Home
Products
Downloads
Purchase
Support
Forums
About
Back
Forums, Documentation & Knowledge Base - ComponentSpace
Register
Login
ComponentSpace
Forums
Home
»
ComponentSpace Support Forums
»
Questions - SAML SSO for ASP.NET Core
»
CanSloAsync() returns false
CanSloAsync() returns false
Post Reply
CanSloAsync() returns false
View
Options
Author
Message
kedi
kedi
Posted 4 Years Ago
#10767
New Member
Group: Forum Members
Posts: 8,
Visits: 48
In sp-iniated slo case, when calling
ssoStatus.CanSloAsync();
it always returns false. And
ssoStatus.IsSloCompletionPending();
returns false too.
What's the problem behind, how can troubleshot this problem?
Reply
ComponentSpace
ComponentSpace
Posted 4 Years Ago
#10768
ComponentSpace Development
Group: Administrators
Posts: 3.2K,
Visits: 11K
CanSloAsync returns false if there's been no previous SSO or if there has but there's no single logout service URL configured for the partner provider.
If there's still an issue, please enable SAML trace and send the generated log file as an email attachment to
[email protected]
mentioning your forum post.
https://www.componentspace.com/Forums/7936/Enabling-SAML-Trace
Regards
ComponentSpace Development
Reply
kedi
kedi
Posted 4 Years Ago
#10769
New Member
Group: Forum Members
Posts: 8,
Visits: 48
+
x
ComponentSpace - 3/15/2020
CanSloAsync returns false if there's been no previous SSO or if there has but there's no single logout service URL configured for the partner provider.
If there's still an issue, please enable SAML trace and send the generated log file as an email attachment to
[email protected]
mentioning your forum post.
https://www.componentspace.com/Forums/7936/Enabling-SAML-Trace
Hi there,
The tricky part is it works locally but when I publish to Azure, it failed logout.
Another thing that I just noticed is that once I clicked the 'logout' button, when it redirects to another exception page, the cookie value of 'saml-session' changed. Is it because those values do not match?
Btw, just to confirm that once a sso completes, both idp and sp will have a cookie named "saml-session" right? And they should have same value? Will to results to slo failure if the idp site does not hold this 'saml-session' cookie?
Thanks
Reply
ComponentSpace
ComponentSpace
Posted 4 Years Ago
#10770
ComponentSpace Development
Group: Administrators
Posts: 3.2K,
Visits: 11K
We use the saml-session cookie to remember the previous SSO state so we can support SLO. If the saml-session cookie isn't presented by the browser, it will be initialized with a new value and any previous SAML session state will be lost.
If both the IdP and SP applications are using our library, both will have a saml-session cookie. If both applications are running on the same host the saml-sessoon cookie value will be the same.
You may be running into issues with the recent Chrome update (version 80) which has changed the default behaviour of the SameSite cookie property. For more information, please refer to:
https://www.componentspace.com/Forums/10491/SAML-Cookie-SameSite-Mode-None
Regards
ComponentSpace Development
Reply
kedi
kedi
Posted 4 Years Ago
#10771
New Member
Group: Forum Members
Posts: 8,
Visits: 48
+
x
ComponentSpace - 3/15/2020
We use the saml-session cookie to remember the previous SSO state so we can support SLO. If the saml-session cookie isn't presented by the browser, it will be initialized with a new value and any previous SAML session state will be lost.
If both the IdP and SP applications are using our library, both will have a saml-session cookie. If both applications are running on the same host the saml-sessoon cookie value will be the same.
You may be running into issues with the recent Chrome update (version 80) which has changed the default behaviour of the SameSite cookie property. For more information, please refer to:
https://www.componentspace.com/Forums/10491/SAML-Cookie-SameSite-Mode-None
Thank you! When I was debugging, I found out that the idp site doesn't have this 'saml-session' cookie, will this result in fail of SLO?
Reply
ComponentSpace
ComponentSpace
Posted 4 Years Ago
#10772
ComponentSpace Development
Group: Administrators
Posts: 3.2K,
Visits: 11K
I'm assuming your site is the SP. What happens at the IdP as far as session state and cookies is independent from your SP. You mentioned that the saml-session cookie value changed. This indicates the SAML session state has been lost and I suspect it's caused by the Chrome 80 change I mentioned.
Regards
ComponentSpace Development
Reply
kedi
kedi
Posted 4 Years Ago
#10773
New Member
Group: Forum Members
Posts: 8,
Visits: 48
+
x
ComponentSpace - 3/16/2020
I'm assuming your site is the SP. What happens at the IdP as far as session state and cookies is independent from your SP. You mentioned that the saml-session cookie value changed. This indicates the SAML session state has been lost and I suspect it's caused by the Chrome 80 change I mentioned.
Hi team,
Thanks so much! Indeed it's the SameSite problem!
Reply
ComponentSpace
ComponentSpace
Posted 4 Years Ago
#10774
ComponentSpace Development
Group: Administrators
Posts: 3.2K,
Visits: 11K
Thanks for the update.
Regards
ComponentSpace Development
Reply
GO
Post Reply
Similar Topics
Post Quoted Reply
Login
Existing Account
Email Address:
Password:
Reset Your Password
Remember Me
Select a Forum....
ComponentSpace Support Forums
Questions - SAML SSO for ASP.NET
Questions - SAML SSO for ASP.NET Core
Questions - OpenID for ASP.NET Core
ComponentSpace Documentation
Announcements
Documentation - SAML SSO for ASP.NET
Documentation - SAML SSO for ASP.NET Core
Documentation - OpenID for ASP.NET Core
ComponentSpace Knowledge Bases
Knowledge Base - SAML SSO for ASP.NET
Knowledge Base - SAML SSO for ASP.NET Core
Knowledge Base - OpenID for ASP.NET Core
Explore
Home
Latest
Popular
Search
Tags
Forums
ComponentSpace Support Forums
Questions - SAML SSO for ASP.NET
Questions - SAML SSO for ASP.NET Core
Questions - OpenID for ASP.NET Core
ComponentSpace Documentation
Announcements
Documentation - SAML SSO for ASP.NET
Documentation - SAML SSO for ASP.NET Core
Documentation - OpenID for ASP.NET Core
ComponentSpace Knowledge Bases
Knowledge Base - SAML SSO for ASP.NET
Knowledge Base - SAML SSO for ASP.NET Core
Knowledge Base - OpenID for ASP.NET Core
Forums, Documentation & Knowledge Base - ComponentSpace
Login
Register
Search
Flat Ascending
Flat Descending
Threaded
Subscribe to topic
Print This Topic
Goto Topics Forum
Jump To Page
Jump To Page