ComponentSpace

Forums



First Time Confusion as an IdP


First Time Confusion as an IdP

Author
Message
techd
techd
New Member
New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)

Group: Forum Members
Posts: 1, Visits: 9
I am having issues creating a request as the IdP for a service provider.  I am using the following to initiate sso


SAMLIdentityProvider.InitiateSSO(
       Response,
       USERID,
       attributes,
       null,
       "ReadyServiceProvider"
      )


When doing this it just sends me directly to the login screen of the SP.  The directions from the SP are as follows:

SP Initiated SSO Example - How It Works:
1. User clicks on a login link from an email.
2. User is redirected to the login redirect URL with RelayState appended as a query string parameter. For example, the URL is: https://login-redirect-url?RelayState=2g53i5g32523rfghdf.
3. Identity Provider creates a SAML response with the POST message body consisting of: SAMLResponse=response&RelayState=2g53i5g32523rfghdf and posts it back to the system at the endpoint URL:
• US: https://secure.saashr.com/ta/company.login-saml, or
• EU: https://secure.workforceready.eu/ta/company.login-saml, or
• AUS: https://secure.workforceready.com.au/ta/company.login-saml.
4. After verifying the SAML response, the user is redirected to the appropriate first page based on the value of RelayState

My SAMLconfig looks like this


<PartnerServiceProvider Name="ReadyServiceProvider"
    WantAuthnRequestSigned="false"
    SignSAMLResponse="true"
    SignAssertion="false"
    EncryptAssertion="false"
    AssertionConsumerServiceUrl="https://secure.saashr.com/ta/company.login-saml"
    SingleLogoutServiceUrl="LOGOUTURL"
    PartnerCertificateFile="sp.cer"
  SignatureMethod="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>


Any help is appreciated
ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4K reputation)ComponentSpace Development (4K reputation)ComponentSpace Development (4K reputation)ComponentSpace Development (4K reputation)ComponentSpace Development (4K reputation)ComponentSpace Development (4K reputation)ComponentSpace Development (4K reputation)ComponentSpace Development (4K reputation)ComponentSpace Development (4K reputation)

Group: Administrators
Posts: 2.9K, Visits: 9.4K
SAMLIdentityProvider.InitiateSSO supports IdP-initiated SSO by creating and sending a SAML response to the SP.
The alternative flow is SP-initiated SSO where you call SAMLIdentityProvider.ReceiveSSO to receive and process the SAML authn request sent by the SP and after the user is authenticated you call SAMLIdentityProvider.SendSSO to create and send a SAML response to the SP.
In both cases the SAML response is sent to the configured AssertionConsumerServiceUrl.
Can you confirm whether you're supporting IdP-initiated or SP-initiated SSO?
Is https://login-redirect-url an endpoint in your IdP?
If so, as well as the RelayState query string parameter, is there a SAMLRequest parameter?

I recommend enabling SAML trace and sending the generated log file as an email attachment to [email protected] mentioning your forum post. We can then take a closer look at what's happening.
https://www.componentspace.com/Forums/17/Enabing-SAML-Trace



Regards
ComponentSpace Development
GO


Similar Topics


Execution: 0.000. 2 queries. Compression Enabled.
Login
Existing Account
Email Address:


Password:


Social Logins

Select a Forum....









Forums, Documentation & Knowledge Base - ComponentSpace


Search