ComponentSpace

Forums



Component Space IDP HTTP-POST request from SP


Component Space IDP HTTP-POST request from SP

Author
Message
Neonblue
Neonblue
New Member
New Member (9 reputation)New Member (9 reputation)New Member (9 reputation)New Member (9 reputation)New Member (9 reputation)New Member (9 reputation)New Member (9 reputation)New Member (9 reputation)New Member (9 reputation)

Group: Forum Members
Posts: 7, Visits: 12
I've been using the product for a while now in my IDP with supporting HTTP-REDIRECT.  Just recently I've had two new SP connection requests from companies that only support HTTP-POST.  I see how to do this as a service provider, but how can I support it being the IDP using ComponentSpace?

Edit:  It looks like there's a SAMLIdentifiers.BindingURIs.HTTPRedirect and HTTPPost.  But what if I need to support both?

ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (3.2K reputation)ComponentSpace Development (3.2K reputation)ComponentSpace Development (3.2K reputation)ComponentSpace Development (3.2K reputation)ComponentSpace Development (3.2K reputation)ComponentSpace Development (3.2K reputation)ComponentSpace Development (3.2K reputation)ComponentSpace Development (3.2K reputation)ComponentSpace Development (3.2K reputation)

Group: Administrators
Posts: 2.2K, Visits: 5.9K
The best option is to use the configuration based SAML high-level API as this automatically handles both bindings.
If you're using the SAML low-level API, your SSO service endpoint should first check whether the HTTP request is a Get or Post.
If it's a Get then process it as you currently do (eg HTTPRedirectBinding.ReceiveRequest).
If it's a Post then call HTTPPostBinding.ReceiveRequest.

Regards
ComponentSpace Development
Neonblue
Neonblue
New Member
New Member (9 reputation)New Member (9 reputation)New Member (9 reputation)New Member (9 reputation)New Member (9 reputation)New Member (9 reputation)New Member (9 reputation)New Member (9 reputation)New Member (9 reputation)

Group: Forum Members
Posts: 7, Visits: 12
ComponentSpace - 8/1/2018
The best option is to use the configuration based SAML high-level API

I am using the high level API...  So you're saying it should be working then?  This company is stating that since I don't have "HTTP-POST" in my IDP metadata that it's causing it to break...  I'm still waiting for credentials to try it out myself.  But it's making me think something is wrong with two HTTP-POST SPs that are getting set up right now are claiming issues.

ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (3.2K reputation)ComponentSpace Development (3.2K reputation)ComponentSpace Development (3.2K reputation)ComponentSpace Development (3.2K reputation)ComponentSpace Development (3.2K reputation)ComponentSpace Development (3.2K reputation)ComponentSpace Development (3.2K reputation)ComponentSpace Development (3.2K reputation)ComponentSpace Development (3.2K reputation)

Group: Administrators
Posts: 2.2K, Visits: 5.9K
Yes. When you call SAMLIdentityProvider.ReceiveSSO it will receive the SAML authn request using either the HTTP-Redirect or HTTP-Post binding.
You don't have to do anything to make this happen.
You might have to update your SAML metadata to specify both bindings for your single sign-on service as it sound like this might be causing issues for these SPs.
For example:

<md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://localhost:44313/SAML/SingleSignOnService"/>
<md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://localhost:44313/SAML/SingleSignOnService"/>




Regards
ComponentSpace Development
Neonblue
Neonblue
New Member
New Member (9 reputation)New Member (9 reputation)New Member (9 reputation)New Member (9 reputation)New Member (9 reputation)New Member (9 reputation)New Member (9 reputation)New Member (9 reputation)New Member (9 reputation)

Group: Forum Members
Posts: 7, Visits: 12
ComponentSpace - 8/1/2018
Yes. When you call SAMLIdentityProvider.ReceiveSSO it will receive the SAML authn request using either the HTTP-Redirect or HTTP-Post binding.
You don't have to do anything to make this happen.
You might have to update your SAML metadata to specify both bindings for your single sign-on service as it sound like this might be causing issues for these SPs.
For example:

<md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://localhost:44313/SAML/SingleSignOnService"/>
<md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://localhost:44313/SAML/SingleSignOnService"/>



Ok, that makes sense. Thanks! I'll try that.

Neonblue
Neonblue
New Member
New Member (9 reputation)New Member (9 reputation)New Member (9 reputation)New Member (9 reputation)New Member (9 reputation)New Member (9 reputation)New Member (9 reputation)New Member (9 reputation)New Member (9 reputation)

Group: Forum Members
Posts: 7, Visits: 12
One last question, I'm programmatically adding in this information would this be appropriate to do?
            EndpointType singleSignOnService = null;
            try
            {
                singleSignOnService = new EndpointType(SAMLIdentifiers.BindingURIs.HTTPRedirect, GetConfig.getString("LocalSSOProviderName") + "/SSO/SSOService", null);
            }
            catch (Exception)
            {
                throw new Exception("CIED Unable to create SSO REDIRECT service to endpoint.");
            }
            try
            {
                singleSignOnService = new EndpointType(SAMLIdentifiers.BindingURIs.HTTPPost, GetConfig.getString("LocalSSOProviderName") + "/SSO/SSOService", null);
            }
            catch (Exception)
            {
                throw new Exception("CIED Unable to create SSO POST service to endpoint.");
            }

ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (3.2K reputation)ComponentSpace Development (3.2K reputation)ComponentSpace Development (3.2K reputation)ComponentSpace Development (3.2K reputation)ComponentSpace Development (3.2K reputation)ComponentSpace Development (3.2K reputation)ComponentSpace Development (3.2K reputation)ComponentSpace Development (3.2K reputation)ComponentSpace Development (3.2K reputation)

Group: Administrators
Posts: 2.2K, Visits: 5.9K
Yes, although presumably you want to add both bindings (HTTP-Redirect and HTTP-Post) for this endpoint.

Regards
ComponentSpace Development
Neonblue
Neonblue
New Member
New Member (9 reputation)New Member (9 reputation)New Member (9 reputation)New Member (9 reputation)New Member (9 reputation)New Member (9 reputation)New Member (9 reputation)New Member (9 reputation)New Member (9 reputation)

Group: Forum Members
Posts: 7, Visits: 12
ComponentSpace - 8/1/2018
Yes, although presumably you want to add both bindings (HTTP-Redirect and HTTP-Post) for this endpoint.

Would the above code add in both or do I need to do something different?

ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (3.2K reputation)ComponentSpace Development (3.2K reputation)ComponentSpace Development (3.2K reputation)ComponentSpace Development (3.2K reputation)ComponentSpace Development (3.2K reputation)ComponentSpace Development (3.2K reputation)ComponentSpace Development (3.2K reputation)ComponentSpace Development (3.2K reputation)ComponentSpace Development (3.2K reputation)

Group: Administrators
Posts: 2.2K, Visits: 5.9K
I'm not sure what the rest of the code does but your code looks like it's creating one singleSignOnService EndPointType.
Wouldn't you want to create two?

EndpointType singleSignOnServiceRedirect = null;
EndpointType singleSignOnServicePost = null;

try
{
  singleSignOnServiceRedirect = new EndpointType(SAMLIdentifiers.BindingURIs.HTTPRedirect, GetConfig.getString("LocalSSOProviderName") + "/SSO/SSOService", null);
}
catch (Exception)
{
  throw new Exception("CIED Unable to create SSO REDIRECT service to endpoint.");
}
try
{
  singleSignOnServicePost = new EndpointType(SAMLIdentifiers.BindingURIs.HTTPPost, GetConfig.getString("LocalSSOProviderName") + "/SSO/SSOService", null);
}
catch (Exception)
{
  throw new Exception("CIED Unable to create SSO POST service to endpoint.");
}

// Add the two endpoints to the metadata - not shown





Regards
ComponentSpace Development
GO


Similar Topics


Execution: 0.000. 2 queries. Compression Enabled.
Login
Existing Account
Email Address:


Password:


Social Logins

Select a Forum....









Forums, Documentation & Knowledge Base - ComponentSpace


Search