Hi,
I’m working on creating proof of concept (POC) for SAML authentication for ASP.Net web application. Currently it uses windows authentication. I have gone through both high level and low level API examples and came up with requirement for proof of concept.
Requirement is
1) User goes to Service provider if user is not authenticated by IDP then redirect user to IDP login page (If user is already authenticated at IDP, the user will be redirected to TargetURL of Service provider)
2) Use GoogleIDP as Identity provider and send the user attributes (Name, email address in SAMLAuthentication token) back to Service provider.
Steps:
1) Example Service Provider (HighLevelAPI) (Note: modified web.config and saml.config to use GoogleIDP)
2) GoogleIDP (LowLevelAPI) (Note: modified web.config and saml.config to use Example service provider)
3) Run both web applications simultaneously in visual studio
a) logon to Identity Provider with user name and password (Identity provider)
b) click SSO to the service provider
or
c) click SSO to identity provider (Service Provider)
Both steps errors out with message The partner service provider is not configured or The partner Identity provider is not configured.
Could you please advise what I’m doing wrong in this example?
Thanks
Suresh
Hi Suresh
I suggest using the high-level examples only as these are easier to follow and modify than the low-level examples.
When you initiate SSO to a partner provider or receive an SSO message from a partner provider, the partner name must match with one of the configured partner names.
For example, if you’re the identity provider and call SAMLIdentityProvider.InitiateSSO, the partnerName parameter must match with the name of one of the configured PartnerServiceProvider entries.
Similarly, if you’re the service provider and call SAMLServiceProvider.ReceiveSSO, the issuer field in the SAML response must match with the name of one of the configured PartnerIdentityProvider entries. The issuer field is populated by the partner provider with the provider’s name which is also known as its entity ID.
If there’s still an issue, please enable SAML trace and send the generated log file as an email attachment to support@componentspace.com.
https://www.componentspace.com/Forums/17/Enabing-SAML-Trace
Also include your saml.config.
I suggest using the high-level examples only as these are easier to follow and modify than the low-level examples.
When you initiate SSO to a partner provider or receive an SSO message from a partner provider, the partner name must match with one of the configured partner names.
For example, if you're the identity provider and call SAMLIdentityProvider.InitiateSSO, the partnerName parameter must match with the name of one of the configured PartnerServiceProvider entries.
Similarly, if you're the service provider and call SAMLServiceProvider.ReceiveSSO, the issuer field in the SAML response must match with the name of one of the configured PartnerIdentityProvider entries. The issuer field is populated by the partner provider with the provider's name which is also known as its entity ID.
If there's still an issue, please enable SAML trace and send the generated log file as an email attachment to support@componentspace.com.
https://www.componentspace.com/Forums/17/Enabing-SAML-Trace
Also include your saml.config.
Thanks for the support. It worked after service provider name in saml.config matches with web.config entry.
Thanks for the update.