Forums, Documentation & Knowledge Base - ComponentSpace

Initiate and Assert happens in different domain


https://componentspace.com/forums/Topic11640.aspx

By Fiona - 7/6/2021

Hi, can I use one domain to initiate sso but the other domain to assert sso response? 
I am using redis cache to save saml sessions, but I always receive a SamlProtocolException after assertion.

2021-07-07 01:12:20.088 +00:00 [ERR] Receiving an SSO response from a partner identity provider has failed.
ComponentSpace.Saml2.Exceptions.SamlProtocolException: An SP-initiated SAML response from xxx was received unexpectedly.
 at ComponentSpace.Saml2.SamlServiceProvider.CheckInResponseTo(String inResponseTo)
 at ComponentSpace.Saml2.SamlServiceProvider.ProcessSamlResponseAsync(XmlElement samlResponseElement, String relayState)
 at ComponentSpace.Saml2.SamlServiceProvider.ReceiveSsoAsync()

Thanks for help
By ComponentSpace - 7/6/2021

We use a cookie to keep track of the SAML session state. The cookie can be shared between subdomains but not separate domains.

By default the cookie's domain is not set so it applies to the current host. You can specify the domain in the application's Startup.ConfigureServices.


using ComponentSpace.Saml2.Session;
using ComponentSpace.Saml2.Bindings;

services.Configure<CookieSsoSessionStoreOptions>(options =>
{
  options.CookieOptions = new CookieOptions()
  {
   Domain = "xyz.com"
  };
});