ComponentSpace

Forums



Sending sample AuthnRequest to IDP not working


Sending sample AuthnRequest to IDP not working

Author
Message
DiaaKamal
DiaaKamal
New Member
New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)

Group: Forum Members
Posts: 6, Visits: 13
Hi All,

I am very new to component space i want to use component space to send ver simple signed saml file to the IDP.

I created samp.config file on my solution as below:
<SAMLConfiguration xmlns="urn:componentspace:SAML:2.0:configuration">
<ServiceProvider Name="Derayah Financial"
       LocalCertificateFile="C:\Users\dkamal\documents\visual studio 2015\Projects\stackOverFlowWeb\stackOverFlowWeb\my_bank1_signed.p12"/>
<PartnerIdentityProviders>
 
 
  <PartnerIdentityProvider Name="Tawtheeq Online"
          SignAuthnRequest="true"
          SingleSignOnServiceUrl="https://tawtheeq.sa:8443/identity-gateway-test/ReceiveSAMLRequest"
          PartnerCertificateFile="C:\Users\dkamal\documents\visual studio 2015\Projects\stackOverFlowWeb\stackOverFlowWeb\TawtheeqCert.cer"/>
</PartnerIdentityProviders>
</SAMLConfiguration>

Then i created sample method to post request to url provided by IDP as below:

  private void TestComponentSpaceSaml()
   {
    string ConsumerServiceName = "Tawtheeq Online";
    Request.ContentType = "application/x-www-form-urlencoded";
    SAMLServiceProvider.InitiateSSO(Response, "10", ConsumerServiceName);
   }

But it is not working notice that the sample request send by IDP to follow is as below:
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" AssertionConsumerServiceURL="https://tawtheeq.sa/mybank1/ReceiveSAMLResponse" Destination="https://tawtheeq.sa/identity-gateway/ReceiveSAMLRequest" ForceAuthn="false" ID="_964484d741502e19a0b148d478a64050" IsPassive="false" IssueInstant="2018-06-04T12:46:07.860Z" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Version="2.0">
  <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">MyBank1
</saml:Issuer><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
  <ds:SignedInfo>
  <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
  <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
  <ds:Reference URI="#_964484d741502e19a0b148d478a64050">
   <ds:Transforms>
    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="ds saml samlp"/></ds:Transform>
   </ds:Transforms>
   <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
   <ds:DigestValue>B99CKUkHBSVelX86anIYMPaktnw=</ds:DigestValue>
  </ds:Reference>
  </ds:SignedInfo>
  <ds:SignatureValue>
  Some Encrypted key
  </ds:SignatureValue>
  <ds:KeyInfo>
  <ds:X509Data>
   <ds:X509Certificate>
    Some Encrypted key
   </ds:X509Certificate>
  </ds:X509Data>
  </ds:KeyInfo>
</ds:Signature>
  <samlp:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"/>
  <samlp:RequestedAuthnContext Comparison="exact">
  <saml:AuthnContextClassRef xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef>
  </samlp:RequestedAuthnContext>
</samlp:AuthnRequest>

ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
Please note that the following line is not required.
Request.ContentType = "application/x-www-form-urlencoded";
By default, SAMLServiceProvider.InitiateSSO will send the SAML authn request using a 302 redirect to the configured SingleSignOnServiceUrl.
Try removing the Request.ContentType line as this might be causing problems.
If there's still an issue, let me know what the URL is in the browser.
This should indicate whether you reached the IdP or not.

Regards
ComponentSpace Development
DiaaKamal
DiaaKamal
New Member
New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)

Group: Forum Members
Posts: 6, Visits: 13
ComponentSpace - 9/11/2018
Please note that the following line is not required.
Request.ContentType = "application/x-www-form-urlencoded";
By default, SAMLServiceProvider.InitiateSSO will send the SAML authn request using a 302 redirect to the configured SingleSignOnServiceUrl.
Try removing the Request.ContentType line as this might be causing problems.
If there's still an issue, let me know what the URL is in the browser.
This should indicate whether you reached the IdP or not.

Hi, 
Thank you for your response, I removed it but still issue exist, I want to make sure that the key algorithm used is: http://www.w3.org/2000/09/xmldsig#rsa-sha1

pls find below my url after posting the data 
https://tawtheeq.sa:8443/identity-gateway-test/ReceiveSAMLRequest?SAMLRequest=fZJNT8JAEIb%2FSrP3pS0uKBtKghIjiR%2BNEg9ezLidyiZlW3amIv%2FebSEGD3KdvB8zT2ZKsKkaPW957Z5x2yJxtFxk4l2ZREE5LmVqDEqVJqWEcvIhx%2BXlaDi5KNQElYhe0ZOtXSaGg0RES6IWl44YHIdRkl7JZCLT4SoZ6eFIKzVIx%2BpNRIvQYh1w71wzN6TjmGHHa8TtgEBfKXUR2wIdW97LT2DcwV5ysMXPaNB%2B4cv84f64r4hua2%2BwPyETJVSE3So5EAXh7yT3Ndemrq6tK6z7zETrna6BLGkHGyTNRnepOpyiPw4i0nerVS7zp5eViL43lSPd8zpvbo5NYjbt1LrH4k%2F85%2B1hb%2FQdGzFboIc9rKPbQMsZC9U0Pkk8xDf6MUQsF3ldWbPvWGyA%2F29IB2k%2FsYUse6luHTVobGmxENG8qurdjceAPBPs2wAunh1a%2F37J7Ac%3D&RelayState=10&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=cTe6%2FXr9%2BJm8CtNSTU7VZAWerPCV7R0X99OempovTbhI%2Bo1G%2BJL1%2FFOujri%2FZWtI9lQE4hi5YLietl2%2F1v3s55jIxIWZDwQ1Z8DAS4Dsf2yiNIXrA5tB%2F2UYnUkzQNyJdwDMHVaczyJ69yL424M%2FvbRgWeS48PdRSQ65Mm52io66qfkAhs4S0Xg%2Ff3Pc4KKuGBe9nacSAIhnX8PS4eCj69VyMMfu8AqibvauCQIg1kyjIzi0z8MbfCCYYS4pr5TGNsXgJLwUw4c6jMDx2mzqix3CgBk4ALufwyuS0CK8I6ZaTXWJO%2FyEWcigPAX0sCDTlugmUgy7nLN2TbBxC563Gg%3D%3D

ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
The URL looks fine.
Are you being redirected to this location in the browser?
What does the browser display?

Regards
ComponentSpace Development
DiaaKamal
DiaaKamal
New Member
New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)

Group: Forum Members
Posts: 6, Visits: 13
ComponentSpace - 9/11/2018
The URL looks fine.
Are you being redirected to this location in the browser?
What does the browser display?

I see in the url that the signature used is rsa sha-256 even after configuring the algorithm in saml.config to use rsa-sh1 as below

<PartnerIdentityProvider Name="Tawtheeq Online"
          SignAuthnRequest="true"
          SignatureMethod="http://www.w3.org/2000/09/xmldsig#rsa-sha1"
          SingleSignOnServiceUrl="https://tawtheeq.sa:8443/identity-gateway-test/ReceiveSAMLRequest"
          PartnerCertificateFile="cer path on my machine"/>
</PartnerIdentityProviders>
ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
Please send the full log file as an email attachment.

Regards
ComponentSpace Development
DiaaKamal
DiaaKamal
New Member
New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)

Group: Forum Members
Posts: 6, Visits: 13
ComponentSpace - 9/11/2018
Please send the full log file as an email attachment.

Hi 

Thank you for your support, I've asked the IDP and sent the request details and they told me request should be post instead of redirect binding, Is their any way to send request as a Post request instead?


ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
Yes. Include the following for the <PartnerIdentityProvider> in your saml.config.
SingleSignOnServiceBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"


Regards
ComponentSpace Development
DiaaKamal
DiaaKamal
New Member
New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)

Group: Forum Members
Posts: 6, Visits: 13
ComponentSpace - 9/12/2018
Yes. Include the following for the <PartnerIdentityProvider> in your saml.config.
SingleSignOnServiceBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"

Sorry but one more question how can i make sure that my SAML request in a text file (the request generated and set in the SAMLRequest post parameter)? Is their any way throw component space library to send it as a text as it is requested by the IDP!

ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
The best option is to enable SAML trace and take a look at the log file.
This includes the SAML authn request as XML.
You can copy this to a separate XML file.

Regards
ComponentSpace Development
GO


Similar Topics


Execution: 0.000. 2 queries. Compression Enabled.
Login
Existing Account
Email Address:


Password:


Select a Forum....












Forums, Documentation & Knowledge Base - ComponentSpace


Search