ComponentSpace

Forums



IdP-initiated SSO basic question


IdP-initiated SSO basic question

Author
Message
GQ
GQ
New Member
New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)

Group: Forum Members
Posts: 2, Visits: 13
We are working on an IdP-initiated single sign-on integration.  We are the IdP.

The SP party has given us a SSO URL where they expect parameters on the URL. The url looks like this:  https://sp-sso-url/login.aspx?param1=x&param2=y

How should we configure the IdP to be able to support this?

Thanks in advance.

Regards,


ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
If the parameters are static, simply include them in your saml.config.
For example:


<PartnerServiceProvider
    Name="...."
    AssertionConsumerServiceUrl="https://sp-sso-url/login.aspx?param1=x&param2=y"


If the parameters are dynamic, there's a SAMLIdentityProvider.InitiateSSO overload that includes an assertionConsumerServiceUrl parameter. If specified this overrides the URL in your saml.config.

Regards
ComponentSpace Development
GQ
GQ
New Member
New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)

Group: Forum Members
Posts: 2, Visits: 13
ComponentSpace - 7/1/2019
If the parameters are static, simply include them in your saml.config.
For example:


<PartnerServiceProvider
    Name="...."
    AssertionConsumerServiceUrl="https://sp-sso-url/login.aspx?param1=x&param2=y"


If the parameters are dynamic, there's a SAMLIdentityProvider.InitiateSSO overload that includes an assertionConsumerServiceUrl parameter. If specified this overrides the URL in your saml.config.

Thanks for the response. The parameters are static and we have configured them in the saml.config file using your instructions. When we try hit the SP, we get the following error:

Stack Trace:

[XmlException: '=' is an unexpected token. The expected token is ';'. Line 15, position 89.]
 System.Xml.XmlTextReaderImpl.Throw(Exception e) +89
 System.Xml.XmlTextReaderImpl.HandleEntityReference(Boolean isInAttributeValue, EntityExpandType expandType, Int32& charRefEndPos) +251
 System.Xml.XmlTextReaderImpl.ParseAttributeValueSlow(Int32 curPos, Char quoteChar, NodeData attr) +611
 System.Xml.XmlTextReaderImpl.ParseAttributes() +1145
 System.Xml.XmlTextReaderImpl.ParseElement() +413
 System.Xml.XmlTextReaderImpl.ParseElementContent() +128
 System.Xml.XmlLoader.LoadNode(Boolean skipOverWhitespace) +92
 System.Xml.XmlLoader.LoadDocSequence(XmlDocument parentDoc) +26
 System.Xml.Xmldocument.Load(XmlReader reader) +136
 ComponentSpace.SAML2.Utility.Xml.LoadDocument(String xmlText) +182
 ComponentSpace.SAML2.Configuration.SAMLConfigurationFile.Load(String fileName) +195
 ComponentSpace.SAML2.SAMLController.Initialize() +206
 ComponentSpace.SAML2.InternalSAMLIdentityProvider..ctor() +14

We initiate the SSO with the following call:

SAMLIdentityProvider.InitiateSSO(Response,userName, attributes,targetUrl,partnerSP);

where partnerSP is "TestSP"

"TestSP" is defined in the saml.config file as follow:

<PartnerServiceProvider Name="TestSP"
          Description="TestSP"
          WantAuthnRequestSigned="true"
          SignSAMLResponse="true"
          SignAssertion="false"
          EncryptAssertion="false"
AssertionConsumerServiceUrl="http://uat.providersp.com/login.aspx?sso=1&carrierid=test"
          />

Something to note is that position 15,89 on the real saml.conf file corresponds to the second equal sign (=) between carrierid and test. So we are confused as to why it parsed the first param (sso=1) and it fails to parse the second (carrierid=test). 

Any idea what could be missing?



ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
You need to specify the entity reference &amp; to include an ampersand as an XML attribute value.
For example:
AssertionConsumerServiceUrl="http://uat.providersp.com/login.aspx?sso=1&amp;carrierid=test"



Regards
ComponentSpace Development
GO


Similar Topics


Execution: 0.000. 3 queries. Compression Enabled.
Login
Existing Account
Email Address:


Password:


Select a Forum....












Forums, Documentation & Knowledge Base - ComponentSpace


Search