Hi - I am not getting authenticated properly using ComponentSpace.Saml2. Below is the code snippet I am using. Please let me know what am I missing here.
Please advise.
-----------------------------------------------------------------------------------
Startup.cs
-----------------------------------------------------------------------------------
public void ConfigureServices(IServiceCollection services)
{
services.AddAuthentication().AddSaml(AppConstants.Saml2Scheme, AppConstants.Saml2Scheme, options =>
{
options.SignInScheme = IdentityServerConstants.ExternalCookieAuthenticationScheme;
options.PartnerName = () => ConfigSettings.PartnerName;
options.ConfigurationID = () => AppConstants.Default;
});
services.Configure(config => GetSamlConfiguration(config));
services.AddSaml();
}
-----------------------------------------------------------------------------------------------------------------------------
Controller - Account
Action Method - ExternalLogin
-----------------------------------------------------------------------------------------------------------------------------
[HttpGet]
public async Task ExternalLogin(string provider, string returnUrl)
{
var authR = _interaction.GetAuthorizationContextAsync(returnUrl).Result;
string clientId = authR?.ClientId ?? “Default”;
await _samlProvider.SetConfigurationIDAsync(clientId);
await _samlProvider.InitiateSsoAsync(relayState: returnUrl);
return new EmptyResult();
}
-----------------------------------------------------------------------------------------------------------------------------
SAML config file
-----------------------------------------------------------------------------------------------------------------------------
[
{
“ID”: “Default”,
“LocalServiceProviderConfiguration”: {
“AssertionConsumerServiceUrl”: “<a href=“http://localhost:44339/Saml/AssertionConsumerService_1",">http://localhost:44339/Saml/AssertionConsumerService_1”,
“Name”: “<a href=“https://xxxxxxxxxxxxxxxxxxxxxxxxx”,”>https://xxxxxxxxxxxxxxxxxxxxxxxxx”,
“LocalCertificates”: [
{
“FileName”: “",
“Password”: "”
}
]
},
“PartnerIdentityProviderConfigurations”: [
{
“Name”: “<a href=“https://xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx”,”>https://xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
“SignAuthnRequest”: true,
“SignLogoutRequest”: true,
“SignLogoutResponse”: true,
“WantSamlResponseSigned”: false,
“WantAssertionSigned”: false,
“SingleLogoutServiceBinding”: “urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST”,
“SingleSignOnServiceBinding”: “urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST”,
“SingleSignOnServiceUrl”: “<a href=“https://xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx”,”>https://xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
“SingleLogoutServiceUrl”: “<a href=“https://xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx”,”>https://xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
“PartnerCertificates”: [
{
“FileName”: “*****************”
}
],
“NameIDFormat”: “urn:oasis:names:tc:SAML:2.0:nameid-format:persistent”
}
]
}
]
------------------------------------------------------------------------------------------------------------------------------
Controller: Saml
Action Method: AssertionConsumerService_1
------------------------------------------------------------------------------------------------------------------------------
public async Task AssertionConsumerService_1()
{
var ssoResult = await _samlServiceProvider.ReceiveSsoAsync();
var returnUrl = ssoResult.RelayState;
var info = await HttpContext.AuthenticateAsync(IdentityServerConstants.ExternalCookieAuthenticationScheme);
bool result = info.Succeeded;
//We are expecting it to be true so that we can write further logic.
}
------------------------------------------------------------
Please take a look at the ExampleServiceProvider’s SamlController.
It calls _signInManager.SignInAsync to login the user.
You should do something similar to sign-in the user locally.
Here’s the code from the example.
public async Task AssertionConsumerService()
{
// Receive and process the SAML assertion contained in the SAML response.
// The SAML response is received either as part of IdP-initiated or SP-initiated SSO.
var ssoResult = await _samlServiceProvider.ReceiveSsoAsync();
// Automatically provision the user.
// If the user doesn’t exist locally then create the user.
// Automatic provisioning is an optional step.
var user = await _userManager.FindByNameAsync(ssoResult.UserID);
if (user == null)
{
user = new ApplicationUser { UserName = ssoResult.UserID, Email = ssoResult.UserID };
var result = await _userManager.CreateAsync(user);
if (!result.Succeeded)
{
throw new Exception($“The user {ssoResult.UserID} couldn’t be created - {result}”);
}
// For demonstration purposes, create some additional claims.
if (ssoResult.Attributes != null)
{
var samlAttribute = ssoResult.Attributes.SingleOrDefault(a => a.Name == ClaimTypes.GivenName);
if (samlAttribute != null)
{
await _userManager.AddClaimAsync(user, new Claim(ClaimTypes.GivenName, samlAttribute.ToString()));
}
samlAttribute = ssoResult.Attributes.SingleOrDefault(a => a.Name == ClaimTypes.Surname);
if (samlAttribute != null)
{
await _userManager.AddClaimAsync(user, new Claim(ClaimTypes.Surname, samlAttribute.ToString()));
}
}
}
// Automatically login using the asserted identity.
await _signInManager.SignInAsync(user, isPersistent: false);
// Redirect to the target URL if specified.
if (!string.IsNullOrEmpty(ssoResult.RelayState))
{
return LocalRedirect(ssoResult.RelayState);
}
return RedirectToPage(“/Index”);
}
It worked but now I am getting following error.
SamlConfigurationException: Multiple SAML configurations exist but a configuration ID hasn’t been specified
on
var ssoResult = await _samlServiceProvider.ReceiveSsoAsync();
--------------------------------------------------------------------------------------------------------------------
I have specified two SAML configurations. But loading them at run time like below:
[HttpGet]
public async Task ExternalLogin(string provider, string returnUrl)
{
var authR = _interaction.GetAuthorizationContextAsync(returnUrl).Result;
string clientId = authR?.ClientId ?? “Default”;
await _samlProvider.SetConfigurationIDAsync(clientId);
await _samlProvider.InitiateSsoAsync(relayState: returnUrl);
return new EmptyResult();
}
Please enable SAML trace and send the generated log file as an email attachment to support@componentspace.com mentioning this forum topic.
https://www.componentspace.com/Forums/7936/Enabling-SAML-Trace