ComponentSpace

Forums



SAML:2.0:status:Responder: AccessDenied: Role based Authorization [SP-initiated]


SAML:2.0:status:Responder: AccessDenied: Role based Authorization...

Author
Message
RLowe
RLowe
New Member
New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)

Group: Forum Members
Posts: 1, Visits: 16
Hello, I'm fairly new to SAML and your component after the original developer of our project recently left, and on our first SSO rollout, we get this error in one particular circumstance, but everything else works fine.
What exactly is the meaning of this error in the context of a SP-initiated login?

The particular circumstance, FWIW, is that the login is occurring in a desktop app based on OpenFin, so it's essentially like an Electron app as both are based on Chromium.

The full error is this:

ComponentSpace.SAML2.Exceptions.SAMLErrorStatusException: An error SAML response status was received. urn:oasis:names:tc:SAML:2.0:status:Responder: AccessDenied: Role based Authorization
ComponentSpace.SAML2.Exceptions.SAMLErrorStatusException: An error SAML response status was received. urn:oasis:names:tc:SAML:2.0:status:Responder: AccessDenied: Role based Authorization at ComponentSpace.SAML2.InternalSAMLServiceProvider.ProcessSAMLResponse(XmlElement samlResponseElement, Boolean& isInResponseTo, String& authnContext, String& userName, SAMLAttribute[]& attributes) at ComponentSpace.SAML2.InternalSAMLServiceProvider.ReceiveSSO(HttpRequestBase httpRequest, Boolean& isInResponseTo, String& partnerIdP, String& authnContext, String& userName, SAMLAttribute[]& attributes, String& relayState) at AuthServer.Web.Controllers.UserController.<AssertionConsumerService>d__49.MoveNext() in D:\TeamCity\buildAgent\work\5c734b5efa658665\src\AuthServer.Web\Controllers\UserController.cs:line 633--- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at System.Web.Mvc.Async.TaskAsyncActionDescriptor.EndExecute(IAsyncResult asyncResult) at System.Web.Mvc.Async.AsyncControllerActionInvoker.<>c__DisplayClass37.<BeginInvokeAsynchronousActionMethod>b__36(IAsyncResult asyncResult) at System.Web.Mvc.Async.AsyncControllerActionInvoker.AsyncInvocationWithFilters.<InvokeActionMethodFilterAsynchronouslyRecursive>b__3d() at System.Web.Mvc.Async.AsyncControllerActionInvoker.AsyncInvocationWithFilters.<>c__DisplayClass46.<InvokeActionMethodFilterAsynchronouslyRecursive>b__3f() at System.Web.Mvc.Async.AsyncControllerActionInvoker.<>c__DisplayClass21.<>c__DisplayClass2b.<BeginInvokeAction>b__1c() at System.Web.Mvc.Async.AsyncControllerActionInvoker.<>c__DisplayClass21.<BeginInvokeAction>b__1e(IAsyncResult asyncResult)
Thank you for any info!
Richard
ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
Hi Richard
The SAML response returned by the identity provider included an error status.
I'm not sure of the specific reason for this although it would appear there's some sort of role based authorization restriction.
You need to contact the identity provider to determine why this is occurring.
If the user is permitted to SSO then perhaps there's some configuration at the identity provider that needs to be updated to permit this to occur.

Regards
ComponentSpace Development
GO


Similar Topics


Execution: 0.000. 2 queries. Compression Enabled.
Login
Existing Account
Email Address:


Password:


Select a Forum....












Forums, Documentation & Knowledge Base - ComponentSpace


Search