ComponentSpace

Forums



No SAML message query string parameter in HTTP Redirect in SAMLServiceProvider.ReceiveSLO()


No SAML message query string parameter in HTTP Redirect in...

Author
Message
Sun
Sun
New Member
New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)

Group: Forum Members
Posts: 2, Visits: 4
No SAML message query string parameter in HTTP Redirect

As an SP, When I am calling the SAMLServiceProvider.ReceiveSLO(Request, isRequest, logoutReason, partnerIdP, Nothing)
I am getting the following exception.
What could be the problem?

No SAML message query string parameter in HTTP Redirect

No SAML message query string parameter in HTTP Redirect

Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: ComponentSpace.SAML2.Exceptions.SAMLBindingException: No SAML message query string parameter in HTTP Redirect

Source Error:



ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (3.2K reputation)ComponentSpace Development (3.2K reputation)ComponentSpace Development (3.2K reputation)ComponentSpace Development (3.2K reputation)ComponentSpace Development (3.2K reputation)ComponentSpace Development (3.2K reputation)ComponentSpace Development (3.2K reputation)ComponentSpace Development (3.2K reputation)ComponentSpace Development (3.2K reputation)

Group: Administrators
Posts: 2.2K, Visits: 5.9K
This means that the SAMLRequest or SAMLResponse query string parameter is missing.
It's possible that a simple redirect to your page is occurring rather than a SAML logout message being sent.
I suggest capturing the HTTP traffic using Fiddler etc to confirm.
If this is the case, confirm that the partner provider supports SAML logout as not everyone does.

Regards
ComponentSpace Development
Sun
Sun
New Member
New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)

Group: Forum Members
Posts: 2, Visits: 4
ComponentSpace - 8/6/2018
This means that the SAMLRequest or SAMLResponse query string parameter is missing.
It's possible that a simple redirect to your page is occurring rather than a SAML logout message being sent.
I suggest capturing the HTTP traffic using Fiddler etc to confirm.
If this is the case, confirm that the partner provider supports SAML logout as not everyone does.

Thank you for your support.
I am new to SAML. The sequence of my Logout page is as follows:

    SAMLServiceProvider.InitiateSLO(Response, logoutReason, partnerIdP)
    SAMLServiceProvider.ReceiveSLO(Request, isRequest, logoutReason, partnerIdP, Nothing)
    SAMLServiceProvider.SendSLO(Response, Nothing)

Is this in correct sequence or anything is missing?

Thank you
ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (3.2K reputation)ComponentSpace Development (3.2K reputation)ComponentSpace Development (3.2K reputation)ComponentSpace Development (3.2K reputation)ComponentSpace Development (3.2K reputation)ComponentSpace Development (3.2K reputation)ComponentSpace Development (3.2K reputation)ComponentSpace Development (3.2K reputation)ComponentSpace Development (3.2K reputation)

Group: Administrators
Posts: 2.2K, Visits: 5.9K
Basically that's correct but the call to SAMLServiceProvider.SendSLO is only required if SAMLServiceProvider.ReceiveSLO received a request.
So, for SP-initiated SLO the sequence is:

// Create and send a SAML logout request.
SAMLServiceProvider.InitiateSLO(Response, logoutReason, partnerIdP)

// Receive and process the SAML logout response.
SAMLServiceProvider.ReceiveSLO(Request, isRequest, logoutReason, partnerIdP, Nothing)

For IdP-initiated SLO the sequence is:

// Receive and process the SAML logout request.
SAMLServiceProvider.ReceiveSLO(Request, isRequest, logoutReason, partnerIdP, Nothing)

// Create and send the logout response.
SAMLServiceProvider.SendSLO(Response, Nothing)

I suggest taking a look at the ExampleServiceProvider project under the Examples\SSO\HighLevelAPI\WebForms folder which demonstrates supporting both SAML logout flows.

Regards
ComponentSpace Development
GO


Similar Topics


Execution: 0.000. 4 queries. Compression Enabled.
Login
Existing Account
Email Address:


Password:


Social Logins

Select a Forum....









Forums, Documentation & Knowledge Base - ComponentSpace


Search