ComponentSpace

Forums



Getting succeeded = false from HttpContext.AuthenticateAsync - 2.0.5


Getting succeeded = false from HttpContext.AuthenticateAsync - 2.0.5

Author
Message
arora_kushal
arora_kushal
New Member
New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)

Group: Forum Members
Posts: 4, Visits: 25
Hi - I am not getting authenticated properly using ComponentSpace.Saml2. Below is the code snippet I am using. Please let me know what am I missing here.

Please advise.

-----------------------------------------------------------------------------------
Startup.cs
-----------------------------------------------------------------------------------
public void ConfigureServices(IServiceCollection services)
{
  services.AddAuthentication().AddSaml(AppConstants.Saml2Scheme, AppConstants.Saml2Scheme, options =>
    {
      options.SignInScheme = IdentityServerConstants.ExternalCookieAuthenticationScheme;
      options.PartnerName = () => ConfigSettings.PartnerName;
      options.ConfigurationID = () => AppConstants.Default;
    });
    services.Configure<SamlConfigurations>(config => GetSamlConfiguration(config));
    services.AddSaml();
}
-----------------------------------------------------------------------------------------------------------------------------
Controller - Account
Action Method - ExternalLogin
-----------------------------------------------------------------------------------------------------------------------------
[HttpGet]
    public async Task<IActionResult> ExternalLogin(string provider, string returnUrl)
   {
      var authR = _interaction.GetAuthorizationContextAsync(returnUrl).Result;
      string clientId = authR?.ClientId ?? "Default";
      await _samlProvider.SetConfigurationIDAsync(clientId);
      await _samlProvider.InitiateSsoAsync(relayState: returnUrl);
      return new EmptyResult();
    }
-----------------------------------------------------------------------------------------------------------------------------
SAML config file
-----------------------------------------------------------------------------------------------------------------------------
[
{
  "ID": "Default",
  "LocalServiceProviderConfiguration": {
  "AssertionConsumerServiceUrl": "http://localhost:44339/Saml/AssertionConsumerService_1",
  "Name": "https://xxxxxxxxxxxxxxxxxxxxxxxxx",
  "LocalCertificates": [
   {
    "FileName": "*************",
    "Password": "*************"
   }
  ]
  },
  "PartnerIdentityProviderConfigurations": [
  {
   "Name": "https://xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
   "SignAuthnRequest": true,
   "SignLogoutRequest": true,
   "SignLogoutResponse": true,
   "WantSamlResponseSigned": false,
   "WantAssertionSigned": false,
   "SingleLogoutServiceBinding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST",
   "SingleSignOnServiceBinding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST",
   "SingleSignOnServiceUrl": "https://xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
   "SingleLogoutServiceUrl": "https://xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
   "PartnerCertificates": [
    {
    "FileName": "*****************"
    }
   ],
   "NameIDFormat": "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"
  }
  ]
}
]
------------------------------------------------------------------------------------------------------------------------------
Controller: Saml
Action Method: AssertionConsumerService_1
------------------------------------------------------------------------------------------------------------------------------
public async Task<ActionResult> AssertionConsumerService_1()
{
    var ssoResult = await _samlServiceProvider.ReceiveSsoAsync();
    var returnUrl = ssoResult.RelayState;

    var info = await HttpContext.AuthenticateAsync(IdentityServerConstants.ExternalCookieAuthenticationScheme);
   
   bool result = info.Succeeded;

//We are expecting it to be true so that we can write further logic. 

}

------------------------------------------------------------
ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (3.9K reputation)ComponentSpace Development (3.9K reputation)ComponentSpace Development (3.9K reputation)ComponentSpace Development (3.9K reputation)ComponentSpace Development (3.9K reputation)ComponentSpace Development (3.9K reputation)ComponentSpace Development (3.9K reputation)ComponentSpace Development (3.9K reputation)ComponentSpace Development (3.9K reputation)

Group: Administrators
Posts: 2.8K, Visits: 8.8K
Please take a look at the ExampleServiceProvider's SamlController.
It calls _signInManager.SignInAsync to login the user.
You should do something similar to sign-in the user locally.
Here's the code from the example.

public async Task<IActionResult> AssertionConsumerService()
{
  // Receive and process the SAML assertion contained in the SAML response.
  // The SAML response is received either as part of IdP-initiated or SP-initiated SSO.
  var ssoResult = await _samlServiceProvider.ReceiveSsoAsync();

  // Automatically provision the user.
  // If the user doesn't exist locally then create the user.
  // Automatic provisioning is an optional step.
  var user = await _userManager.FindByNameAsync(ssoResult.UserID);

  if (user == null)
  {
   user = new ApplicationUser { UserName = ssoResult.UserID, Email = ssoResult.UserID };
   var result = await _userManager.CreateAsync(user);

   if (!result.Succeeded)
   {
    throw new Exception($"The user {ssoResult.UserID} couldn't be created - {result}");
   }

   // For demonstration purposes, create some additional claims.
   if (ssoResult.Attributes != null)
   {
    var samlAttribute = ssoResult.Attributes.SingleOrDefault(a => a.Name == ClaimTypes.GivenName);

    if (samlAttribute != null)
    {
      await _userManager.AddClaimAsync(user, new Claim(ClaimTypes.GivenName, samlAttribute.ToString()));
    }

    samlAttribute = ssoResult.Attributes.SingleOrDefault(a => a.Name == ClaimTypes.Surname);

    if (samlAttribute != null)
    {
      await _userManager.AddClaimAsync(user, new Claim(ClaimTypes.Surname, samlAttribute.ToString()));
    }
   }
  }

  // Automatically login using the asserted identity.
  await _signInManager.SignInAsync(user, isPersistent: false);

  // Redirect to the target URL if specified.
  if (!string.IsNullOrEmpty(ssoResult.RelayState))
  {
   return LocalRedirect(ssoResult.RelayState);
  }

  return RedirectToPage("/Index");
}




Regards
ComponentSpace Development
arora_kushal
arora_kushal
New Member
New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)

Group: Forum Members
Posts: 4, Visits: 25
It worked but now I am getting following error.

SamlConfigurationException: Multiple SAML configurations exist but a configuration ID hasn't been specified
on
var ssoResult = await _samlServiceProvider.ReceiveSsoAsync();
--------------------------------------------------------------------------------------------------------------------
I have specified two SAML configurations. But loading them at run time like below:

[HttpGet]
    public async Task<IActionResult> ExternalLogin(string provider, string returnUrl)
   {
      var authR = _interaction.GetAuthorizationContextAsync(returnUrl).Result;
      string clientId = authR?.ClientId ?? "Default";
      await _samlProvider.SetConfigurationIDAsync(clientId);
      await _samlProvider.InitiateSsoAsync(relayState: returnUrl);
      return new EmptyResult();
    }



ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (3.9K reputation)ComponentSpace Development (3.9K reputation)ComponentSpace Development (3.9K reputation)ComponentSpace Development (3.9K reputation)ComponentSpace Development (3.9K reputation)ComponentSpace Development (3.9K reputation)ComponentSpace Development (3.9K reputation)ComponentSpace Development (3.9K reputation)ComponentSpace Development (3.9K reputation)

Group: Administrators
Posts: 2.8K, Visits: 8.8K
Please enable SAML trace and send the generated log file as an email attachment to [email protected] mentioning this forum topic.
https://www.componentspace.com/Forums/7936/Enabling-SAML-Trace



Regards
ComponentSpace Development
GO


Similar Topics


Execution: 0.000. 4 queries. Compression Enabled.
Login
Existing Account
Email Address:


Password:


Social Logins

Select a Forum....









Forums, Documentation & Knowledge Base - ComponentSpace


Search