First Time Confusion as an IdP

SAML for ASP.NET
1

I am having issues creating a request as the IdP for a service provider. I am using the following to initiate sso


SAMLIdentityProvider.InitiateSSO(
Response,
USERID,
attributes,
null,
“ReadyServiceProvider”
)


When doing this it just sends me directly to the login screen of the SP. The directions from the SP are as follows:

SP Initiated SSO Example - How It Works:
1. User clicks on a login link from an email.
2. User is redirected to the login redirect URL with RelayState appended as a query string parameter. For example, the URL is: https://login-redirect-url?RelayState=2g53i5g32523rfghdf.
3. Identity Provider creates a SAML response with the POST message body consisting of: SAMLResponse=response&RelayState=2g53i5g32523rfghdf and posts it back to the system at the endpoint URL:
• US: https://secure.saashr.com/ta/company.login-saml, or
• EU: https://secure.workforceready.eu/ta/company.login-saml, or
• AUS: https://secure.workforceready.com.au/ta/company.login-saml.
4. After verifying the SAML response, the user is redirected to the appropriate first page based on the value of RelayState

My SAMLconfig looks like this


<PartnerServiceProvider Name=“ReadyServiceProvider”
WantAuthnRequestSigned=“false”
SignSAMLResponse=“true”
SignAssertion=“false”
EncryptAssertion=“false”
AssertionConsumerServiceUrl=“<a href=“https://secure.saashr.com/ta/company.login-saml””>https://secure.saashr.com/ta/company.login-saml"
SingleLogoutServiceUrl=“LOGOUTURL”
PartnerCertificateFile=“sp.cer”
SignatureMethod=“”>http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>


Any help is appreciated

2

SAMLIdentityProvider.InitiateSSO supports IdP-initiated SSO by creating and sending a SAML response to the SP.
The alternative flow is SP-initiated SSO where you call SAMLIdentityProvider.ReceiveSSO to receive and process the SAML authn request sent by the SP and after the user is authenticated you call SAMLIdentityProvider.SendSSO to create and send a SAML response to the SP.
In both cases the SAML response is sent to the configured AssertionConsumerServiceUrl.
Can you confirm whether you’re supporting IdP-initiated or SP-initiated SSO?
Is https://login-redirect-url an endpoint in your IdP?
If so, as well as the RelayState query string parameter, is there a SAMLRequest parameter?

I recommend enabling SAML trace and sending the generated log file as an email attachment to support@componentspace.com mentioning your forum post. We can then take a closer look at what’s happening.
https://www.componentspace.com/Forums/17/Enabing-SAML-Trace