ComponentSpace

Forums



AspNetCore signinasync fails if AssertionConsumerServiceUrl does not contain hostname


AspNetCore signinasync fails if AssertionConsumerServiceUrl does not...

Author
Message
dominicOpenRoad
dominicOpenRoad
New Member
New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)

Group: Forum Members
Posts: 1, Visits: 6
Our application needs to be able to use multiple URLs for sign-in, which are not known on application startup.

To achieve this, I am trying to configure AssertionConsumerServiceUrl to be relative to the url used for logging in.

With AssertionConsumerServiceUrl set to "/auth/saml/assertionconsumerservice", the user is redirected to my AssertionConsumerService action, SignInAsync is successfully called & the login is logged as successful. 

The user is then redirected to the site homepage, but then the HttpContext.User's claims are empty, so the user is thrown back to the login page as an unauthenticated user.

If I change my configuration to use a full url for AssertionConsumerServiceUrl (ie http://mysite.com/auth/saml/assertionconsumerservice) , I see the user's Claims flow through correctly & the user is succesfully logged into the application.

I am wondering why the HttpContext.User's claims are empty if AssertionConsumerServiceUrl  does not contain the host name? 

Is this a bug in the SAML library? Or is there a configuration I can change to enable this relative AssertionConsumerServiceUrl  to work?







ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (3.9K reputation)ComponentSpace Development (3.9K reputation)ComponentSpace Development (3.9K reputation)ComponentSpace Development (3.9K reputation)ComponentSpace Development (3.9K reputation)ComponentSpace Development (3.9K reputation)ComponentSpace Development (3.9K reputation)ComponentSpace Development (3.9K reputation)ComponentSpace Development (3.9K reputation)

Group: Administrators
Posts: 2.8K, Visits: 8.8K
Currently absolute URLs are required.
The AssertionConsumerServiceUrl is included in the SAML authn request sent to the identity provider.
The identity provider will post the SAML response to this URL.
Please contact us at [email protected] so we can discuss this further and make this available to you in a beta release.

Regards
ComponentSpace Development
GO


Similar Topics


Execution: 0.000. 2 queries. Compression Enabled.
Login
Existing Account
Email Address:


Password:


Social Logins

Select a Forum....









Forums, Documentation & Knowledge Base - ComponentSpace


Search