ComponentSpace

Forums



Relay State is required by IDP - I-Sprinter


Relay State is required by IDP - I-Sprinter

Author
Message
Charaka
Charaka
New Member
New Member (8 reputation)New Member (8 reputation)New Member (8 reputation)New Member (8 reputation)New Member (8 reputation)New Member (8 reputation)New Member (8 reputation)New Member (8 reputation)New Member (8 reputation)

Group: Forum Members
Posts: 6, Visits: 63
Hi Team,

we have a request for integration between idp vender i-sprint (http://www.i-sprint.com/ ) and they have made relay state parameter mandatory. from our end, it does not pass using the parameter from your component. how we can get resolve and pass the relaystate?

following is a response from an i-sprint vender
  Currently, the validation process is done by calling API to read SAML Request, the RelayState needs to be passed in. The API doesn't expect a null value as input. And if there is no RelayState passed in, it will be considered as null. Thus causing the NullPointerException in the system.

Can you use the HTTP POST binding method to post those parameters? Below is the example

http://saml.xml.org/wiki/idp-initiated-single-sign-on-post-binding 


Regarding the error, this is what we see from the logs, parameter 2 is “relay”:
16/09/2019 12:03:47.528 [http-nio-8080-exec-8] DEBUG - (SAMLAuthnProcessor.java:88) samlRequest=xxxxxx, relay=null, spId=null, sessionToken=null
16/09/2019 12:03:47.544 [http-nio-8080-exec-8] ERROR - (SAMLAuthnProcessor.java:139) Exception when reading authentication request or initiating request
java.lang.NullPointerException: Method parameter 2 should not be null; null parameters are not supported in orignal XML-RPC specs

ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
Relay state is fully supported. You can specify an optional relay state through our SAML API.
Is your site the SP and i-Sprint the IdP?
Is this IdP-initiated or SP-initiated SSO?


Regards
ComponentSpace Development
Charaka
Charaka
New Member
New Member (8 reputation)New Member (8 reputation)New Member (8 reputation)New Member (8 reputation)New Member (8 reputation)New Member (8 reputation)New Member (8 reputation)New Member (8 reputation)New Member (8 reputation)

Group: Forum Members
Posts: 6, Visits: 63
ComponentSpace - 9/25/2019
Relay state is fully supported. You can specify an optional relay state through our SAML API.
Is your site the SP and i-Sprint the IdP?
Is this IdP-initiated or SP-initiated SSO?

Hi,
This is SP initiated request. is there a way we can sent relay state when IDP initiated a request?

thanks,
ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
I'm assuming your site is the SP.

For SP-initiated SSO, you call SAMLServiceProvider.InitiateSSO. This API takes an optional relayState parameter which is sent to the IdP along with the SAML authn request.

The IdP should return this same relay state along with the SAML response.

The relayState output parameter is returned when you call SAMLServiceProvider.ReceiveSSO to receive and process the SAML response.

However, as per the SAML specification, this relay state should be opaque to the IdP. It's not intended as a way to communicate information to the IdP although we place no restrictions on this. The purpose of relay state in SP-initiated SSO is to allow the SP to associate the received SAML response with the previously sent SAML authn request.

You can send relay state to the IdP along with the authn request as I mentioned but I'm not sure what purpose this would serve other than perhaps to avoid them throwing a NullPointerException.

Regards
ComponentSpace Development
Charaka
Charaka
New Member
New Member (8 reputation)New Member (8 reputation)New Member (8 reputation)New Member (8 reputation)New Member (8 reputation)New Member (8 reputation)New Member (8 reputation)New Member (8 reputation)New Member (8 reputation)

Group: Forum Members
Posts: 6, Visits: 63

Hi Team,

Was manage to send the relay state using SAMLServiceProvider successfully.InitiateSSO and Idp login page were prompted. We are pass "<http://host>/SAML/AssertionConsumerService.aspx" to the relay state.

but now we get the following problem after login competed. 

ComponentSpace.SAML2 Verbose: 0 : 63920/3: 26/09/2019 5:54:20 PM: Exception: ComponentSpace.SAML2.Exceptions.SAMLBindingException: The message is not an HTTP POST.
ComponentSpace.SAML2 Verbose: 0 : 63920/3: 26/09/2019 5:54:20 PM:  at ComponentSpace.SAML2.Bindings.HTTPPostBinding.ReceiveResponse(HttpRequest httpRequest, XmlElement& samlMessage, String& relayState)
 at ComponentSpace.SAML2.InternalSAMLServiceProvider.ReceiveSSO(HttpRequest httpRequest, Boolean& isInResponseTo, String& partnerIdP, String& userName, SAMLAttribute[]& attributes, String& relayState)
 at SSO.Web.SAML.AssertionConsumerService.Page_Load(Object sender, EventArgs e) in SSO.Web\SAML\AssertionConsumerService.aspx.cs:line 40

what would be the problem in this case?



ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
SAML responses are sent using an HTTP Post. If we receive something else like an HTTP Get we throw this exception.

Please use the browser developer tools to take a look at the network traffic. You should see an HTTP Get with SAMLRequest and RelayState query string parameters being sent to the IdP. After the user is authenticated at the IdP, there should see an HTTP Post with the SAMLResponse being sent to your assertion consumer service endpoint.

Regards
ComponentSpace Development
GO


Similar Topics


Execution: 0.000. 2 queries. Compression Enabled.
Login
Existing Account
Email Address:


Password:


Select a Forum....












Forums, Documentation & Knowledge Base - ComponentSpace


Search