ComponentSpace

Forums



Componentspace Highlevel API behind Load Balancer


Componentspace Highlevel API behind Load Balancer

Author
Message
[email protected]
mike.roest@replicon.com
New Member
New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)

Group: Forum Members
Posts: 2, Visits: 9
We've been successfully using the Low Level API as a Service Provider behind a load balancer. We're now setting up a second simpler application that doesn't need the complexity of the Low Level API so we're attempting to use the High Level API also behind a load balancer (Amazon ELB). 

IDP Initiated SSO is working correctly but SP Initiated isn't working correctly (to ADFS).  ADFS is giving the the following error:

The request specified an Assertion Consumer Service URL 'http://externalhostname:905/SAML2.ashx?action=sso' that is not configured on the relying party 'urn:replicon:saasa-ec2'.
Assertion Consumer Service URL: http://externalhostname:905/SAML2.ashx?action=sso
Relying party: urn:replicon:saasa-ec2

The external URL for the assertion consumer service is https://externalhostname:905/SAML2.ashx?action=sso on the load balancer.  The internal IIS is running HTTP on port 905.

Is there a way in the SAML2 High Level API to specify what the external endpoint of the Assertion Consumer service is so?


ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
The authn request sent by the SP includes the assertion consumer service URL. ADFS checks this URL against the configured assertion consumer service URLs for the relying party (ie SP).
The assertion consumer service URL in the authn request is the URL configured for the <ServiceProvider> in your SAML configuration.
To specify "http://externalhostname:905/SAML2.ashx?action=sso" as the assertion consumer service URL included in the authn request your SAML configuration should include:

<ServiceProvider Name="urn:replicon:saasa-ec2"
                            AssertionConsumerServiceUrl="http://externalhostname:905/SAML2.ashx?action=sso"

If there's still an issue, please enable SAML trace and send the generated log file as an email attachment to [email protected] mentioning this topic. Also include your SAML configuration and the error information from ADFS.

http://www.componentspace.com/Forums/17/Enabing-SAML-Trace





Regards
ComponentSpace Development
[email protected]
mike.roest@replicon.com
New Member
New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)

Group: Forum Members
Posts: 2, Visits: 9
Thanks! this helped me track down my issue.  I had used ~ in my Endpoint config which causes ASP.Net to incorrectly calculate the address.  I just need to replace it with a absolute URL.


GO


Similar Topics


Execution: 0.000. 4 queries. Compression Enabled.
Login
Existing Account
Email Address:


Password:


Select a Forum....












Forums, Documentation & Knowledge Base - ComponentSpace


Search