Error in Payload

Hi

We are using the component space Nuget package ComponentSpace.Saml2.Licensed (3.6.0) in .net core 6 application for SAML SSO. We recently updated our application to .net 8 but post-deployment we started getting the following error :

Message: The payload was invalid. For more information go to How to: Use Data Protection - .NET | Microsoft Learn
Exception type: System.Security.Cryptography.CryptographicException
Failed method: ComponentSpace.Saml2.Session.CookieSsoSessionStore.DecodeCookieValue
The error is occurring in method: await samlServiceProvider.InitiateSsoAsync(entityId, encryptedRelayState, ssoOptions);

Once we got the error we reverted to .net 6 but even after revert we are seeing this error for some users. The number of errors has gone down but still, this error is very often in our application.

The application is an MVC application, .net 6 framework, and deployed on Azure Kubernetes Service in a pod.

Could someone please help with the same?

We use the IDataProtector interface to protect the SAML session cookie value when using the CookieSsoSessionStore.

It sounds like there’s some sort of incompatibility between .NET 6 and .NET 8.

I suggest sticking with .NET 8 but any SAML session cookies that were generated prior to the upgrade will no longer be valid.

As an experiment, ensure all session cookies are cleared by closing all instances of the browser and attempting SSO again. Assuming this works, you would need to tell users to perform the same operation to remove the old SAML session cookie.