ComponentSpace

Forums



Handling idP AuthnFailed responses


Handling idP AuthnFailed responses

Author
Message
fhoogduin
fhoogduin
New Member
New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)

Group: Forum Members
Posts: 2, Visits: 13
We have created a SP using the Middleware approach with the licensed SAML component in asp.net core 2.1.

The idP on our partner's side is PingFederate. Everything works like a charm when people use valid credentials.

However, under certain circumstances the idP server will return the following response:

...<samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Responder"><samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:AuthnFailed" /></samlp:StatusCode>...

Currently a SamlErrorStatusException is thrown, finally resulting in a 500 Internal Error response. Since a failed authentication is not an exceptional condition we would like to return a 401 UnAuthorized instead. This reflects what actually happened.

Using the existing documentation we could not discover how to implement this. Any help or example is appreciated.

Kind regards,
Fred
ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
Hi Fred
At the moment that's not supported.
It's something we will look at adding. Please email [email protected] to discuss early access to a beta.
It's worth noting that not all identity providers will send an AuthnFailed if login fails. Some will keep control until login is successful. Others may return a different error status.

Regards
ComponentSpace Development
fhoogduin
fhoogduin
New Member
New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)

Group: Forum Members
Posts: 2, Visits: 13
Is there any update on this issue?
ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
Support was added in v2.2.0.
The SamlAUthenticationOptions now include an ErrorUrl which defaults to "/Error".
If an error occurs during SSO, including receiving an error status, control is redirected to the ErrorUrl.
The application can then decide whether to display an error page or perform whatever functionality is required.

Regards
ComponentSpace Development
GO


Similar Topics


Execution: 0.000. 2 queries. Compression Enabled.
Login
Existing Account
Email Address:


Password:


Select a Forum....












Forums, Documentation & Knowledge Base - ComponentSpace


Search