[Authorize] attribute does not populate RedirectUri in challenge's authenticationProperties

leo_eoc · September 10, 2021, 8:26am

I’m trying to get saml middleware to work with basic cookie authentication (not AddDefaultIdentity() as in the middleware sample)
The saml flow completes OK, and the cookie auth scheme signs in succesfully. So far so good.

However, when triggering a challenge using the [Authorize] attribute on a controller action, the final redirect back to that same controller action does not happen.
In the debug log I see that the saml middleware HandleChallengeAsync() method did not receive a redirect uri as part of the authenticationProperties parameter.
Also the relayState parameter of the LoginCompletionUrl() callback is null.

What am I doing wrong here?

I’m using .NET Core 2.1 and ComponentSpace.Saml 3.7.0
excerpt of Startup.cs:

services.AddAuthentication(options =>
{
options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
})
.AddCookie(options =>
{
options.ForwardChallenge = SamlAuthenticationDefaults.AuthenticationScheme;
})
.AddSaml(options =>
{
options.PartnerName = (httpContext) => Configuration[“PartnerName”];
options.AssertionConsumerServicePath = “/saml2/acs”;
options.LoginCompletionUrl = (context, relayState) =>
{
return relayState;
};
options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
});

Excerpt of controller action:

[Authorize(AuthenticationSchemes = CookieAuthenticationDefaults.AuthenticationScheme)]
public async Task TestMethod()
{
}

thanks in advance for any help!

ComponentSpace · September 10, 2021, 9:32pm

The LoginCompletionUrl delegate should return the URL to redirect to once SSO completes. For example, this could be the URL of your controller.

The SAML authentication handler returns control to the AuthenticationProperties.RedirectUri specified at the time of the challenge.

If none is specified, it calls the LoginCompletionUrl delegate and uses the returned URL.

If there’s no LoginCompletionUrl delegate, it defaults to the SamlAuthenticationDefaults.LoginCompletionUrl (ie /Identity/Account/ExternalLogin?handler=Callback).

If there’s still an issue, please send the SAML log file as an email attachment to support@componentspace.com mentioning your forum post.

leo_eoc · September 20, 2021, 8:33am

Fyi: this issue was solved in ComponentSpace.Saml 3.7.1
with the kind help from ComponentSpace support staff

ComponentSpace · September 20, 2021, 2:33pm

Thank you for your kind words.