ComponentSpace

Forums



trying to InitiateSSO within web API


trying to InitiateSSO within web API

Author
Message
yaniv
yaniv
New Member
New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)

Group: Awaiting Activation
Posts: 1, Visits: 2
Hi 
I have two sites
first a .NET  site that the saml works just fine 
and after first login everything OK .... 

second, I have an angular project that load before the login is accessing a web API to retrieve a data.
and I need the userName for that data
//
SAMLServiceProvider.ReceiveSSO(HttpContext.Current.Request, out isInResponseTo, out partnerIdP, out userName, out attributes, out targetUrl);
and getting this error 
ComponentSpace.SAML2.Exceptions.SAMLEnvironmentException: 'There is no HTTP session state as ASP.NET session cookies are not enabled.'
which I can understand cause there isn't a session state in API 
So, how can I get the user Name within the web API? 


ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
Our recommendation is to authenticate the user through SAML SSO as you are doing and to then create a JWT, based off information (eg user name) returned in the SAML assertion from the IdP, and to return this JWT to the Angular app. The JWT is included when calling the web API and is used for the authorization check.

Regards
ComponentSpace Development
tal
tal
New Member
New Member (5 reputation)New Member (5 reputation)New Member (5 reputation)New Member (5 reputation)New Member (5 reputation)New Member (5 reputation)New Member (5 reputation)New Member (5 reputation)New Member (5 reputation)

Group: Forum Members
Posts: 5, Visits: 12
ComponentSpace - 8/1/2019
Our recommendation is to authenticate the user through SAML SSO as you are doing and to then create a JWT, based off information (eg user name) returned in the SAML assertion from the IdP, and to return this JWT to the Angular app. The JWT is included when calling the web API and is used for the authorization check.

OP's team member here,
as he mentioned, we cannot do the init on our web api code.
we tried these two ways:
SAMLServiceProvider.InitiateSSO(new HttpResponseWrapper(HttpContext.Current.Response), null, null);
SAMLServiceProvider.InitiateSSO(HttpContext.Current.Response, null, null);

and got this RUNTIME error:
'There is no HTTP session state as ASP.NET session cookies are not enabled.'

the next step is to do the receive sso itself but it also didnt work

SAMLServiceProvider.ReceiveSSO(HttpContext.Current.Request, out isInResponseTo, out partnerIdP, out userName, out attributes, out targetUrl);

we are using ComponentSpace.SAML2 version 2.6.0.15

thank you so much


ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
To support the SAML protocol in the release you're using, we maintain SAML session state in the ASP.NET session. The error you’re seeing results from ASP.NET sessions not being enabled for your web API.

Could you try enabling ASP.NET sessions?

In more recent releases we store the SAML session state using a separate SAML_SessionId cookie and don’t require ASP.NET sessions to be enabled. If this is preferable, you could download an evaluation version to see if it meets your requirements and, if so, upgrade to the latest release.


Regards
ComponentSpace Development
tal
tal
New Member
New Member (5 reputation)New Member (5 reputation)New Member (5 reputation)New Member (5 reputation)New Member (5 reputation)New Member (5 reputation)New Member (5 reputation)New Member (5 reputation)New Member (5 reputation)

Group: Forum Members
Posts: 5, Visits: 12
ComponentSpace - 8/4/2019
To support the SAML protocol in the release you're using, we maintain SAML session state in the ASP.NET session. The error you’re seeing results from ASP.NET sessions not being enabled for your web API.

Could you try enabling ASP.NET sessions?

In more recent releases we store the SAML session state using a separate SAML_SessionId cookie and don’t require ASP.NET sessions to be enabled. If this is preferable, you could download an evaluation version to see if it meets your requirements and, if so, upgrade to the latest release.

thanks,
I cant enable ASP.NET session.
where can i download the latest release?


ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
You can download the 30 day evaluation version from our website.
If you have a current support subscription, please contact [email protected] for the latest licensed release.

Regards
ComponentSpace Development
tal
tal
New Member
New Member (5 reputation)New Member (5 reputation)New Member (5 reputation)New Member (5 reputation)New Member (5 reputation)New Member (5 reputation)New Member (5 reputation)New Member (5 reputation)New Member (5 reputation)

Group: Forum Members
Posts: 5, Visits: 12
ComponentSpace - 8/5/2019
You can download the 30 day evaluation version from our website.
If you have a current support subscription, please contact [email protected] for the latest licensed release.
thanks,
which one is the one without the need to enable asp.net session?



ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
Assuming your application is ASP.NET, you should download the SAML for ASP.NET evaluation.

Regards
ComponentSpace Development
tal
tal
New Member
New Member (5 reputation)New Member (5 reputation)New Member (5 reputation)New Member (5 reputation)New Member (5 reputation)New Member (5 reputation)New Member (5 reputation)New Member (5 reputation)New Member (5 reputation)

Group: Forum Members
Posts: 5, Visits: 12
ComponentSpace - 8/5/2019
Assuming your application is ASP.NET, you should download the SAML for ASP.NET evaluation.

Hi,
I can't see anything remotely close to WebApi so I tried to work with the console application project.
in this project, there is an XML parsing.
I tried to mimic that behavior, but couldn't figure out where the data to this XML comes from?

also, do you have a working WebApi example ? it's all webform there.
thanks,
Tal
ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
Just to confirm, are you wishing to participate in SAML SSO as a web API rather than a web forms or MVC application?
Remember that SAML SSO is a browser-based protocol. All messages between the identity provider and service provider sites are sent via the browser. Typically as part of SAML SSO, the identity provider will prompt the user to login. SAML SSO is not a web API call etc between two applications.

We don't have any web API specific examples but if you have an Angular app and a web API back-end, the recommendation is to have a non-web API endpoint at the back-end app that the Angular app accesses via a browser HTTP Get to initiate SSO to the identity provider. Once SSO completes, return control back to the Angular app via an HTTP redirect. You can include an authentication cookie or JWT for the Angular app to present in subsequent authorized calls to the web API.

Regards
ComponentSpace Development
GO


Similar Topics


Execution: 0.000. 1 query. Compression Enabled.
Login
Existing Account
Email Address:


Password:


Select a Forum....












Forums, Documentation & Knowledge Base - ComponentSpace


Search