Hi
I am trying to add SAML support (as a service provider) to a site that currently does not have session state enabled. On receiving the SAML request the assertion consumer page throws an exception “There is no HTTP session state”. Is session state a requirement for using SAML or is there a way to make it work without enabling session state?
Thanks
Graham
Hi Graham
There is a small amount of state information that must be maintained to support the SAML protocol. By default we store this information in the ASP.NET session.
You can override this by implementing the ComponentSpace.SAML2.Data.ISSOSessionStore interface.
You need to create a concrete class that implements ISSOSessionStore. We include an AbstractSSOSessionStore which implements ISSOSessionStore and I would recommend deriving from AbstractSSOSessionStore.
Where do you store user-specific state information currently for your application? Are you using a custom database?
I don’t see an ISSOSessionStore interface in either the help file or the DLL. I can see an internal class ComponentSpace.SAML2.Data.SSOSessionState but it does not implement any interfaces. Is this a recent addition (I am currently using V2.5.01.13)?
Our application state is either kept in a DB or encoded as part of the URL.
Graham
I just downloaded the latest reference guide and I now see the interface - where can I download the latest software?
Thanks
Graham