search

jitbit / AspNetSaml

Very simple SAML 2.0 consumer module for ASP.NET/C#
https://www.jitbit.com
Apache License 2.0
361 stars 118 forks source link

Error: app_not_configured_for_user #46

Closed MagnusModig closed 2 years ago

MagnusModig commented 3 years ago

Hi

I try to use this with Google SSO but get this error "Error: app_not_configured_for_user" when using it.... Maybe I have done things wrong.. This is what I use...

    Dim samlEndpoint = "https://accounts.google.com/o/saml2/idp?idpid=xxxxx"

    Dim request = New AuthRequest("https://rootfoldertomywebsite/", "https://rootfoldertomywebsite/SamlConsume")

In this adress https://rootfoldertomywebsite/SamlConsume I have the code below...

Public Sub SamlConsume()
    ' 1. TODO: specify the certificate that your SAML provider gave you
    'Dim samlCertificate = "-----BEGIN CERTIFICATE-----
    '                             BLAHBLAHBLAHBLAHBLAHBLAHBLAHBLAHBLAHBLAHBLAHBLAH123543==
    '                             -----END CERTIFICATE-----"

    ' 2. Let's read the data - SAML providers usually POST it into the "SAMLResponse" var
    Dim samlResponse = New Response(samlCertificate, Request.Form("SAMLResponse"))

    ' 3. We're done!
    If samlResponse.IsValid() Then
        'WOOHOO!!! user is logged in

        'Some more optional stuff for you
        'let's extract username/firstname etc
        Dim username, email, firstname, lastname As String
        Try
            username = samlResponse.GetNameID()
            email = samlResponse.GetEmail()
            firstname = samlResponse.GetFirstName()
            lastname = samlResponse.GetLastName()
        Catch ex As Exception
            'insert error handling code
            'no, really, please do
            'return null;
        End Try

        'user has been authenticated, put your code here, like set a cookie or something...
        'or call FormsAuthentication.SetAuthCookie() or something
        FormsAuthentication.RedirectFromLoginPage(username, False)
        'FormsAuthentication.SetAuthCookie(username,True)
    End If
End Sub

Sorry if this is a newbie question but is this the correct setup?

alex-jitbit commented 3 years ago

The error is on google's side, you have to "add" your app there.

Here's the manual from our main website, but it's for our own app - Jitbit Helpdesk - but the steps are kinda similar. https://www.jitbit.com/saas-helpdesk/saml-google/

MagnusModig commented 3 years ago

Thanks, so the setup on my part seem correct to you? The app is supposed to be setup on googles side according to my information (I dont do that part). And I have received certificate etc for this.

MagnusModig commented 3 years ago

Thanks for the link, I'm trying to read what this line should be..

Put in your helpdesk SAML URL [HELPDESK_URL]/Saml/Consume into the ACS URL

In the example picture it says NAME.Jitbit.com/helpdesk/saml/consume, in my case would that then be https://rootfoldertomywebsite/SamlConsume?

MagnusModig commented 3 years ago

Could you just tell me if my approach is correct? When the user access the website this is triggered in page.load..

Default.aspx 

Protected Sub Page_Load(sender As Object, e As EventArgs) Handles Me.Load
    LoginUsingSSO()
End Sub

Private Sub LoginUsingSSO()
    Dim samlEndpoint = "https://accounts.google.com/o/saml2/idp?idpid=xxxxx"
    Dim request = New AuthRequest("https://rootfoldertomywebsite/", "https://rootfoldertomywebsite/SamlConsume") 

    'redirect the user to the SAML provider
    Response.Redirect(request.GetRedirectUrl(samlEndpoint))
End Sub

And the actual page where I check samlResponse.IsValid() is in this folder

https://rootfoldertomywebsite/SamlConsume

Public Sub SamlConsume()
' 1. TODO: specify the certificate that your SAML provider gave you
'Dim samlCertificate = "-----BEGIN CERTIFICATE-----
'                             BLAHBLAHBLAHBLAHBLAHBLAHBLAHBLAHBLAHBLAHBLAHBLAH123543==
'                             -----END CERTIFICATE-----"

' 2. Let's read the data - SAML providers usually POST it into the "SAMLResponse" var
Dim samlResponse = New Response(samlCertificate, Request.Form("SAMLResponse"))

' 3. We're done!
If samlResponse.IsValid() Then
    'WOOHOO!!! user is logged in

    'Some more optional stuff for you
    'let's extract username/firstname etc
    Dim username, email, firstname, lastname As String
    Try
        username = samlResponse.GetNameID()
        email = samlResponse.GetEmail()
        firstname = samlResponse.GetFirstName()
        lastname = samlResponse.GetLastName()
    Catch ex As Exception
        'insert error handling code
        'no, really, please do
        'return null;
    End Try

    'user has been authenticated, put your code here, like set a cookie or something...
    'or call FormsAuthentication.SetAuthCookie() or something
    FormsAuthentication.RedirectFromLoginPage(username, False)
    'FormsAuthentication.SetAuthCookie(username,True)
End If
End Sub