ComponentSpace

Forums



An SP-initiated SAML response from Identity Provider was received unexpectedly.


An SP-initiated SAML response from Identity Provider was received...

Author
Message
Patrick Murtagh
Patrick Murtagh
New Member
New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)

Group: Forum Members
Posts: 2, Visits: 38
Hi there,

I'm building a SP Initiated approach for our application, using a mock identity provider that is pretty much the same as the Example ID Provider, provided.
The whole approach is closely based off the examples, aside from reading the Configuration from a DB when the SAML Request is initialled in the Service Provider.
However on receiving the response from the Identity Provider back into our application SAMLServiceProvider.ReceiveSSO() is throwing the following error
"An SP-initiated SAML response from Identity Provider was received unexpectedly."

I have the SAML Logs file from both SP and the ID-P and everything looks correct up, but I'm very new to this!
Assuming there something obvious I'm missing, just can't spot it, if anyone can help that would be excellent..

Thanks, Patrick
ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
Hi Patrick,

By default, we maintain SAML session state in memory and use a SAML_SessionId cookie to index this memory. The SAML session state is used in support of the SAML protocol and one of the checks we make is to ensure that when a SAML response with an InResponseTo field (ie SP-initiated SAML response) is received it's in response to a previously sent SAML authn request. If this check fails you'll see the "SP-initiated SAML response from Identity Provider was received unexpectedly" exception.

I suspect the SAML_SessionId cookie isn't being sent along with the SAML response.

The SAML_SessionId cookie is marked as Secure and SameSite=None. Please ensure you're using HTTPS rather than HTTP as the transport protocol.

If there's still an issue, please send the IdP and SP SAML log files as email attachments to [email protected] mentioning your forum post. Before testing the SSO, close all browsers to clear the session cookies.

Thanks.

Regards
ComponentSpace Development
Patrick Murtagh
Patrick Murtagh
New Member
New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)

Group: Forum Members
Posts: 2, Visits: 38
Awesome, that was exactally the cause, once I set my local env running HTTPS, everything came into line.
Thanks you kindly!
ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
You're very welcome. Thanks for the update.

Regards
ComponentSpace Development
Prashant
Prashant
New Member
New Member (11 reputation)New Member (11 reputation)New Member (11 reputation)New Member (11 reputation)New Member (11 reputation)New Member (11 reputation)New Member (11 reputation)New Member (11 reputation)New Member (11 reputation)

Group: Forum Members
Posts: 8, Visits: 18
ComponentSpace - 7/3/2023
You're very welcome. Thanks for the update.

Hi Team,

I'm having the same issue as well.I use OneLogin with SAML2, and my scenario is below.

1) I have two websites configured with OneLogin utilising Component Space.
2) When I am redirected to the first website ("It authenticates and provides user which is login send that username") after logging in to the second website using onelogin ("Without login directly provide user which is active current cookie "), operating properly in localhost
3) After deploying the modifications in the development environment using the correct URL and onelogin configuration
4) Right now, if I try to log in on the first website, everything works great. However, if I try to move to the second page, I receive the problem below. If I log in on the first website with the same user, however,
  on that console if i click 2 website working fine 

Now i am confused where is the error  

 

An SP-initiated SAML response from was received unexpectedly.

Thanks !
ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
The error usually means either the SAML_SessionId cookie is missing or the in-memory SAML state indexed by this cookie is missing.

Make sure to use HTTPS to access your application as the SAML_SessionId cookie is marked as Secure and SameSite=None.

Make sure you don't have any middleware etc configured that strips these attributes from the cookie.

Is your application deployed to a single server only? If not, you'll need to configure the load balancer to use sticky sessions or switch to a central SAML state store such as a database.

If there's still an issue, please enable SAML trace and send the generated log file as an email attachment to [email protected] mentioning your forum post.

https://www.componentspace.com/Forums/17/Enabing-SAML-Trace   

Regards
ComponentSpace Development
Prashant
Prashant
New Member
New Member (11 reputation)New Member (11 reputation)New Member (11 reputation)New Member (11 reputation)New Member (11 reputation)New Member (11 reputation)New Member (11 reputation)New Member (11 reputation)New Member (11 reputation)

Group: Forum Members
Posts: 8, Visits: 18
ComponentSpace - 10/19/2023
The error usually means either the SAML_SessionId cookie is missing or the in-memory SAML state indexed by this cookie is missing.

Make sure to use HTTPS to access your application as the SAML_SessionId cookie is marked as Secure and SameSite=None.

Make sure you don't have any middleware etc configured that strips these attributes from the cookie.

Is your application deployed to a single server only? If not, you'll need to configure the load balancer to use sticky sessions or switch to a central SAML state store such as a database.

If there's still an issue, please enable SAML trace and send the generated log file as an email attachment to [email protected] mentioning your forum post.

https://www.componentspace.com/Forums/17/Enabing-SAML-Trace   

Thanks for response !!!!

If we using " <httpCookies sameSite="Strict" httpOnlyCookies="true" requireSSL="true" />"  it's not allowing me to access and given below error ,  if we comment this everything work fine 
An SP-initiated SAML response from was received unexpectedly.

Thanks !
ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
What version of ASP.NET are you using?

Regards
ComponentSpace Development
Prashant
Prashant
New Member
New Member (11 reputation)New Member (11 reputation)New Member (11 reputation)New Member (11 reputation)New Member (11 reputation)New Member (11 reputation)New Member (11 reputation)New Member (11 reputation)New Member (11 reputation)

Group: Forum Members
Posts: 8, Visits: 18
ComponentSpace - 10/19/2023
What version of ASP.NET are you using?

I am using Asp.Net 4.6.1, Web-forms

thanks !
 
ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
I recommend moving to ASP.NET 4.8.

For more information, please refer to:

https://www.componentspace.com/forums/10843/Ramifications-of-setting-httpCookies-sameSite-in-webconfig


Regards
ComponentSpace Development
GO


Similar Topics


Execution: 0.000. 2 queries. Compression Enabled.
Login
Existing Account
Email Address:


Password:


Select a Forum....












Forums, Documentation & Knowledge Base - ComponentSpace


Search