Forums, Documentation & Knowledge Base - ComponentSpace

AspNetCore signinasync fails if AssertionConsumerServiceUrl does not contain hostname

By dominicOpenRoad - 7/25/2018

Our application needs to be able to use multiple URLs for sign-in, which are not known on application startup.

To achieve this, I am trying to configure AssertionConsumerServiceUrl to be relative to the url used for logging in.

With AssertionConsumerServiceUrl set to "/auth/saml/assertionconsumerservice", the user is redirected to my AssertionConsumerService action, SignInAsync is successfully called & the login is logged as successful. 

The user is then redirected to the site homepage, but then the HttpContext.User's claims are empty, so the user is thrown back to the login page as an unauthenticated user.

If I change my configuration to use a full url for AssertionConsumerServiceUrl (ie , I see the user's Claims flow through correctly & the user is succesfully logged into the application.

I am wondering why the HttpContext.User's claims are empty if AssertionConsumerServiceUrl  does not contain the host name? 

Is this a bug in the SAML library? Or is there a configuration I can change to enable this relative AssertionConsumerServiceUrl  to work?

By ComponentSpace - 7/25/2018

Currently absolute URLs are required.
The AssertionConsumerServiceUrl is included in the SAML authn request sent to the identity provider.
The identity provider will post the SAML response to this URL.
Please contact us at [email protected] so we can discuss this further and make this available to you in a beta release.