An SP-initiated SAML response from https://sts.windows.net/xxxxxx was received unexpectedly.

Hi Team ,
I’m getting below exception after calling var ssoResult = await _samlServiceProvider.ReceiveSsoAsync();

Not able to get know root cause and solution to overcome this exception.

Exception -

Category: ComponentSpace.Saml2.SamlServiceProvider
EventId: 100
SpanId: 654ffc6cce5f357f
TraceId: 77b7f85571a40aacc1f7ca32047024e3
ParentId: 0000000000000000

Receiving an SSO response from a partner identity provider has failed.

Exception:
ComponentSpace.Saml2.Exceptions.SamlProtocolException: An SP-initiated SAML response from https://sts.windows.net/xxxxxxxx/ was received unexpectedly.
at ComponentSpace.Saml2.SamlServiceProvider.CheckInResponseTo(String inResponseTo)
at ComponentSpace.Saml2.SamlServiceProvider.ProcessSamlResponseAsync(XmlElement samlResponseElement, String relayState)
at ComponentSpace.Saml2.SamlServiceProvider.ReceiveSsoAsync()

FYI - I have one SP and only one IDP configured in SAML . I’m using ComponentSpace.Saml2 4.10.0 and my SP is build using Asp.net core 6 .
Also below configuration is already done in start up.
builder.Services.AddSaml().AddConfigurationResolver();

builder.Services.Configure(options =>
{
options.MinimumSameSitePolicy = SameSiteMode.None;
});

builder.Services.ConfigureApplicationCookie(options =>
{
options.Cookie.Name = “xcm”;
options.Cookie.SameSite = SameSiteMode.None;
});



can someone please guide here.

Please enable SAML trace and send the generated log file as an email attachment to support@componentspace.com.

https://www.componentspace.com/forums/7936/Enabling-SAML-Trace

Hi Team ,

The saml log files has been sent to support@componentspace.com with email subject - https://www.componentspace.com/forums/FindPost12613.aspx

Please have look and guide me.

Awaiting your response.

Thank you for sending the log file.

It shows that you’re using the AspNetSsoSessionStore rather than the default DistributedSsoSessionStore. This means that session state is saved in the ASP.NET Core session rather than using a separate cookie and backing store.

The log also shows that the HTTP Post of the SAML response doesn’t include the ASP.NET Core session cookie or any other cookies.

If you wish to use AspNetSsoSessionStore, make sure the ASP.NET Core session cookie is configured properly. This includes specifying the options Secure and SameSite=None.


builder.Services.AddDistributedMemoryCache();

builder.Services.AddSession(options =>
{
options.Cookie.HttpOnly = true;
options.Cookie.IsEssential = true;
options.Cookie.SecurePolicy = CookieSecurePolicy.Always;
options.Cookie.SameSite = SameSiteMode.None;
});



For most scenarios, we recommend using the default DistributedSsoSessionStore.

Hi Team ,

Using above suggested settings worked perfect for my local development server.

But now facing same issues when deployed on Web Server in upper environments.
However, i understand that in upper environment where I deployed code - There is load balancer and two server available to serve the requests to my application.
So, I understood i must use DistributedSsoSessionStore to make it work.

Can you please help me with DistributedSsoSessionStore what changes needs to be done wrt to SSO implementation. We also have Redis store used in upper environments. using default DistributedSsoSessionStore what does mean exactly .
can you please redirect me any example or code snippet to understand it. I don't want to disturb my existing functionality in application so looking for specific settings /code snippet wrt to SSO integration only. Please guide.

Please take a look at our Web Farm guide.

https://www.componentspace.com/documentation/saml-for-asp-net-core/ComponentSpace%20SAML%20for%20ASP.NET%20Core%20Web%20Farm%20Guide.pdf

The guide describes what’s required to store SAML session state in a Redis store and includes some code snippets.

Note that this is only required if the load balancer doesn’t employ sticky sessions.

Hi Team ,

As per given web farm guide i enable to use Redis store for SSO session with below code snippet in program.cs and disable AspNetSsoSessionStore dependencies as below ..

//builder.Services.AddScoped();
builder.Services.AddScoped();

// Add the Redis cache.
builder.Services.AddStackExchangeRedisCache(option =>
{
option.Configuration = builder.Configuration["RedisConnection"];
});
After this changes, I'm getting below exception - Can you please advice on this ? I'm stuck here not getting root cause and solution on this.
Exception -

ERROR Initiation of SSO to the partner identity provider xcm has failed.
ComponentSpace.Saml2.Exceptions.SamlBindingException: Failed to send the SAML message over HTTP-Redirect.
---> System.NullReferenceException: Object reference not set to an instance of an object.
at ComponentSpace.Saml2.Bindings.AspNetHttpResponse.Redirect(String url)
at ComponentSpace.Saml2.Bindings.Redirect.HttpRedirectBinding.SendMessageAsync(String url, String message, Boolean isResponse, String relayState, AsymmetricAlgorithm key, String signatureAlgorithm)
--- End of inner exception stack trace ---
at ComponentSpace.Saml2.Bindings.Redirect.HttpRedirectBinding.SendMessageAsync(String url, String message, Boolean isResponse, String relayState, AsymmetricAlgorithm key, String signatureAlgorithm)
at ComponentSpace.Saml2.SamlProvider.SendMessageAsync(String destinationUrl, String binding, XmlElement messageElement, Boolean isResponse, String relayState, AsymmetricAlgorithm key, String signatureAlgorithm)
at ComponentSpace.Saml2.SamlServiceProvider.SendAuthnRequestAsync(XmlElement authnRequestElement, String relayState, String singleSignOnServiceUrl)
at ComponentSpace.Saml2.SamlServiceProvider.InitiateSsoAsync(String partnerName, String relayState, ISsoOptions ssoOptions)
2024-02-08 11:08:13,356 ERROR inside RequestLoginAtIdentityProvider method Failed to send the SAML message over HTTP-Redirect.

Please enable SAML trace and send the generated log file as an email attachment to support@componentspace.com mentioning your forum post.

https://www.componentspace.com/forums/7936/Enabling-SAML-Trace

Please find the SAML log here -

2024-02-07 23:34:44,848 INFO Application started. Press Ctrl+C to shut down.
2024-02-07 23:34:44,859 INFO Hosting environment: Production
2024-02-07 23:34:44,859 INFO Content root path: C:\inetpub\wwwroot\XCMROOT\TranscendXCMApp\WorkflowWeb\
2024-02-07 23:46:09,601 INFO ComponentSpace.Saml2, Version=4.8.0.0, Culture=neutral, PublicKeyToken=16647a1283418145, .NET 6.0 build, Licensed.
2024-02-07 23:46:09,605 INFO CLR: .NET 6.0.8, OS: Microsoft Windows 10.0.14393, Culture: English (United States)
2024-02-07 23:46:09,606 DEBUG Configuration resolver: WK.Workflow.Web.CustomConfigurationResolver
2024-02-07 23:46:09,607 DEBUG Certificate manager: ComponentSpace.Saml2.Certificates.CertificateManager
2024-02-07 23:46:09,607 DEBUG Certificate loader: ComponentSpace.Saml2.Certificates.CachedCertificateLoader
2024-02-07 23:46:09,607 DEBUG ID cache: ComponentSpace.Saml2.Cache.DistributedIDCache
2024-02-07 23:46:09,607 DEBUG Artifact cache: ComponentSpace.Saml2.Cache.DistributedArtifactCache
2024-02-07 23:46:09,607 DEBUG SSO session store: ComponentSpace.Saml2.Session.DistributedSsoSessionStore
2024-02-07 23:46:09,607 DEBUG SAML configuration:
WK.Workflow.Web.CustomConfigurationResolver
2024-02-07 23:46:09,608 DEBUG The SAML SSO environment has been successfully initialized.
2024-02-07 23:46:09,728 INFO XCM Connection String Returns :XCMDatasource
2024-02-07 23:46:10,128 INFO Inside AddRelayState
2024-02-07 23:46:10,304 DEBUG Initiating SSO to the partner identity provider https://sts.windows.net/8ac76c91-e7f1-41ff-a89c-3553b2da2c17/.
2024-02-07 23:46:10,353 DEBUG The SSO session ID d9e27f3f-d1e8-47ae-8411-495c88b935e6 has been saved to the saml-session cookie.
2024-02-07 23:46:10,354 DEBUG HTTP cookie: saml-session=d9e27f3f-d1e8-47ae-8411-495c88b935e6; Path=/; SameSite=None; Secure; HttpOnly
2024-02-07 23:46:10,360 DEBUG SSO session state is being initialized.
2024-02-07 23:46:10,362 DEBUG SSO session state for saml-session-d9e27f3f-d1e8-47ae-8411-495c88b935e6-SamlState is being saved to the distributed cache.
2024-02-07 23:46:10,579 DEBUG SAML session state (d9e27f3f-d1e8-47ae-8411-495c88b935e6):
SP state:

2024-02-07 23:46:10,588 INFO XCM Connection String Returns :XCMDatasource
2024-02-07 23:46:10,640 DEBUG Constructing an authn request.
2024-02-07 23:46:10,646 DEBUG Authn request: https://login.microsoftonline.com/8ac76c91-e7f1-41ff-a89c-3553b2da2c17/saml2" ForceAuthn="false" IsPassive="false" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" AssertionConsumerServiceURL="https://transcend-workflow.devcchaxcess.com/workflowweb/sso/AssertionConsumerService" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">sso.xcmsolutions.com
2024-02-07 23:46:10,646 DEBUG SSO session state for saml-session-d9e27f3f-d1e8-47ae-8411-495c88b935e6-SamlState is being saved to the distributed cache.
2024-02-07 23:46:10,688 DEBUG Sending the SAML authn request.
2024-02-07 23:46:10,698 DEBUG Loading the X.509 certificate from the file C:\inetpub\wwwroot\XCMROOT\TranscendXCMApp\WorkflowWeb\certificates/sp.pfx.
2024-02-07 23:46:10,828 DEBUG The X.509 certificate with subject name CN=www.sp.com, serial number 0867A17DC9EFEABE4CCBF7E7ADB7C37A and thumbprint 427A3D5B39DF593B1D44B769D3697AEDF00FD83F has been loaded.
2024-02-07 23:46:10,847 DEBUG The X.509 certificate with subject name CN=www.sp.com, serial number 0867A17DC9EFEABE4CCBF7E7ADB7C37A and thumbprint 427A3D5B39DF593B1D44B769D3697AEDF00FD83F has been cached.
2024-02-07 23:46:10,849 DEBUG The X.509 certificate with subject name CN=www.sp.com, serial number 0867A17DC9EFEABE4CCBF7E7ADB7C37A and thumbprint 427A3D5B39DF593B1D44B769D3697AEDF00FD83F is being validated.
2024-02-07 23:46:10,850 DEBUG The certificate has been validated and expires on 12/31/2049 9:00:00 AM.
2024-02-07 23:46:10,863 DEBUG Sending a SAML message over HTTP-Redirect.
2024-02-07 23:46:10,864 DEBUG Creating an HTTP-Redirect URL.
2024-02-07 23:46:10,864 DEBUG SAML request: https://login.microsoftonline.com/8ac76c91-e7f1-41ff-a89c-3553b2da2c17/saml2" ForceAuthn="false" IsPassive="false" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" AssertionConsumerServiceURL="https://transcend-workflow.devcchaxcess.com/workflowweb/sso/AssertionConsumerService" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">sso.xcmsolutions.com
2024-02-07 23:46:10,864 DEBUG Relay State: 5cc65b31-73fb-48c3-ac42-f58c4a8632fd
2024-02-07 23:46:10,868 DEBUG Encoding SAML message: https://login.microsoftonline.com/8ac76c91-e7f1-41ff-a89c-3553b2da2c17/saml2" ForceAuthn="false" IsPassive="false" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" AssertionConsumerServiceURL="https://transcend-workflow.devcchaxcess.com/workflowweb/sso/AssertionConsumerService" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">sso.xcmsolutions.com
2024-02-07 23:46:10,871 DEBUG Encoded SAML message: fZJPb9swDMW/iqG7bNl140RIAmQNhgXoWqNJe9hlkGm6ESZLmSgn2bef7fTPdmivFB/5fo+ak2rNQa66sLcP+LtDCtFmvWA/62aSphVmHNK64DmIhlcoBIeqzqqiakQ2S1n0hJ60swuWxYJFG6ION5aCsqEviSznIuNiuhO5zCcyFT9YtO43aKvCqNqHcCCZJMY9axu3Grwj1wRnjbYYg2uTqYJiArOUY9GkPE+bhqvpDPjV9fVVldUqg7RIBoaMRV+dBxxJFqxRhnBwVCoifcS3SuldcODMF21rbZ8XrPNWOkWapFUtkgwgt6vvt7InktWlieS33a7k5f12x6IVEfrB/o2z1LXot+iPGvDx4fYdKHhlCdDW/OT8r8a4U1zjEWCvzoBEI9rrywmrhMglHw1m0bk1luR4qc/9Hl7g2HI+dMvxIP4f/efyPqqLA7bsDcVnaMmZbiiMjudj0C9DLxsO8q6fslmXzmj4E61Mz3PjUYX3wJPlRff/J1v+BQ==
2024-02-07 23:46:10,874 DEBUG Signing data: 53 41 4d 4c 52 65 71 75 65 73 74 3d 66 5a 4a 50 62 39 73 77 44 4d 57 25 32 46 69 71 47 37 62 4e 6c 31 34 30 52 49 41 6d 51 4e 68 67 58 6f 57 71 4e 4a 65 39 68 6c 6b 47 6d 36 45 53 5a 4c 6d 53 67 6e 32 62 65 66 37 66 54 50 64 6d 69 76 46 42 25 32 46 35 66 6f 25 32 42 61 6b 32 72 4e 51 61 36 36 73 4c 63 50 25 32 42 4c 74 44 43 74 46 6d 76 57 41 25 32 46 36 32 61 53 70 68 56 6d 48 4e 4b 36 34 44 6d 49 68 6c 63 6f 42 49 65 71 7a 71 71 69 61 6b 51 32 53 31 6e 30 68 4a 36 30 73 77 75 57 78 59 4a 46 47 36 49 4f 4e 35 61 43 73 71 45 76 69 53 7a 6e 49 75 4e 69 75 68 4f 35 7a 43 63 79 46 54 39 59 74 4f 34 33 61 4b 76 43 71 4e 71 48 63 43 43 5a 4a 4d 59 39 61 78 75 33 47 72 77 6a 31 77 52 6e 6a 62 59 59 67 32 75 54 71 59 4a 69 41 72 4f 55 59 39 47 6b 50 45 25 32 42 62 68 71 76 70 44 50 6a 56 39 66 56 56 6c 64 55 71 67 37 52 49 42 6f 61 4d 52 56 25 32 42 64 42 78 78 4a 46 71 78 52 68 6e 42 77 56 43 6f 69 66 63 53 33 53 75 6c 64 63 4f 44 4d 46 32 31 72 62 5a 38 58 72 50 4e 57 4f 6b 57 61 70 46 55 74 6b 67 77 67 74 36 76 76 74 37 49 6e 6b 74 57 6c 69 65 53 33 33 61 37 6b 35 66 31 32 78 36 49 56 45 66 72 42 25 32 46 6f 32 7a 31 4c 58 6f 74 25 32 42 69 50 47 76 44 78 34 66 59 64 4b 48 68 6c 43 64 44 57 25 32 46 4f 54 38 72 38 61 34 55 31 7a 6a 45 57 43 76 7a 6f 42 45 49 39 72 72 79 77 6d 72 68 4d 67 6c 48 77 31 6d 30 62 6b 31 6c 75 52 34 71 63 25 32 46 39 48 6c 37 67 32 48 49 25 32 42 64 4d 76 78 49 50 34 66 25 32 46 65 66 79 50 71 71 4c 41 37 62 73 44 63 56 6e 61 4d 6d 5a 62 69 69 4d 6a 75 64 6a 30 43 39 44 4c 78 73 4f 38 71 36 66 73 6c 6d 58 7a 6d 6a 34 45 36 31 4d 7a 33 50 6a 55 59 58 33 77 4a 50 6c 52 66 66 25 32 46 4a 31 76 25 32 42 42 51 25 33 44 25 33 44 26 52 65 6c 61 79 53 74 61 74 65 3d 35 63 63 36 35 62 33 31 2d 37 33 66 62 2d 34 38 63 33 2d 61 63 34 32 2d 66 35 38 63 34 61 38 36 33 32 66 64 26 53 69 67 41 6c 67 3d 68 74 74 70 25 33 41 25 32 46 25 32 46 77 77 77 2e 77 33 2e 6f 72 67 25 32 46 32 30 30 31 25 32 46 30 34 25 32 46 78 6d 6c 64 73 69 67 2d 6d 6f 72 65 25 32 33 72 73 61 2d 73 68 61 32 35 36
2024-02-07 23:46:10,874 DEBUG Signature algorithm: http://www.w3.org/2001/04/xmldsig-more#rsa-sha256.
2024-02-07 23:46:10,885 DEBUG Signature: c1 e0 97 bb 2e 1b 31 21 6b 5a 15 01 ea 3e 67 85 16 d6 08 4d 7d 5c 23 4d 51 99 b1 01 12 b0 94 63 58 eb df cb c2 ff 1c 8b d2 48 86 d6 52 90 11 87 80 9f c8 82 53 57 a0 f8 88 f6 1b d2 fb d4 7c 6c 24 6b 67 98 9f d4 71 ce 69 c4 7a bc 72 04 6d ff 70 bb 54 02 1c f3 12 a7 03 de 3d 3b 2c 35 08 a9 7e d3 8e 8d fd 91 ca 44 a3 5b c2 ae 91 f2 9f 34 67 bd d6 65 2f ec 9e 41 0e ff 1f f1 91 00 ae a3 9f 3c 60 70 b0 05 b2 07 95 9d ec 4a 46 6e 34 48 c5 3b 4b ea f5 26 5d 05 2b 4d b7 47 4e c7 67 e9 87 1c f7 68 23 95 1e 94 27 fa dc a8 4b b9 11 57 ca ab 4f da e2 11 57 b2 bf 23 22 f8 08 b9 4f ac 7d 30 b0 40 7a 0d 90 42 d0 d4 94 41 15 27 2e 15 ac c5 19 d5 bb 8e 61 cf 1f a0 48 43 54 0d 6c 31 e3 38 8a d9 41 11 1b 10 f4 5c d7 b9 09 6f fe c5 c4 e9 b6 00 c6 d9 0d ba 9c 09 bb 40 87 83 d7 ef
2024-02-07 23:46:10,885 DEBUG HTTP Redirect URL: https://login.microsoftonline.com/8ac76c91-e7f1-41ff-a89c-3553b2da2c17/saml2?SAMLRequest=fZJPb9swDMW%2FiqG7bNl140RIAmQNhgXoWqNJe9hlkGm6ESZLmSgn2bef7fTPdmivFB%2F5fo%2Bak2rNQa66sLcP%2BLtDCtFmvWA%2F62aSphVmHNK64DmIhlcoBIeqzqqiakQ2S1n0hJ60swuWxYJFG6ION5aCsqEviSznIuNiuhO5zCcyFT9YtO43aKvCqNqHcCCZJMY9axu3Grwj1wRnjbYYg2uTqYJiArOUY9GkPE%2BbhqvpDPjV9fVVldUqg7RIBoaMRV%2BdBxxJFqxRhnBwVCoifcS3SuldcODMF21rbZ8XrPNWOkWapFUtkgwgt6vvt7InktWlieS33a7k5f12x6IVEfrB%2Fo2z1LXot%2BiPGvDx4fYdKHhlCdDW%2FOT8r8a4U1zjEWCvzoBEI9rrywmrhMglHw1m0bk1luR4qc%2F9Hl7g2HI%2BdMvxIP4f%2FefyPqqLA7bsDcVnaMmZbiiMjudj0C9DLxsO8q6fslmXzmj4E61Mz3PjUYX3wJPlRff%2FJ1v%2BBQ%3D%3D&RelayState=5cc65b31-73fb-48c3-ac42-f58c4a8632fd&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=weCXuy4bMSFrWhUB6j5nhRbWCE19XCNNUZmxARKwlGNY69%2FLwv8ci9JIhtZSkBGHgJ%2FIglNXoPiI9hvS%2B9R8bCRrZ5if1HHOacR6vHIEbf9wu1QCHPMSpwPePTssNQipftOOjf2RykSjW8KukfKfNGe91mUv7J5BDv8f8ZEArqOfPGBwsAWyB5Wd7EpGbjRIxTtL6vUmXQUrTbdHTsdn6Ycc92gjlR6UJ%2FrcqEu5EVfKq0%2Fa4hFXsr8jIvgIuU%2BsfTCwQHoNkELQ1JRBFScuFazFGdW7jmHPH6BIQ1QNbDHjOIrZQREbEPRc17kJb%2F7FxOm2AMbZDbqcCbtAh4PX7w%3D%3D
2024-02-07 23:46:10,886 DEBUG Redirecting to: https://login.microsoftonline.com/8ac76c91-e7f1-41ff-a89c-3553b2da2c17/saml2?SAMLRequest=fZJPb9swDMW%2FiqG7bNl140RIAmQNhgXoWqNJe9hlkGm6ESZLmSgn2bef7fTPdmivFB%2F5fo%2Bak2rNQa66sLcP%2BLtDCtFmvWA%2F62aSphVmHNK64DmIhlcoBIeqzqqiakQ2S1n0hJ60swuWxYJFG6ION5aCsqEviSznIuNiuhO5zCcyFT9YtO43aKvCqNqHcCCZJMY9axu3Grwj1wRnjbYYg2uTqYJiArOUY9GkPE%2BbhqvpDPjV9fVVldUqg7RIBoaMRV%2BdBxxJFqxRhnBwVCoifcS3SuldcODMF21rbZ8XrPNWOkWapFUtkgwgt6vvt7InktWlieS33a7k5f12x6IVEfrB%2Fo2z1LXot%2BiPGvDx4fYdKHhlCdDW%2FOT8r8a4U1zjEWCvzoBEI9rrywmrhMglHw1m0bk1luR4qc%2F9Hl7g2HI%2BdMvxIP4f%2FefyPqqLA7bsDcVnaMmZbiiMjudj0C9DLxsO8q6fslmXzmj4E61Mz3PjUYX3wJPlRff%2FJ1v%2BBQ%3D%3D&RelayState=5cc65b31-73fb-48c3-ac42-f58c4a8632fd&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=weCXuy4bMSFrWhUB6j5nhRbWCE19XCNNUZmxARKwlGNY69%2FLwv8ci9JIhtZSkBGHgJ%2FIglNXoPiI9hvS%2B9R8bCRrZ5if1HHOacR6vHIEbf9wu1QCHPMSpwPePTssNQipftOOjf2RykSjW8KukfKfNGe91mUv7J5BDv8f8ZEArqOfPGBwsAWyB5Wd7EpGbjRIxTtL6vUmXQUrTbdHTsdn6Ycc92gjlR6UJ%2FrcqEu5EVfKq0%2Fa4hFXsr8jIvgIuU%2BsfTCwQHoNkELQ1JRBFScuFazFGdW7jmHPH6BIQ1QNbDHjOIrZQREbEPRc17kJb%2F7FxOm2AMbZDbqcCbtAh4PX7w%3D%3D
2024-02-07 23:46:10,888 ERROR Initiation of SSO to the partner identity provider https://sts.windows.net/8ac76c91-e7f1-41ff-a89c-3553b2da2c17/ has failed.
ComponentSpace.Saml2.Exceptions.SamlBindingException: Failed to send the SAML message over HTTP-Redirect.
---> System.NullReferenceException: Object reference not set to an instance of an object.
at ComponentSpace.Saml2.Bindings.AspNetHttpResponse.Redirect(String url)
at ComponentSpace.Saml2.Bindings.Redirect.HttpRedirectBinding.SendMessageAsync(String url, String message, Boolean isResponse, String relayState, AsymmetricAlgorithm key, String signatureAlgorithm)
--- End of inner exception stack trace ---
at ComponentSpace.Saml2.Bindings.Redirect.HttpRedirectBinding.SendMessageAsync(String url, String message, Boolean isResponse, String relayState, AsymmetricAlgorithm key, String signatureAlgorithm)
at ComponentSpace.Saml2.SamlProvider.SendMessageAsync(String destinationUrl, String binding, XmlElement messageElement, Boolean isResponse, String relayState, AsymmetricAlgorithm key, String signatureAlgorithm)
at ComponentSpace.Saml2.SamlServiceProvider.SendAuthnRequestAsync(XmlElement authnRequestElement, String relayState, String singleSignOnServiceUrl)
at ComponentSpace.Saml2.SamlServiceProvider.InitiateSsoAsync(String partnerName, String relayState, ISsoOptions ssoOptions)
2024-02-07 23:46:10,912 ERROR inside RequestLoginAtIdentityProvider method Failed to send the SAML message over HTTP-Redirect.
2024-02-07 23:46:18,335 INFO Application started. Press Ctrl+C to shut down.
2024-02-07 23:46:18,345 INFO Hosting environment: Production
2024-02-07 23:46:18,345 INFO Content root path: C:\inetpub\wwwroot\XCMROOT\TranscendXCMApp\WorkflowWeb\
2024-02-07 23:48:53,673 INFO ComponentSpace.Saml2, Version=4.8.0.0, Culture=neutral, PublicKeyToken=16647a1283418145, .NET 6.0 build, Licensed.
2024-02-07 23:48:53,676 INFO CLR: .NET 6.0.8, OS: Microsoft Windows 10.0.14393, Culture: English (United States)
2024-02-07 23:48:53,676 DEBUG Configuration resolver: WK.Workflow.Web.CustomConfigurationResolver
2024-02-07 23:48:53,677 DEBUG Certificate manager: ComponentSpace.Saml2.Certificates.CertificateManager
2024-02-07 23:48:53,677 DEBUG Certificate loader: ComponentSpace.Saml2.Certificates.CachedCertificateLoader
2024-02-07 23:48:53,677 DEBUG ID cache: ComponentSpace.Saml2.Cache.DistributedIDCache
2024-02-07 23:48:53,677 DEBUG Artifact cache: ComponentSpace.Saml2.Cache.DistributedArtifactCache
2024-02-07 23:48:53,677 DEBUG SSO session store: ComponentSpace.Saml2.Session.DistributedSsoSessionStore
2024-02-07 23:48:53,677 DEBUG SAML configuration:
WK.Workflow.Web.CustomConfigurationResolver
2024-02-07 23:48:53,677 DEBUG The SAML SSO environment has been successfully initialized.
2024-02-07 23:48:53,729 INFO XCM Connection String Returns :XCMDatasource
2024-02-07 23:48:53,970 INFO Inside AddRelayState
2024-02-07 23:48:54,137 DEBUG Initiating SSO to the partner identity provider https://sts.windows.net/8ac76c91-e7f1-41ff-a89c-3553b2da2c17/.
2024-02-07 23:48:54,144 DEBUG The SSO session ID 8fedae36-c5c4-4eda-88c3-743b00f91836 has been saved to the saml-session cookie.
2024-02-07 23:48:54,145 DEBUG HTTP cookie: saml-session=8fedae36-c5c4-4eda-88c3-743b00f91836; Path=/; SameSite=None; Secure; HttpOnly
2024-02-07 23:48:54,150 DEBUG SSO session state is being initialized.
2024-02-07 23:48:54,151 DEBUG SSO session state for saml-session-8fedae36-c5c4-4eda-88c3-743b00f91836-SamlState is being saved to the distributed cache.
2024-02-07 23:48:54,246 DEBUG SAML session state (8fedae36-c5c4-4eda-88c3-743b00f91836):
SP state:

2024-02-07 23:48:54,253 INFO XCM Connection String Returns :XCMDatasource
2024-02-07 23:48:54,261 DEBUG Constructing an authn request.
2024-02-07 23:48:54,267 DEBUG Authn request: https://login.microsoftonline.com/8ac76c91-e7f1-41ff-a89c-3553b2da2c17/saml2" ForceAuthn="false" IsPassive="false" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" AssertionConsumerServiceURL="https://transcend-workflow.devcchaxcess.com/workflowweb/sso/AssertionConsumerService" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">sso.xcmsolutions.com
2024-02-07 23:48:54,267 DEBUG SSO session state for saml-session-8fedae36-c5c4-4eda-88c3-743b00f91836-SamlState is being saved to the distributed cache.
2024-02-07 23:48:54,291 DEBUG Sending the SAML authn request.
2024-02-07 23:48:54,300 DEBUG Loading the X.509 certificate from the file C:\inetpub\wwwroot\XCMROOT\TranscendXCMApp\WorkflowWeb\certificates/sp.pfx.
2024-02-07 23:48:54,337 DEBUG The X.509 certificate with subject name CN=www.sp.com, serial number 0867A17DC9EFEABE4CCBF7E7ADB7C37A and thumbprint 427A3D5B39DF593B1D44B769D3697AEDF00FD83F has been loaded.
2024-02-07 23:48:54,351 DEBUG The X.509 certificate with subject name CN=www.sp.com, serial number 0867A17DC9EFEABE4CCBF7E7ADB7C37A and thumbprint 427A3D5B39DF593B1D44B769D3697AEDF00FD83F has been cached.
2024-02-07 23:48:54,353 DEBUG The X.509 certificate with subject name CN=www.sp.com, serial number 0867A17DC9EFEABE4CCBF7E7ADB7C37A and thumbprint 427A3D5B39DF593B1D44B769D3697AEDF00FD83F is being validated.
2024-02-07 23:48:54,354 DEBUG The certificate has been validated and expires on 12/31/2049 9:00:00 AM.
2024-02-07 23:48:54,365 DEBUG Sending a SAML message over HTTP-Redirect.
2024-02-07 23:48:54,365 DEBUG Creating an HTTP-Redirect URL.
2024-02-07 23:48:54,365 DEBUG SAML request: https://login.microsoftonline.com/8ac76c91-e7f1-41ff-a89c-3553b2da2c17/saml2" ForceAuthn="false" IsPassive="false" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" AssertionConsumerServiceURL="https://transcend-workflow.devcchaxcess.com/workflowweb/sso/AssertionConsumerService" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">sso.xcmsolutions.com
2024-02-07 23:48:54,365 DEBUG Relay State: 112d05bf-c972-4ebd-9c52-98ea10bd339d
2024-02-07 23:48:54,368 DEBUG Encoding SAML message: https://login.microsoftonline.com/8ac76c91-e7f1-41ff-a89c-3553b2da2c17/saml2" ForceAuthn="false" IsPassive="false" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" AssertionConsumerServiceURL="https://transcend-workflow.devcchaxcess.com/workflowweb/sso/AssertionConsumerService" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">sso.xcmsolutions.com
2024-02-07 23:48:54,371 DEBUG Encoded SAML message: fZJPj9MwEMW/SuS7868OTa22UtkKUWmBaFs47AU5k8nWwrGLx2nLtydJFxYOu9fxvJn3e+Mlqc6c5KYPR/uAP3ukEO22K/Z9vkAlZnXKRdqUXBSZ4qqctTwtYCEyURZYNyz6hp60syuWxymLdkQ97iwFZcNQSnPB05yn5SEVUpSyEI8s2g4btFVhUh1DOJFMEuOetI07Dd6Ra4OzRluMwXVJqWD+DhYZx3mbcZG17WBjAXxWFLM6b1QO2TwZGXIWfXAecCJZsVYZwtFRpYj0Gf9WKu+CA2fea9to+7RivbfSKdIkreqQZAC533y6lwORrG9NJD8eDhWvvuwPLNoQoR/t3zlLfYd+j/6sAb8+3L8ABa8sAdqGX5z/0Rp3iRs8AxzVFZBoQvvzcsE6IXLJa4NZdO2MJTld6m2/p2c4tl6O3XI6iP9H/7Z8iOrmgK0HQ/EVOnKmHwuT4+UU9PPQ24aT/DxM2W0rZzT8ijZm4LnzqMJL4Mn6pvv/k61/Aw==
2024-02-07 23:48:54,373 DEBUG Signing data: 53 41 4d 4c 52 65 71 75 65 73 74 3d 66 5a 4a 50 6a 39 4d 77 45 4d 57 25 32 46 53 75 53 37 38 36 38 4f 54 61 32 32 55 74 6b 4b 55 57 6d 42 61 46 73 34 37 41 55 35 6b 38 6e 57 77 72 47 4c 78 32 6e 4c 74 79 64 4a 46 78 59 4f 75 39 66 78 76 4a 6e 33 65 25 32 42 4d 6c 71 63 36 63 35 4b 59 50 52 25 32 46 75 41 50 33 75 6b 45 4f 32 32 4b 25 32 46 5a 39 76 6b 41 6c 5a 6e 58 4b 52 64 71 55 58 42 53 5a 34 71 71 63 74 54 77 74 59 43 45 79 55 52 5a 59 4e 79 7a 36 68 70 36 30 73 79 75 57 78 79 6d 4c 64 6b 51 39 37 69 77 46 5a 63 4e 51 53 6e 50 42 30 35 79 6e 35 53 45 56 55 70 53 79 45 49 38 73 32 67 34 62 74 46 56 68 55 68 31 44 4f 4a 46 4d 45 75 4f 65 74 49 30 37 44 64 36 52 61 34 4f 7a 52 6c 75 4d 77 58 56 4a 71 57 44 25 32 42 44 68 59 5a 78 33 6d 62 63 5a 47 31 37 57 42 6a 41 58 78 57 46 4c 4d 36 62 31 51 4f 32 54 77 5a 47 58 49 57 66 58 41 65 63 43 4a 5a 73 56 59 5a 77 74 46 52 70 59 6a 30 47 66 39 57 4b 75 25 32 42 43 41 32 66 65 61 39 74 6f 25 32 42 37 52 69 76 62 66 53 4b 64 49 6b 72 65 71 51 5a 41 43 35 33 33 79 36 6c 77 4f 52 72 47 39 4e 4a 44 38 65 44 68 57 76 76 75 77 50 4c 4e 6f 51 6f 52 25 32 46 74 33 7a 6c 4c 66 59 64 25 32 42 6a 25 32 46 36 73 41 62 38 25 32 42 33 4c 38 41 42 61 38 73 41 64 71 47 58 35 7a 25 32 46 30 52 70 33 69 52 73 38 41 78 7a 56 46 5a 42 6f 51 76 76 7a 63 73 45 36 49 58 4c 4a 61 34 4e 5a 64 4f 32 4d 4a 54 6c 64 36 6d 32 25 32 46 70 32 63 34 74 6c 36 4f 33 58 49 36 69 50 39 48 25 32 46 37 5a 38 69 4f 72 6d 67 4b 30 48 51 25 32 46 45 56 4f 6e 4b 6d 48 77 75 54 34 25 32 42 55 55 39 50 50 51 32 34 61 54 25 32 46 44 78 4d 32 57 30 72 5a 7a 54 38 69 6a 5a 6d 34 4c 6e 7a 71 4d 4a 4c 34 4d 6e 36 70 76 76 25 32 46 6b 36 31 25 32 46 41 77 25 33 44 25 33 44 26 52 65 6c 61 79 53 74 61 74 65 3d 31 31 32 64 30 35 62 66 2d 63 39 37 32 2d 34 65 62 64 2d 39 63 35 32 2d 39 38 65 61 31 30 62 64 33 33 39 64 26 53 69 67 41 6c 67 3d 68 74 74 70 25 33 41 25 32 46 25 32 46 77 77 77 2e 77 33 2e 6f 72 67 25 32 46 32 30 30 31 25 32 46 30 34 25 32 46 78 6d 6c 64 73 69 67 2d 6d 6f 72 65 25 32 33 72 73 61 2d 73 68 61 32 35 36
2024-02-07 23:48:54,373 DEBUG Signature algorithm: http://www.w3.org/2001/04/xmldsig-more#rsa-sha256.
2024-02-07 23:48:54,383 DEBUG Signature: 55 d3 f7 44 f3 84 8d 04 41 37 bb 68 02 0c 9b a0 ba 26 a5 62 84 fb 28 a4 84 f8 cd 80 9d cc c0 1e 8e 38 b8 ec 51 b4 9f 36 b8 1e 0f fd 35 e7 3c bf 92 ae dc 07 e8 03 cd d8 4f c7 e6 85 4f 1e f7 f6 98 8a 6b 6c 61 ab 4b 4a cb 2c e4 b2 81 dd 79 b1 c8 11 a9 20 28 1b dc 41 28 8a e3 2b 3b 12 22 de 8e 0e db 32 56 e4 91 e2 da 54 86 89 2b 71 c0 e1 e6 c2 9a d2 65 0e db 95 f8 55 8a 87 0e 79 9f 27 b8 e2 91 87 8d c2 ec bc fa c1 a3 0c cd 1f 86 b1 20 c8 d9 e3 c8 97 55 ce 58 77 59 2c 6a 7b a0 45 6b b0 f7 f2 ee f5 5a 30 8c 87 f6 d1 36 98 54 9b 08 b5 51 75 9f b2 1e 18 b4 fc ce 50 43 b4 34 bc 39 71 b8 46 98 27 be 24 a5 8d 04 d4 6f ed dc 6d 07 7f a9 09 9c d7 7f 72 ef 89 0e d7 2e f7 cb b1 8c 53 21 d0 d9 10 f9 b5 a3 a4 a0 21 47 e4 3a dd 2b 7f f6 4c 12 05 8f d8 7a 9f 41 e1 96 4f 5f ab
2024-02-07 23:48:54,383 DEBUG HTTP Redirect URL: https://login.microsoftonline.com/8ac76c91-e7f1-41ff-a89c-3553b2da2c17/saml2?SAMLRequest=fZJPj9MwEMW%2FSuS7868OTa22UtkKUWmBaFs47AU5k8nWwrGLx2nLtydJFxYOu9fxvJn3e%2BMlqc6c5KYPR%2FuAP3ukEO22K%2FZ9vkAlZnXKRdqUXBSZ4qqctTwtYCEyURZYNyz6hp60syuWxymLdkQ97iwFZcNQSnPB05yn5SEVUpSyEI8s2g4btFVhUh1DOJFMEuOetI07Dd6Ra4OzRluMwXVJqWD%2BDhYZx3mbcZG17WBjAXxWFLM6b1QO2TwZGXIWfXAecCJZsVYZwtFRpYj0Gf9WKu%2BCA2fea9to%2B7RivbfSKdIkreqQZAC533y6lwORrG9NJD8eDhWvvuwPLNoQoR%2Ft3zlLfYd%2Bj%2F6sAb8%2B3L8ABa8sAdqGX5z%2F0Rp3iRs8AxzVFZBoQvvzcsE6IXLJa4NZdO2MJTld6m2%2Fp2c4tl6O3XI6iP9H%2F7Z8iOrmgK0HQ%2FEVOnKmHwuT4%2BUU9PPQ24aT%2FDxM2W0rZzT8ijZm4LnzqMJL4Mn6pvv%2Fk61%2FAw%3D%3D&RelayState=112d05bf-c972-4ebd-9c52-98ea10bd339d&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=VdP3RPOEjQRBN7toAgyboLompWKE%2ByikhPjNgJ3MwB6OOLjsUbSfNrgeD%2F015zy%2Fkq7cB%2BgDzdhPx%2BaFTx739piKa2xhq0tKyyzksoHdebHIEakgKBvcQSiK4ys7EiLejg7bMlbkkeLaVIaJK3HA4ebCmtJlDtuV%2BFWKhw55nye44pGHjcLsvPrBowzNH4axIMjZ48iXVc5Yd1ksanugRWuw9%2FLu9VowjIf20TaYVJsItVF1n7IeGLT8zlBDtDS8OXG4RpgnviSljQTUb%2B3cbQd%2FqQmc139y74kO1y73y7GMUyHQ2RD5taOkoCFH5DrdK3%2F2TBIFj9h6n0Hhlk9fqw%3D%3D
2024-02-07 23:48:54,383 DEBUG Redirecting to: https://login.microsoftonline.com/8ac76c91-e7f1-41ff-a89c-3553b2da2c17/saml2?SAMLRequest=fZJPj9MwEMW%2FSuS7868OTa22UtkKUWmBaFs47AU5k8nWwrGLx2nLtydJFxYOu9fxvJn3e%2BMlqc6c5KYPR%2FuAP3ukEO22K%2FZ9vkAlZnXKRdqUXBSZ4qqctTwtYCEyURZYNyz6hp60syuWxymLdkQ97iwFZcNQSnPB05yn5SEVUpSyEI8s2g4btFVhUh1DOJFMEuOetI07Dd6Ra4OzRluMwXVJqWD%2BDhYZx3mbcZG17WBjAXxWFLM6b1QO2TwZGXIWfXAecCJZsVYZwtFRpYj0Gf9WKu%2BCA2fea9to%2B7RivbfSKdIkreqQZAC533y6lwORrG9NJD8eDhWvvuwPLNoQoR%2Ft3zlLfYd%2Bj%2F6sAb8%2B3L8ABa8sAdqGX5z%2F0Rp3iRs8AxzVFZBoQvvzcsE6IXLJa4NZdO2MJTld6m2%2Fp2c4tl6O3XI6iP9H%2F7Z8iOrmgK0HQ%2FEVOnKmHwuT4%2BUU9PPQ24aT%2FDxM2W0rZzT8ijZm4LnzqMJL4Mn6pvv%2Fk61%2FAw%3D%3D&RelayState=112d05bf-c972-4ebd-9c52-98ea10bd339d&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=VdP3RPOEjQRBN7toAgyboLompWKE%2ByikhPjNgJ3MwB6OOLjsUbSfNrgeD%2F015zy%2Fkq7cB%2BgDzdhPx%2BaFTx739piKa2xhq0tKyyzksoHdebHIEakgKBvcQSiK4ys7EiLejg7bMlbkkeLaVIaJK3HA4ebCmtJlDtuV%2BFWKhw55nye44pGHjcLsvPrBowzNH4axIMjZ48iXVc5Yd1ksanugRWuw9%2FLu9VowjIf20TaYVJsItVF1n7IeGLT8zlBDtDS8OXG4RpgnviSljQTUb%2B3cbQd%2FqQmc139y74kO1y73y7GMUyHQ2RD5taOkoCFH5DrdK3%2F2TBIFj9h6n0Hhlk9fqw%3D%3D
2024-02-07 23:48:54,385 ERROR Initiation of SSO to the partner identity provider https://sts.windows.net/8ac76c91-e7f1-41ff-a89c-3553b2da2c17/ has failed.
ComponentSpace.Saml2.Exceptions.SamlBindingException: Failed to send the SAML message over HTTP-Redirect.
---> System.NullReferenceException: Object reference not set to an instance of an object.
at ComponentSpace.Saml2.Bindings.AspNetHttpResponse.Redirect(String url)
at ComponentSpace.Saml2.Bindings.Redirect.HttpRedirectBinding.SendMessageAsync(String url, String message, Boolean isResponse, String relayState, AsymmetricAlgorithm key, String signatureAlgorithm)
--- End of inner exception stack trace ---
at ComponentSpace.Saml2.Bindings.Redirect.HttpRedirectBinding.SendMessageAsync(String url, String message, Boolean isResponse, String relayState, AsymmetricAlgorithm key, String signatureAlgorithm)
at ComponentSpace.Saml2.SamlProvider.SendMessageAsync(String destinationUrl, String binding, XmlElement messageElement, Boolean isResponse, String relayState, AsymmetricAlgorithm key, String signatureAlgorithm)
at ComponentSpace.Saml2.SamlServiceProvider.SendAuthnRequestAsync(XmlElement authnRequestElement, String relayState, String singleSignOnServiceUrl)
at ComponentSpace.Saml2.SamlServiceProvider.InitiateSsoAsync(String partnerName, String relayState, ISsoOptions ssoOptions)
2024-02-07 23:48:54,404 ERROR inside RequestLoginAtIdentityProvider method Failed to send the SAML message over HTTP-Redirect.
2024-02-07 23:48:59,003 INFO Application started. Press Ctrl+C to shut down.
2024-02-07 23:48:59,011 INFO Hosting environment: Production
2024-02-07 23:48:59,011 INFO Content root path: C:\inetpub\wwwroot\XCMROOT\TranscendXCMApp\WorkflowWeb\

The exception occurs when attempting to perform an HttpResponse.Redirect. I’m not sure how this is related to the use of a Redis cache.

I can’t reproduce the issue using the ExampleServiceProvider project.

I made the following changes to the ExampleServiceProvider.

1. Added a reference to the Microsoft.Extensions.Caching.StackExchangeRedis NuGet package.

2. Added the following code to the Program.cs.


// Use Redis as the distributed cache.
builder.Services.AddStackExchangeRedisCache(options =>
{
options.Configuration = builder.Configuration.GetConnectionString(“RedisConnection”);
});

// Add SAML SSO services.
builder.Services.AddSaml(builder.Configuration.GetSection(“SAML”));



3. Added a RedisConnection to appsettings.json.


“ConnectionStrings”: {
“RedisConnection”: “localhost”
},



Try these changes with the ExampleServiceProvider and confirm they work. Make sure to update the RedisConnection to specify your Redis server.

Once that’s working, compare this with your application.

Hi ,
I already have below code lines in my program.cs
builder.Services.AddSession();
builder.Services.AddStackExchangeRedisCache(option =>
{
option.Configuration = builder.Configuration["RedisConnection"];
});
builder.Services.AddSaml().AddConfigurationResolver();

app.UseSession();

However, i found that it is working only when i enable the sticky session in DEV environment.
But, as per the infra setting we have on PROD environment that we always disable to sicky session to serve the application requests from available servers.

Can you provide any suitable time slot accordingly IST , so we can connect over call to review the code and you can help me out quickly ?













{
option.Configuration = builder.Configuration["RedisConnection"];
});

builder.Services.AddStackExchangeRedisCache(option =>
{
option.Configuration = builder.Configuration["RedisConnection"];
});

Just to confirm, the Redis Cache only works if you have sticky sessions enabled?

Are you seeing the same NullReferenceException as before?

If sticky sessions are disabled and you’re not seeing the NullReferenceException but a SAML exception related to a SAML protocol error, that would suggest there’s an issue accessing the Redis cache.

Please send a SAML log file to support@componentspace.com. Please do not post the log in the forum.