ComponentSpace

Forums



SP initiated SSO - There is no pending service provider authentication request.


SP initiated SSO - There is no pending service provider authentication...

Author
Message
Pay
Pay
New Member
New Member (9 reputation)New Member (9 reputation)New Member (9 reputation)New Member (9 reputation)New Member (9 reputation)New Member (9 reputation)New Member (9 reputation)New Member (9 reputation)New Member (9 reputation)

Group: Forum Members
Posts: 6, Visits: 48
Hi there,

I am new to Component Space and manage to run highlevelAPI examples provided. However, i am running into an issue by using custom handler .ashx.Basically, i have set myself as IDP in this case. Here are the steps.

1. SP initiates the SSO though third party.
2. Redirect to my website which is a IDP via SAMLIdentityProvider.ReceiveSSO
3. Redirect to custom login page.
4. Login successfull, redirect back to SSOService.ashx
5. I then seeing error message "There is no pending service provider authentication request." on line SAMLIdentityProvider.SendSSO(context.Response, userName, attributes);

Can you help please? I reckon it might due to step 3 that redirected using CMS redirect helper class. What are the Response needed via SendSSO?

Thanks,
Pay



Pay
ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4K reputation)ComponentSpace Development (4K reputation)ComponentSpace Development (4K reputation)ComponentSpace Development (4K reputation)ComponentSpace Development (4K reputation)ComponentSpace Development (4K reputation)ComponentSpace Development (4K reputation)ComponentSpace Development (4K reputation)ComponentSpace Development (4K reputation)

Group: Administrators
Posts: 2.9K, Visits: 9.4K
Hi Pay,
We use a SAML session cookie to remember the SAML session state including whether a service provider authentication request is pending a response.
It sounds like this cookie is not being returned by the browser as part of the redirect.
I suggest using the browser developer tools to capture the HTTP traffic. You should see the "SAML_SessionId" cookie being set at the time of the SAMLServiceProvider.ReceiveSSO call. Hopefully the HTTP traffic capture will help you find why the browser isn't returning the cookie.
By default we mark the cookie as secure so if you're using HTTP rather than HTTPS this will stop the browser sending the cookie. You can change this setting if required although our recommendation is to use HTTPS and a secure cookie.


using ComponentSpace.SAML2.Data;

SessionIDDelegates.SecureSAMLCookie = false;



If you're not sure what the issue is, please enable SAML trace and send the generated log file as an email attachment to [email protected] mentioning your forum post.
https://www.componentspace.com/Forums/17/Enabing-SAML-Trace

Also save the browser network traffic capture as a HAR file and include this as an email attachment. Alternatively, use Fiddler for the capture and send the SAZ file.

Regards
ComponentSpace Development
Pay
Pay
New Member
New Member (9 reputation)New Member (9 reputation)New Member (9 reputation)New Member (9 reputation)New Member (9 reputation)New Member (9 reputation)New Member (9 reputation)New Member (9 reputation)New Member (9 reputation)

Group: Forum Members
Posts: 6, Visits: 48
Hi there,

Thank you. By using SessionIDDelegates.SecureSAMLCookie = false; it does do the trick.

Regards,
Pay

Pay
ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4K reputation)ComponentSpace Development (4K reputation)ComponentSpace Development (4K reputation)ComponentSpace Development (4K reputation)ComponentSpace Development (4K reputation)ComponentSpace Development (4K reputation)ComponentSpace Development (4K reputation)ComponentSpace Development (4K reputation)ComponentSpace Development (4K reputation)

Group: Administrators
Posts: 2.9K, Visits: 9.4K
Thanks for the update. Our recommendation is to use HTTPS and a secure cookie but this depends on your particular circumstances of course.

Regards
ComponentSpace Development
Pay
Pay
New Member
New Member (9 reputation)New Member (9 reputation)New Member (9 reputation)New Member (9 reputation)New Member (9 reputation)New Member (9 reputation)New Member (9 reputation)New Member (9 reputation)New Member (9 reputation)

Group: Forum Members
Posts: 6, Visits: 48
ComponentSpace - 6/19/2019
Thanks for the update. Our recommendation is to use HTTPS and a secure cookie but this depends on your particular circumstances of course.

Yes, aware about that. It was the localhost that i am currently trying to integrate.

Pay
ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4K reputation)ComponentSpace Development (4K reputation)ComponentSpace Development (4K reputation)ComponentSpace Development (4K reputation)ComponentSpace Development (4K reputation)ComponentSpace Development (4K reputation)ComponentSpace Development (4K reputation)ComponentSpace Development (4K reputation)ComponentSpace Development (4K reputation)

Group: Administrators
Posts: 2.9K, Visits: 9.4K
Fair enough.

Regards
ComponentSpace Development
GO


Similar Topics


Execution: 0.000. 2 queries. Compression Enabled.
Login
Existing Account
Email Address:


Password:


Social Logins

Select a Forum....









Forums, Documentation & Knowledge Base - ComponentSpace


Search