSTUVBakFBTUE0R0ExVWREd0VCL3dRRUF3SUd3REJ6QmdOVkhTQUViREJxTUI4R0F5dE1FREFZTUJZR0NDc0dBUVVGQndJQ01Bb01DRUZuU1VSeWIyOTBNQ0FHQkN0TUVBWXdHREFXQmdnckJnRUZCUWNDQWpBS0RBaGhaMGxFWTJWeWREQWxCZ1lyVEJBRUFnRXdHekFaQmdnckJnRUZCUWNDQWpBTkRBdGpaWEowWDFOUVgxQjFZakFkQmdOVkhRNEVGZ1FVNDNicXA0YitvNUNDQS9Nc1QwUWpWQnY2OTdzd2dnRUxCZ05WSFNNRWdnRUNNSUgvZ0JUamR1cW5odjZqa0lJRDh5eFBSQ05VRy9yM3U2R0IwS1NCelRDQnlqRXNNQ29HQTFVRUNnd2pRMjl1YzI5eWVtbHZJR1JwSUVKdmJtbG1hV05oSUdSbGJHeGhJRkp2YldGbmJtRXhMVEFyQmdOVkJBTU1KSE53YjNKMFpXeHNiM1pwY25SMVlXeGxMbUp2Ym1sbWFXTmhjbTl0WVdkdVlTNXBkREUxTURNR0ExVUVVd3dzYUhSMGNITTZMeTl6Y0c5eWRHVnNiRzkyYVhKMGRXRnNaUzVpYjI1cFptbGpZWEp2YldGbmJtRXVhWFF4RmpBVUJnTlZCR0VNRFZCQk9rbFVMV05pY2w4d05EQXhDekFKQmdOVkJBWVRBa2xVTVE4d0RRWURWUVFIREFaRFpYTmxibUdDRkhZM1RDd1dPdDdPY2ZsS2prUVF0Z3RqNGhDN01BMEdDU3FHU0liM0RRRUJDd1VBQTRJQmdRQy9HeVBjNTAramZhdmNMK29hZS9kWXBVY2FrOG5RR052QkRkdVhtR1M4ZHVuUUVFNURvdVRhWDQxYU9DcVE2aFNpakt3cHlCcWVqZmhQOTVFaDdsNUNlb3pHbUduSGJuWlAzK09PRWg2QnZkanh0VzVZc2hsTXBNSXhLaEdoL0dGTmRYMk8xTlBTWlZ2NDZ2cWRrbzdZSTkrQXJYSEREMHMrVmRVOE54NEl6TllZUm5CNThBL3pja3drVERkRmt3a2tXelhOdHF1ZElHNXRvK0hUS2pvdmE5SmpYT1VnU25LU1FNWjBqT2dQZzB6RWxnWGN1QUJyOGpDQzJTRHRDVVJ4MUJSaHdES0N4MDI3U0ZmQml4Q3A5WXFZajF1Nm9zM2QrVmVlaGtGSTlmZmJiektPL1ZaUTg1bEVESHloOUNzSnhpcGIvdnFtZlJCSDNFRHAxcngvR0ZtTWFMRTc5V05GNlZNbzkvMlNqd1hmTStDQnhDSVc0QXdwU1duYTZ0SkFSeGRNMzZxbzV1Q0hXcG4xR3YzbldVU3hWWGhzOTlxeUFVME4rNHdMaDJXMUlPRXFtdnRIKzBTYWsva1JqbllUU3BVdmt2c0hFMkUzTk0wbDBBSWhMeGVhZGhSNmJrdE12dUUwc08xRWtZVzFqZEtnTncvQTNIa2dOUXNBTnRVPTwvWDUwOUNlcnRpZmljYXRlPjwvWDUwOURhdGE+PC9LZXlJbmZvPjwvU2lnbmF0dXJlPjxzYW1sOk5hbWVJRCBOYW1lUXVhbGlmaWVyPSJodHRwczovL3Nwb3J0ZWxsb3ZpcnR1YWxlLmJvbmlmaWNhcm9tYWduYS5pdCIgRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6bmFtZWlkLWZvcm1hdDp0cmFuc2llbnQiPkFBZHpaV055WlhReG9GUnpUL2h5WWNSQmFEbjhGUndiTW9zQnF3UjRpNFo4c2x5Nkt3cDZScXRlSGFzbFo2aGhwdGwwRnQ5SzMwWlZDTVVub0NRRjR2dXNJTWtsMTlRYUpTOXYrRmQvOHBXeGpDSDBRcHlTbHZFelg3Y2UwT09aOEFVTVlCdzVyMHovR016VTZTY2ZUUEp6c2t4aXhsQUF1Q1pzS0xlbFNJRTMybElSS1cxYUpUcGlQdUMvbkZlT0labmc1QT09PC9zYW1sOk5hbWVJRD48c2FtbHA6U2Vzc2lvbkluZGV4Pl83ODAyYzNkMDVkYjBkMzhiMTA2MmUyMDQ4MGY0OWU2OTwvc2FtbHA6U2Vzc2lvbkluZGV4Pjwvc2FtbHA6TG9nb3V0UmVxdWVzdD4=
20230412-13:58:03 fail: CIE.AspNetCore.Authentication.CieHandler[7]
=> SpanId:7845f702420191d1, TraceId:9d973da2fea992f2558ae5fdc35981aa, ParentId:0000000000000000 => RequestPath:/signout-cie RequestId:4000134b-0000-fa00-b63f-84710c7967bb
RemoteSignOutContext.Failed
20230412-13:58:48 info: Microsoft.Hosting.Lifetime[0]
Application is shutting down...
20230412-13:58:48 dbug: Microsoft.Extensions.Hosting.Internal.Host[3]
Hosting stopping
20230412-13:58:48 dbug: Microsoft.Extensions.Hosting.Internal.Host[4]
Hosting stopped
Questi i settaggi
"Cie": {
"Provider": {
"Name": "CIE Produzione",
"OrganizationName": "CIE Produzione",
"OrganizationDisplayName": "CIE Produzione",
"OrganizationUrlMetadata": "https://idserver.servizicie.interno.gov.it/idp/shibboleth?Metadata",
"OrganizationUrl": "https://www.interno.gov.it/it",
"OrganizationLogoUrl": "",
"SingleSignOnServiceUrlPost": "https://idserver.servizicie.interno.gov.it/idp/profile/SAML2/POST/SSO",
"SingleSignOutServiceUrlPost": "https://idserver.servizicie.interno.gov.it/idp/profile/SAML2/POST/SLO",
"SingleSignOnServiceUrlRedirect": "https://idserver.servizicie.interno.gov.it/idp/profile/SAML2/Redirect/SSO",
"SingleSignOutServiceUrlRedirect": "https://idserver.servizicie.interno.gov.it/idp/profile/SAML2/Redirect/SLO",
"Type": "IdentityProvider",
"SecurityLevel": 3
},
"EntityId": "https://sportellovirtuale.bonificaromagna.it"
},
Ho loggato la risposta SAML ricevuta al signout che genera poi l'eccezzione nella libreria RemoteSignOutContext.Failed e sembra che StatusCode abbia questo valore strano. Qualche idea?
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:LogoutResponse
xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" Destination="https://sportellovirtuale.bonificaromagna.it/signout-cie" ID="_4f2112cf2ced1d9ecd83bd25f42e513a" InResponseTo="_236de2d5-f43a-4497-9736-cbcf5f16880a" IssueInstant="2023-06-06T08:32:00.897Z" Version="2.0">
<saml2:Issuer
xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://idserver.servizicie.interno.gov.it/idp/profile/SAML2/POST/SSO
</saml2:Issuer>
<saml2p:Status>
<saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Requester">
<saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:UnknownPrincipal"/></saml2p:StatusCode>
<saml2p:StatusMessage>An error occurred.</saml2p:StatusMessage>
</saml2p:Status>
</saml2p:LogoutResponse>
questa la Request SAML che ha generato quella risposta:
<?xml version="1.0" encoding="UTF-8"?>
<samlp:LogoutRequest
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="_236de2d5-f43a-4497-9736-cbcf5f16880a" Version="2.0" IssueInstant="2023-06-06T08:32:01.840Z" Destination="https://idserver.servizicie.interno.gov.it/idp/profile/SAML2/POST/SLO" Reason="urn:oasis:names:tc:SAML:2.0:logout:user" NotOnOrAfter="2023-06-06T08:42:01.840Z"
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
<saml:Issuer NameQualifier="https://sportellovirtuale.bonificaromagna.it" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://sportellovirtuale.bonificaromagna.it</saml:Issuer>
<Signature
xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" />
<Reference URI="#_236de2d5-f43a-4497-9736-cbcf5f16880a">
<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" />
<DigestValue>OUdRJViggU6ATCVIjcEWb3KT5kVYTDZbtFi/FkB0v1c=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>iewS7KzMfUc2zGRz2m7N1sGUq9Am8rCnUbC1ThSIl8nJodw2N/VPo+WiwfYtBcb7W6jcW1+T1oR0LwGHsw5Wwqa+t0xSam41khgQVvVeRetaqa8KQjkYaefdEPhbTzc/DpwhtL/CgaDQff7fn3E4Y7K/PxHJaZPG6kOI11RQPPJY/qXMGpsx2sqxfRL/3YnYVn5v5zZzOET23yphGGXh3LtpD+WRNpBFObaRzMdIQC4WZnHVXWJNFMBX8iVK/BXbtUKSXnmVkxlKrptN++z89Ar946lZVjD+daTxadqMUPKmHjiykoisFBZkZgyJ5NZQtMekfh1BE3r/k6wm+1f7pWpnnYsU2IW64MHcBjL7bMsTxPBeQxyAYmVR7Mfge/RqmVBmikM0wBsx41HomV5YI44pso/Ev2BVitK7Pb1QJdBaSUgDQjfq7Wi/iknZnzfJb6Bjr3ZWC1m3CPh6tiFlj81L8r6TE3pCQ5kZE718lxM8BQbX2OP/kuyMxWziI99R</SignatureValue>
<KeyInfo>
<X509Data>
<X509Certificate>MIIG6DCCBVCgAwIBAgIUdjdMLBY63s5x+UqORBC2C2PiELswDQYJKoZIhvcNAQELBQAwgcoxLDAqBgNVBAoMI0NvbnNvcnppbyBkaSBCb25pZmljYSBkZWxsYSBSb21hZ25hMS0wKwYDVQQDDCRzcG9ydGVsbG92aXJ0dWFsZS5ib25pZmljYXJvbWFnbmEuaXQxNTAzBgNVBFMMLGh0dHBzOi8vc3BvcnRlbGxvdmlydHVhbGUuYm9uaWZpY2Fyb21hZ25hLml0MRYwFAYDVQRhDA1QQTpJVC1jYnJfMDQwMQswCQYDVQQGEwJJVDEPMA0GA1UEBwwGQ2VzZW5hMB4XDTIyMDYyOTA3NDU0NVoXDTIzMDYyOTA3NDU0NVowgcoxLDAqBgNVBAoMI0NvbnNvcnppbyBkaSBCb25pZmljYSBkZWxsYSBSb21hZ25hMS0wKwYDVQQDDCRzcG9ydGVsbG92aXJ0dWFsZS5ib25pZmljYXJvbWFnbmEuaXQxNTAzBgNVBFMMLGh0dHBzOi8vc3BvcnRlbGxvdmlydHVhbGUuYm9uaWZpY2Fyb21hZ25hLml0MRYwFAYDVQRhDA1QQTpJVC1jYnJfMDQwMQswCQYDVQQGEwJJVDEPMA0GA1UEBwwGQ2VzZW5hMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEA67hPRpD0IvvYk8MdxHqI30Q4k32SnlIrsDEVl8TgkKZqgb0vBfE/9fEsmsWIaUJVPsTbfGm7uT1/CGy/sGFj2I9A0BjhApCBSsKjM+rIkWED7MOa6zNjfs6KJ2d4oFWt1EjpEPYid0RU7HvTE+dV+PSDS/geVvxdaHQvbeY76vTG9Ze49JZzlKYIiq0ngn9JfIvcXyzIx1hNVToDBVWFfUodPa52oVOT8To4WNhhH1cFLQOzkSkBP3Jpdnt/SWQTqhf2ajUXQvXTRHHN8GkPTZqdXrsAni4+aXelVRU0xFYNwkxkleYU4QU+47UxXsAFHumr3dCRpoVYcNE+7ookDiHnw9trhWZCFTiMJp8XJzVURToOMLrG+aMKTMA30pF12QEA7JpI1kf7I/LewbybpMtZLni9FWMcF06/KsRcDzrjbcF3vkfi8GKtl5Ny4t4TlokgbNpUqK8IHtG+680onG+pTEdxE55bc00NQivpjMurCYRAWSIe3QpdehYeQuadAgMBAAGjggHCMIIBvjAJBgNVHRMEAjAAMA4GA1UdDwEB/wQEAwIGwDBzBgNVHSAEbDBqMB8GAytMEDAYMBYGCCsGAQUFBwICMAoMCEFnSURyb290MCAGBCtMEAYwGDAWBggrBgEFBQcCAjAKDAhhZ0lEY2VydDAlBgYrTBAEAgEwGzAZBggrBgEFBQcCAjANDAtjZXJ0X1NQX1B1YjAdBgNVHQ4EFgQU43bqp4b+o5CCA/MsT0QjVBv697swggELBgNVHSMEggECMIH/gBTjduqnhv6jkIID8yxPRCNUG/r3u6GB0KSBzTCByjEsMCoGA1UECgwjQ29uc29yemlvIGRpIEJvbmlmaWNhIGRlbGxhIFJvbWFnbmExLTArBgNVBAMMJHNwb3J0ZWxsb3ZpcnR1YWxlLmJvbmlmaWNhcm9tYWduYS5pdDE1MDMGA1UEUwwsaHR0cHM6Ly9zcG9ydGVsbG92aXJ0dWFsZS5ib25pZmljYXJvbWFnbmEuaXQxFjAUBgNVBGEMDVBBOklULWNicl8wNDAxCzAJBgNVBAYTAklUMQ8wDQYDVQQHDAZDZXNlbmGCFHY3TCwWOt7OcflKjkQQtgtj4hC7MA0GCSqGSIb3DQEBCwUAA4IBgQC/GyPc50+jfavcL+oae/dYpUcak8nQGNvBDduXmGS8dunQEE5DouTaX41aOCqQ6hSijKwpyBqejfhP95Eh7l5CeozGmGnHbnZP3+OOEh6BvdjxtW5YshlMpMIxKhGh/GFNdX2O1NPSZVv46vqdko7YI9+ArXHDD0s+VdU8Nx4IzNYYRnB58A/zckwkTDdFkwkkWzXNtqudIG5to+HTKjova9JjXOUgSnKSQMZ0jOgPg0zElgXcuABr8jCC2SDtCURx1BRhwDKCx027SFfBixCp9YqYj1u6os3d+VeehkFI9ffbbzKO/VZQ85lEDHyh9CsJxipb/vqmfRBH3EDp1rx/GFmMaLE79WNF6VMo9/2SjwXfM+CBxCIW4AwpSWna6tJARxdM36qo5uCHWpn1Gv3nWUSxVXhs99qyAU0N+4wLh2W1IOEqmvtH+0Sak/kRjnYTSpUvkvsHE2E3NM0l0AIhLxeadhR6bktMvuE0sO1EkYW1jdKgNw/A3HkgNQsANtU=</X509Certificate>
</X509Data>
</KeyInfo>
</Signature>
<saml:NameID NameQualifier="https://sportellovirtuale.bonificaromagna.it" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">AAdzZWNyZXQx1MRTMkqGfopSciH6EUfVpvKXNfi5OkKZWe6bAx/15CVi+uDKlB6VdkYAbVhtCt0BP3pQP1XYmpiIwRzjP8A8Zd9vA2Tg2yFhw85IAdUGO+RWFhAVW4QzGh8NIGU2/zplNQTjuATxV1QbiN0/FZu1PRPpRXIc87fUaqAO4so3UqfkFu0QsMg1RasDfQ==</saml:NameID>
<samlp:SessionIndex>_c86a45d8dd5e2fb57e62f30d3de4897a</samlp:SessionIndex>
</samlp:LogoutRequest>
Da documentazione: https://docs.italia.it/italia/cie/cie-manuale-tecnico-docs/it/master/protocolli.html#logout Pare che il logout SAML non sia implementato, peraltro in modalità 2 e 3 non dovrebbe neanche essere necessario, dal momento che in queste modalità non è previsto il SSO. Credo vada implementato il semplice redirect verso l'endpoint riportato nel metadata del IdP CIE.
Scusami credo di non aver capito, quindi a lato pratico cosa devo fare per evitare che non mi dia errore e io pulisca correttamente la mia sessione?
Anche perché appunto non vorrei aver capito male ma è già quello che fa la libreria ossia una post a
https://idserver.servizicie.interno.gov.it/idp/profile/SAML2/POST/SLO
che è l'url indicato nel metadata del IdP di CIE
ma appunto poi questa restituisce la catena di errori di cui sopra.
Si, dal momento che non gestiscono il signout. Io credo che sia assolutamente safe che alla pressione del tasto di SignOut tu pulisca la sessione lato ServiceProvider (cookie, o qualsiasi altro meccanismo tu utilizzi) ed eviti di scatenare il SignOut remoto, evitando di invocare il metodo SignOut() del Controller.
Salve in fase di signout, nell'ambiente di collaudo/preproduzione ottengo questa eccezione dalla libreria "CIE.AspNetCore.Authentication": "Object reference not set to an instance of an object."
questo il call stack
Quali potrebbero essere le possibili cause?
Grazie