I’m building a POC for our company using ComponentSpace with us as the SP. (We already use it with us as the IdP.) I’m using the High Level Example SP project, as well as the Example IdP project to handle the IdP Initiated SSO. I thought that the process should’ve gone through the AssertionConsumerService, but it just goes from the IdP login to the SP default, which contains a link to initiate SSO back to the IdP (not really what I’m after), without hitting the AssertionConsumerService at all. Am I misunderstanding something, or is there a configuration I’ve missed? Ultimately I want to log in to the IdP, then redirect to a logged-in staging environment of our product.
Thank you!
Does the SP indicate that you’re logged in?
If you’re on the SP’s default page then SSO has completed successfully and you should be logged in.
Or are you on the SP’s login page?
If so, it sounds like some sort of configuration issue.
Does the web.config for the SP allow unauthenticated users access to the assertion consumer service page?
The ExampleServiceProvider’s web.config supports this.
It’s possible ASP.NET is redirecting from the assertion consumer service page to the login page. If you’re on the login page and the redirect URL query string parameter specifies the assertion consumer service then this is the issue.
Otherwise, please check the ExampleIdentityProvider’s saml.config to ensure the SAML response is being sent to the correct URL.
If you’re still having no luck, you might have to use something like Fiddler to trace the HTTP traffic.
Let me know how you go.
[quote][/quote]
Does the SP indicate that you're logged in?
If you're on the SP's default page then SSO has completed successfully and you should be logged in.
Or are you on the SP's login page?
If so, it sounds like some sort of configuration issue.
Does the web.config for the SP allow unauthenticated users access to the assertion consumer service page?
The ExampleServiceProvider's web.config supports this.
It's possible ASP.NET is redirecting from the assertion consumer service page to the login page. If you're on the login page and the redirect URL query string parameter specifies the assertion consumer service then this is the issue.
Otherwise, please check the ExampleIdentityProvider's saml.config to ensure the SAML response is being sent to the correct URL.
If you're still having no luck, you might have to use something like Fiddler to trace the HTTP traffic.
Let me know how you go.
If you're on the SP's default page then SSO has completed successfully and you should be logged in.
Or are you on the SP's login page?
If so, it sounds like some sort of configuration issue.
Does the web.config for the SP allow unauthenticated users access to the assertion consumer service page?
The ExampleServiceProvider's web.config supports this.
It's possible ASP.NET is redirecting from the assertion consumer service page to the login page. If you're on the login page and the redirect URL query string parameter specifies the assertion consumer service then this is the issue.
Otherwise, please check the ExampleIdentityProvider's saml.config to ensure the SAML response is being sent to the correct URL.
If you're still having no luck, you might have to use something like Fiddler to trace the HTTP traffic.
Let me know how you go.
I end up on the SP's login page, both in the ExampleServiceProvider as well as the version I created. It does have the redirect URL query string as you mentioned, so it must be redirecting. I will look into this further. Let me know if you have any thoughts on this also, please.
Make sure to include a web.config in the SAML folder specifying that the SAML pages don’t require authorization.
The ExampleServiceProvider’s SAML\web.config includes the following.
<system.web>
</system.web>
[quote]
[/quote]
Turned out that commenting that out got it going. Thank you for the assistance!
I’m glad you got it working and thanks for letting me know.