Hey,
So, I've downloaded the sample MvcExampleIdentityProvider/MvcExampleServiceProvider projects, and managed to get them running locally, which is great.
I've tried to hook up an existing application as the identity provider, so I pointed the MvcExampleServiceProvider to use the existing app, but I can't seem to get the configuration right.
In MvcExampleServiceProvider, I've got this in saml.config -
<?xml version="1.0"?>
<SAMLConfiguration xmlns="urn:componentspace:SAML:2.0:configuration">
<ServiceProvider Name="http://external-web.devmachine.com"
AssertionConsumerServiceUrl="~/SAML/AssertionConsumerService"
LocalCertificateFile="sp.pfx"
LocalCertificatePassword="password"/>
<PartnerIdentityProvider Name="http://external-web.devmachine.com"
SignAuthnRequest="false"
WantSAMLResponseSigned="true"
WantAssertionSigned="false"
WantAssertionEncrypted="false"
SingleSignOnServiceUrl="http://external-web.devmachine.com/SAML/SSOService"
SingleLogoutServiceUrl="http://external-web.devmachine.com/SAML/SLOService"
PartnerCertificateFile="idp.cer"/>
</SAMLConfiguration>And in the web.config, I have -
<add key="PartnerIdP" value="http://external-web.devmachine.com"/>Now, in external-web.devmachine.com (the identity provider), I have this in my saml.config -
<?xml version="1.0"?>
<SAMLConfiguration xmlns="urn:componentspace:SAML:2.0:configuration">
<IdentityProvider Name="http://external-web.devmachine.com"
LocalCertificateFile="idp.pfx"
LocalCertificatePassword="password"/>
<PartnerServiceProvider Name="http://external-web.devmachine.com"
WantAuthnRequestSigned="false"
SignSAMLResponse="true"
SignAssertion="false"
EncryptAssertion="false"
AssertionConsumerServiceUrl="http://external-web.devmachine.com/SAML/AssertionConsumerService"
SingleLogoutServiceUrl="http://external-web.devmachine.com/SAML/SLOService"
PartnerCertificateFile="sp.cer"/>
</SAMLConfiguration>
Now, I can log in fine if I go to the service provider - it redirects to external-web, authenticates and redirects back. It all looks fine.
But, when I try to log out, it seems the SLOService in external-web is called twice. The first, the log out works correctly. The second time it is called, this error is thrown -
A logout response was unexpectedly received. Stack Trace: at ComponentSpace.SAML2.AbstractSAMLProvider.ProcessLogoutResponse(HttpRequestBase httpRequest, XmlElement logoutResponseElement, String signatureAlgorithm, String signature) in C:\Sandboxes\ComponentSpace\SAMLv20\Library\AbstractSAMLProvider.cs:line 387...
What is going wrong here? The only thing I can guess is that because the Identity Provider is listed as a PartnerServiceProvider within itself, it is trying to log out that service (not realising that it is itself). But if I remove that provider from the list, I cannot log in, as I get this error -
No partner service providers have been configured Stack Trace: at ComponentSpace.SAML2.Configuration.SAMLConfiguration.GetPartnerServiceProvider(String name) in C:\Sandboxes\ComponentSpace\SAMLv20\Library\Configuration\SAMLConfiguration.cs:line 669 at ComponentSpace.SAML2.InternalSAMLIdentityProvider.ReceiveSSO(HttpRequestBase httpRequest, String& partnerSP, SSOOptions& ssoOptions) in C:\Sandboxes\ComponentSpace\SAMLv20\Library\InternalSAMLIdentityProvider.cs:line 732...Any ideas would be appreciated!