Correct on my early post about SAML and ComponentSPACE

Cloe · December 22, 2015, 8:00am

Hello,

I meant your single sign on is being used to go directly into another third party component and getting error the provider service is not configured…
The partner service provider https://livewire2.becsc.com is not configured.

[SAMLConfigurationException: The partner service provider https://////////// is not configured.] ComponentSpace.SAML2.Configuration.SAMLConfiguration.GetPartnerServiceProvider(String name) in C:\Sandboxes\ComponentSpace\SAMLv20\Library\Configuration\SAMLConfiguration.cs:679

ComponentSpace · December 22, 2015, 12:47pm

Calling SAMLIdentityProvider.InitiateSSO will initiate SSO to the specified configured partner service provider. The method includes a partnerSP parameter. This is used as a key into the SAML configuration (eg saml.config file) . A with the corresponding Name attribute is retrieved. If there’s no matching partner service provider configured then a SAMLConfigurationException is thrown.
Please ensure your saml.config file includes a entry and that the partnerSP parameter matches the Name attribute value.

Cloe · December 23, 2015, 5:50am

Ok, I am going to send you the code that is set up in the saml.config and the second component to login to is on Production and this is the file not found so seems like just configuration to
point to that folder.

<IdentityProvider Name=“https:// “
LocalCertificateFile=“idp.pfx”
LocalCertificatePassword=“password”/>

<PartnerServiceProvider Name=“https:// /workspace.aspx” <= This is where it says file not found
WantAuthnRequestSigned=“false”
SignSAMLResponse=“true”
SignAssertion=“false”
EncryptAssertion=“false”
AssertionConsumerServiceUrl=”…S<a href=“https://livewire2.becsc.com/SAML/AssertionConsumerService” “=””>AML/AssertionConsumerService"
SingleLogoutServiceUrl=“…<a href=“https://livewire2.becsc.com/SAML/SLOService” “=””>/SAML/SLOService"
PartnerCertificateFile=“sp.cer”/>

ComponentSpace · December 23, 2015, 1:12pm

Does the specified name that can’t be found match exactly the name of your ? It has to be an exact string match (ie case-sensitive etc).
If there’s still an issue, I suggest you enable SAML trace and send the generated log file as an email attachment to support@componentspace.com. Please also include your saml.config file as an email attachment.

http://www.componentspace.com/Forums/17/Enabing-SAML-Trace

Cloe · December 28, 2015, 5:23am

Currently I am using the example provide from ComponentSpace to better understand this process. I have the MvcExampleIdentityProvider and MvcExampleServiceProvider in one project and have pasted the configuration at the bottom and below is the error I am receiving. Please advise
One or more configuration XML schema validation errors occurred.

One or more configuration XML schema validation errors occurred.

Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: ComponentSpace.SAML2.Exceptions.SAMLSchemaValidationException: One or more configuration XML schema validation errors occurred.

Source Error:

Line 46: }Line 47: Line 48: SAMLIdentityProvider.InitiateSSO(Line 49: Response,Line 50: userName,

This is in the MvcExampleIdentityProvider"
<add key=“PartnerSP” value=“”>http://localhost/MvcExampleServiceProvider"/>

<add key=“TargetUrl” value=“”>http://localhost/MvcExampleIdentityProvider"/>

/////////////////////////////////////////////////////////////////////////////////////////////////////////
This is in the MvcExampleServiceProvider

<add key=“PartnerIdP” value=“”>http://localhost/MvcExampleIdentityProvider"/>
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
This is in the saml.config for the MvcExampleIdentityProvider"

<IdentityProvider Name=“<a href=“http://localhost/MvcExampleIdentityProvider””>http://localhost/MvcExampleIdentityProvider"
LocalCertificateFile=“idp.pfx”
LocalCertificatePassword=“password”/>

<PartnerServiceProvider Name=“<a href=“http://localhost/MvcExampleServiceProvider””>http://localhost/MvcExampleServiceProvider"
WantAuthnRequestSigned=“false”
SignSAMLResponse=“true”
SignAssertion=“false”
EncryptAssertion=“false”
AssertionConsumerServiceUrl=“<a href=“http://localhost/MvcExampleServiceProvider/SAML/AssertionConsumerService””>http://localhost/MvcExampleServiceProvider/SAML/AssertionConsumerService"
SingleLogoutServiceUrl=“<a href=“http://localhost/MvcExampleServiceProvider/SAML/SLOService””>http://localhost/MvcExampleServiceProvider/SAML/SLOService"
PartnerCertificateFile=“sp.cer”/>

This is in the saml.config in the MvcExampleServiceProvider
<?xml version="1.0"?>

<ServiceProvider Name=“<a href=“http://localhost/MvcExampleServiceProvider””>http://localhost/MvcExampleServiceProvider"
AssertionConsumerServiceUrl=“~/SAML/AssertionConsumerService”
LocalCertificateFile=“sp.pfx”
LocalCertificatePassword=“password”/>

<PartnerIdentityProvider Name=“<a href=“http://localhost/MvcExampleIdentityProvider””>http://localhost/MvcExampleIdentityProvider"
SignAuthnRequest=“false”
WantSAMLResponseSigned=“true”
WantAssertionSigned=“false”
WantAssertionEncrypted=“false”
SingleSignOnServiceUrl=“<a href=“http://localhost/MvcExampleIdentityProvider/SAML/SSOService””>http://localhost/MvcExampleIdentityProvider/SAML/SSOService"
SingleLogoutServiceUrl=“<a href=“http://localhost/MvcExampleIdentityProvider/SAML/SLOService””>http://localhost/MvcExampleIdentityProvider/SAML/SLOService"
PartnerCertificateFile=“idp.cer”/>

ComponentSpace · December 28, 2015, 1:19pm

If you’ve combined the saml.config for the identity provider and service provider into a single file, the order of the XML elements should be:

You can run the ValidateConfig project under the utility folder to check your saml.config for syntax errors.
For example: ValidateConfig.exe saml.config

Cloe · December 28, 2015, 4:02pm

Ok I will run that utility on my saml.config but first let me ask to confirm if I completely understand the flow.

I am using the Web example now that you have in Examples directory. C:\Program Files (x86)\ComponentSpace SAML v2.0 for .NET\Examples\SSO\HighLevelAPI\WebForms

I have both programs under one solution ExampleIdentityProvider and ExampleServiceProvider and using the settings below
///////////////////////////////////////////////////////////////////////////////////////////
saml.config for ExampleIdentityProvider is below

<IdentityProvider Name=“<a href=“http://localhost:51828/ExampleIdentityProvider””>http://localhost:51828/ExampleIdentityProvider"
LocalCertificateFile=“idp.pfx”
LocalCertificatePassword=“password”/>

<PartnerServiceProvider Name=“<a href=“http://localhost:51828/ExampleServiceProvider””>http://localhost:51828/ExampleServiceProvider"
Description=“Example Service Provider”
WantAuthnRequestSigned=“false”
SignSAMLResponse=“true”
SignAssertion=“false”
EncryptAssertion=“false”
AssertionConsumerServiceUrl=“<a href=“http://localhost/ExampleServiceProvider/SAML/AssertionConsumerService.aspx””>http://localhost/ExampleServiceProvider/SAML/AssertionConsumerService.aspx"
SingleLogoutServiceUrl=“<a href=“http://localhost:51828/ExampleServiceProvider/SAML/SLOService.aspx””>http://localhost:51828/ExampleServiceProvider/SAML/SLOService.aspx"
PartnerCertificateFile=“sp.cer”/>

////////////////////////////////////////////////////////////////////////////////////

ExampleServiceProvider saml.config

<ServiceProvider Name=“<a href=“http://localhost/ExampleServiceProvider””>http://localhost/ExampleServiceProvider"
AssertionConsumerServiceUrl=“<a href=“http://localhost/ExampleServiceProvider/SAML/AssertionConsumerService.aspx””>http://localhost/ExampleServiceProvider/SAML/AssertionConsumerService.aspx"
LocalCertificateFile=“sp.pfx”
LocalCertificatePassword=“password”/>

<PartnerIdentityProvider Name=“<a href=“http://localhost:51828/ExampleIdentityProvider””>http://localhost:51828/ExampleIdentityProvider"
Description=“Example Identity Provider”
SignAuthnRequest=“false”
WantSAMLResponseSigned=“true”
WantAssertionSigned=“false”
WantAssertionEncrypted=“false”
SingleSignOnServiceUrl=“<a href=“http://localhost/ExampleIdentityProvider/SAML/SSOService.aspx””>http://localhost/ExampleIdentityProvider/SAML/SSOService.aspx"
SingleLogoutServiceUrl=“<a href=“http://localhost/ExampleIdentityProvider/SAML/SLOService.aspx””>http://localhost/ExampleIdentityProvider/SAML/SLOService.aspx"
PartnerCertificateFile=“idp.cer”/>

When I run it and log in and try Initiates SAML single sign-on to the service provider."It says file not found AssertionConsumerService

ComponentSpace · December 29, 2015, 1:40am

It sounds like a deployment issue if the AssertionConsumerServices.aspx page cannot be found. Please double check that both web applications have been published correctly.
If there’s still an issue, I suggest enabling SAML trace and sending the generated log file as an email attachment to support@componentspace.com mentioning this topic.
http://www.componentspace.com/Forums/17/Enabing-SAML-Trace

Cloe · December 29, 2015, 7:12am

I did email support along with the log file and additional information. Should I remove the “Local” in the Localcertificate from production?

ComponentSpace · December 29, 2015, 1:12pm

Thanks. The log file has been received and I replied to your email.
The syntax is LocalCertificateFile as opposed to PartnerCertificateFile. Don’t remove the “Local” otherwise you’ll get an XML schema validation error.