ComponentSpace

Forums



SSO Errors in Chrome


SSO Errors in Chrome

Author
Message
DaveA
DaveA
New Member
New Member (13 reputation)New Member (13 reputation)New Member (13 reputation)New Member (13 reputation)New Member (13 reputation)New Member (13 reputation)New Member (13 reputation)New Member (13 reputation)New Member (13 reputation)

Group: Forum Members
Posts: 10, Visits: 44
I have an application performing IdP-initiated SSO using InitiateSsoAsync method like so:

try
{
     SamlConfigurations samlConfigurations = await GetSamlConfigurations(options);
      _samlConfigurations.Configurations = samlConfigurations.Configurations;
      await _samlProvider.InitiateSsoAsync(partnerName, username);
}
catch (Exception ex)
{
  // Handle any error (none are being thrown though...)
}
return View();


The code to build the SAML configuration and SSO into a service provider works great in Edge and IE11 and the view is opened in a new tab and shows the logged in view of the SP's site. In Chrome I get a blank page that shows my view address in the address bar. The console shows that an ERR_CONNECTION_RESET was encountered. I thought that maybe something was being cached so I added this to the controller action:

[ResponseCache(Location = ResponseCacheLocation.None, NoStore = true)]

This sets up the cache-control properly, but has no effect on the issue. Has anyone seen this before? This is only an issue in Chrome (I have Chrome 67).

Thanks
DaveA
DaveA
New Member
New Member (13 reputation)New Member (13 reputation)New Member (13 reputation)New Member (13 reputation)New Member (13 reputation)New Member (13 reputation)New Member (13 reputation)New Member (13 reputation)New Member (13 reputation)

Group: Forum Members
Posts: 10, Visits: 44
I have also enabled SAML trace logging and compared the logs - the same sequence of events with the same outcomes occur in the logs for any browser and all show that the initiation of SSO to the SP completes successfully. I sent the latest logs to [email protected] for review, one tested in Chrome, one tested in Edge.
ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
Instead of:

return View();



Please try:

return new EmptyResult();





Regards
ComponentSpace Development
DaveA
DaveA
New Member
New Member (13 reputation)New Member (13 reputation)New Member (13 reputation)New Member (13 reputation)New Member (13 reputation)New Member (13 reputation)New Member (13 reputation)New Member (13 reputation)New Member (13 reputation)

Group: Forum Members
Posts: 10, Visits: 44
That appears to have fixed it!

I was returning a view so that my users could see a page that says something like "Signing in to X, please wait...". Is there a way to do this when returning an EmptyResult? This page would rarely show at all, but if the SP takes a bit to sign the user in it is nice to give my users some feedback.

Thanks for your help!
ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
You will need to update the HTML returned to the browser and that's used to send the SAML response to the service provider over HTTP-Post.
This HTML is accessed through an implementation of the ComponentSpace.Saml2.Bindings.Post.IHttpPostForm interface.
The default implementation is ComponentSpace.Saml2.Bindings.Post.HttpPostForm which uses the following HTML template.

<html xmlns="http://www.w3.org/1999/xhtml">
<body onload="document.forms.samlform.submit()">
<noscript>
<p>
<strong>Note: </strong>
Since your browser does not support JavaScript, you must press the Continue button to proceed.
</p>
</noscript>
<form id="samlform" action="{url}" method="post" target="_self">
<div>
{hiddenFormVariables}
</div>
<noscript>
<div>
<input type="submit" value="Continue"/>
</div>
</noscript>
</form>
</body>
</html>

 

You can either directly implement the IHttpPostForm interface or extend the HttpPostForm class.
The following implementation adds a message to display to the user by setting the HttpPostForm.FormTemplate property.

public class TestHttpPostForm : HttpPostForm
{
public TestHttpPostForm()
{
 FormTemplate =
  "<html xmlns=\"http://www.w3.org/1999/xhtml\">" +
  "<body onload=\"document.forms.samlform.submit()\">" +
  "<noscript>" +
  "<p>" +
  "<strong>Note: </strong>" +
  "Since your browser does not support JavaScript, you must press the Continue button to proceed." +
  "</p>" +
  "</noscript>" +
  "Signing in. Please wait..." +
  "<form id=\"samlform\" action=\"{url}\" method=\"post\" target=\"_self\">" +
  "<div>" +
  "{hiddenFormVariables}" +
  "</div>" +
  "<noscript>" +
  "<div>" +
  "<input type=\"submit\" value=\"Continue\"/>" +
  "</div>" +
  "</noscript>" +
  "</form>" +
  "</body>" +
  "</html>";
}
}



In product version 2.0.6, we've introduced an HttpPostForm.DisplayMessage property to simplify this.

public class TestHttpPostForm : HttpPostForm
{
  public TestHttpPostForm()
  {
   DisplayMessage = "Signing in. Please wait...";
  }
}



The implementation should be registered at startup as follows.

services.TryAddSingleton<IHttpPostForm, TestHttpPostForm>();




Regards
ComponentSpace Development
DaveA
DaveA
New Member
New Member (13 reputation)New Member (13 reputation)New Member (13 reputation)New Member (13 reputation)New Member (13 reputation)New Member (13 reputation)New Member (13 reputation)New Member (13 reputation)New Member (13 reputation)

Group: Forum Members
Posts: 10, Visits: 44
That's great info, I will try implementing the IHttpPostForm when I get a chance.

Thank you!
ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
You're welcome.
If you'd like to try the 2.0.6 beta, please email [email protected] mentioning your forum post.

Regards
ComponentSpace Development
pete.cleary
pete.cleary
New Member
New Member (5 reputation)New Member (5 reputation)New Member (5 reputation)New Member (5 reputation)New Member (5 reputation)New Member (5 reputation)New Member (5 reputation)New Member (5 reputation)New Member (5 reputation)

Group: Forum Members
Posts: 3, Visits: 8
The latest version of Chrome will also send the HTML response and not complete if you have the header X-Content-Type-Options set to nosniff. 

If you require this on the site then I suggest writing some Middleware to remove the header for the SSO path only.
ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
Thanks for the information.

Regards
ComponentSpace Development
BEN
BEN
New Member
New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)

Group: Forum Members
Posts: 3, Visits: 27
ComponentSpace - 8/29/2018
Thanks for the information.

Good morning All,

I'm getting the same blank page in Chrome when calling the method ComponentSpace.SAML2.SAMLServiceProvider.ReceiveSSO(httprequest, out isInResponseTo, out partnerIdP, out authContext, out userName, out attributes, out relayState);

While the blank page is displayed if I hit enter key on the keyboard after putting the pointer in the address bar I get the following message :



The message is not an HTTP POST.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: ComponentSpace.SAML2.Exceptions.SAMLBindingException: The message is not an HTTP POST.

Source Error:


Line 58:   var httprequest = new HttpRequestWrapper(Context.Request);
Line 59:
Line 60:   ComponentSpace.SAML2.SAMLServiceProvider.ReceiveSSO(httprequest, out isInResponseTo, out partnerIdP, out authContext, out userName, out attributes, out relayState);
Line 61:
Line 62:   CurrentUserName = Membership.GetUserNameByEmail(userName);

Source File: c:\inetpub\wwwroot\NationalBackOfficeQA\ACS.aspx.cs  Line: 60

Stack Trace:


[SAMLBindingException: The message is not an HTTP POST.]
 ComponentSpace.SAML2.Bindings.HTTPPostBinding.ReceiveResponse(HttpRequestBase httpRequest, XmlElement& samlMessage, String& relayState) in C:\Sandboxes\ComponentSpace\SAMLv20\Library\Bindings\HTTPPostBinding.cs:391
 ComponentSpace.SAML2.InternalSAMLServiceProvider.ReceiveSSO(HttpRequestBase httpRequest, Boolean& isInResponseTo, String& partnerIdP, String& authnContext, String& userName, SAMLAttribute[]& attributes, String& relayState) in C:\Sandboxes\ComponentSpace\SAMLv20\Library\InternalSAMLServiceProvider.cs:821
 ComponentSpace.SAML2.SAMLServiceProvider.ReceiveSSO(HttpRequestBase httpRequest, Boolean& isInResponseTo, String& partnerIdP, String& authnContext, String& userName, IDictionary`2& attributes, String& relayState) in C:\Sandboxes\ComponentSpace\SAMLv20\Library\SAMLServiceProvider.cs:232
 ACS.Page_Load(Object sender, EventArgs e) in c:\inetpub\wwwroot\NationalBackOfficeQA\ACS.aspx.cs:60
 System.Web.UI.Control.OnLoad(EventArgs e) +86
 System.Web.UI.Control.LoadRecursive() +129
 System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +3712

Version Information: Microsoft .NET Framework Version:4.0.30319; ASP.NET Version:4.7.2623.0


Any help will be appreciated, please note that it works fine in Edge and IE.

Thanks.




GO


Similar Topics


Execution: 0.000. 2 queries. Compression Enabled.
Login
Existing Account
Email Address:


Password:


Select a Forum....












Forums, Documentation & Knowledge Base - ComponentSpace


Search