I have implemented a simple custom ISSOSessionStore.
My class inherits from AbstractSSOSessionStore and seems to work as far as saving and loading the session state.
The problem that I am having is when I call InitiateSSO() for the second time.
The first call works because it calls the Save() method of the custom session store.
The second call fails with the below error message. In this instance it calls the Load() method of the custom session store and this seems to return the session state successfully.
Unable to cast object of type 'ComponentSpace.SAML2.Data.IdentityProviderSession' to type 'ComponentSpace.SAML2.Data.SAMLConfigurationState'.
[InvalidCastException: Unable to cast object of type 'ComponentSpace.SAML2.Data.IdentityProviderSession' to type 'ComponentSpace.SAML2.Data.SAMLConfigurationState'.] ComponentSpace.SAML2.SAMLController.LoadSAMLConfigurationState() in C:\Sandboxes\ComponentSpace\SAMLv20\Library\SAMLController.cs:41 ComponentSpace.SAML2.InternalSAMLIdentityProvider..ctor() in C:\Sandboxes\ComponentSpace\SAMLv20\Library\InternalSAMLIdentityProvider.cs:781 ComponentSpace.SAML2.SAMLIdentityProvider.InitiateSSO(HttpResponse httpResponse, String userName, IDictionary`2 attributes, String authnContext, String relayState, String partnerSP, String assertionConsumerServiceUrl) in C:\Sandboxes\ComponentSpace\SAMLv20\Library\SAMLIdentityProvider.cs:638...
Here is my custom session store code (simplified but behaving exactly the same as the full code). Should I be doing something with the 'type' parameter passed into the Load() method?
public class SAML20CustomSessionStore : AbstractSSOSessionStore
{
public SAML20CustomSessionStore()
{
}
public override object Load(Type type)
{
var sessionSerialized = HttpContext.Current.Session["SAML20CustomSessionStore"];
if (string.IsNullOrEmpty(sessionSerialized))
{
return null;
}
return Deserialize(Convert.FromBase64String(sessionSerialized));
}
public override void Save(object ssoSession)
{
HttpContext.Current.Session["SAML20CustomSessionStore"] = Convert.ToBase64String(Serialize(ssoSession));
}
}
Any ideas??