I’m trying to write a katana Authentication Middleware for use in IDSRV so we can have an OIDC → SAML2 SSO. I’ve got most of it working except… except it doesn’t work 
.Net 4.52. ComponentSpace SAML2 2.6.0.2
1. In OWIN AuthenticationHandler ApplyResponseChallengeAsync I call SAMLServiceProvider.InitiateSSO
2. SAML response is received on my AssertionConsumerService. I call SAMLServiceProvider.RecevieveSSO
This results in the following error
{“Message”: “An error has occurred.”,“ExceptionMessage”: “The SAML assertion is being replayed.”,“ExceptionType”: “ComponentSpace.SAML2.Exceptions.SAMLProtocolException”,“StackTrace”: “ at ComponentSpace.SAML2.InternalSAMLServiceProvider.CheckForAssertionReplay(SAMLAssertion samlAssertion) in c:\Sandboxes\ComponentSpace\SAMLv20\Library\InternalSAMLServiceProvider.cs:line 315\r\n at ComponentSpace.SAML2.InternalSAMLServiceProvider.ProcessSAMLAssertion(SAMLAssertion samlAssertion, String& userName, SAMLAttribute[]& attributes) in c:\Sandboxes\ComponentSpace\SAMLv20\Library\InternalSAMLServiceProvider.cs:line 359\r\n at ComponentSpace.SAML2.InternalSAMLServiceProvider.ProcessSAMLResponse(XmlElement samlResponseElement, Boolean& isInResponseTo, String& userName, SAMLAttribute[]& attributes) in c:\Sandboxes\ComponentSpace\SAMLv20\Library\InternalSAMLServiceProvider.cs:line 429\r\n at ComponentSpace.SAML2.InternalSAMLServiceProvider.ReceiveSSO(HttpRequest httpRequest, Boolean& isInResponseTo, String& partnerIdP, String& userName, SAMLAttribute[]& attributes, String& relayState) in c:\Sandboxes\ComponentSpace\SAMLv20\Library\InternalSAMLServiceProvider.cs:line 703\r\n at ComponentSpace.SAML2.SAMLServiceProvider.ReceiveSSO(HttpRequest httpRequest, Boolean& isInResponseTo, String& partnerIdP, String& userName, IDictionary& attributes, String& relayState) in c:\Sandboxes\ComponentSpace\SAMLv20\Library\SAMLServiceProvider.cs:line 384\r\n at IdentityServer.Saml2.Services.Saml2UserConsumerService.ReceiveSso(HttpRequestMessage request)\r\n at IdentityServer.Saml2.Endpoints.Saml2AssertionConsumerServiceController.d__3.MoveNext()\r\n— End of stack trace from previous location where exception was thrown —\r\n at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)\r\n at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)\r\n at System.Threading.Tasks.TaskHelpersExtensions.d__3.MoveNext()\r\n— End of stack trace from previous location where exception was thrown —\r\n at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)\r\n at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)\r\n at System.Web.Http.Tracing.ITraceWriterExtensions.d__18.MoveNext()\r\n— End of stack trace from previous location where exception was thrown —\r\n at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)\r\n at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)\r\n at System.Web.Http.Controllers.ApiControllerActionInvoker.d__0.MoveNext()\r\n— End of stack trace from previous location where exception was thrown —\r\n at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)\r\n at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)\r\n at System.Web.Http.Tracing.ITraceWriterExtensions.d__18.MoveNext()\r\n— End of stack trace from previous location where exception was thrown —\r\n at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)\r\n at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)\r\n at System.Web.Http.Controllers.ActionFilterResult.d__2.MoveNext()\r\n— End of stack trace from previous location where exception was thrown —\r\n at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)\r\n at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)\r\n at System.Web.Http.Controllers.AuthenticationFilterResult.d__0.MoveNext()\r\n— End of stack trace from previous location where exception was thrown —\r\n at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)\r\n at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)\r\n at System.Web.Http.Tracing.Tracers.HttpControllerTracer.d__5.MoveNext()\r\n— End of stack trace from previous location where exception was thrown —\r\n at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)\r\n at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)\r\n at System.Web.Http.Tracing.ITraceWriterExtensions.d__18.MoveNext()\r\n— End of stack trace from previous location where exception was thrown —\r\n at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)\r\n at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)\r\n at System.Web.Http.Dispatcher.HttpControllerDispatcher.d__1.MoveNext()”}
I can bypass this error (before the next one) by hacking my custom IIDCache implementation to always return true (I’m using Redis to share the config between instances). The error also occurs if I use the OOTB InMemoryIDCache.
Two questions:
1. is this an issue that’s fixed in a later version (I have no idea what we qualify for, I know we’re legit, though 
2. Has someone already written a .Net Framework 4.5.x Saml2AuthenticationMiddleware that handles SP-initiated SSO that I can use?
Thanks
I’m not aware of any issues or related fixes.
Can you check whether SAMLServiceProvider.ReceiveSSO is being called twice unexpectedly?
Have you tried enabling SAML trace to see if it provides any clues?
https://www.componentspace.com/Forums/17/Enabing-SAML-Trace
You’re welcome to email the generated log file to support@componentspace.com mentioning your forum post and we will take a look.
We haven’t written any OWIN middleware.
The SAML v2.0 for ASP.NET Core product does include middleware support and can be integrated with IdentityServer4 if that helps.
https://www.componentspace.com/Forums/8569/IdentityServer4-Integration-Guide
Thanks for the super-quick reply. I enabled tracing and disabled all breakpoints and it worked without an exception. I disabled tracing and it still worked without an exception. Seems like PEBCAK, perhaps the delay caused by breakpoints was introducing an issue.
Let me know if the issue recurs or if you run into any other issues.
Thanks.