I have an application that is trying to serve as IdP and is trying to initiate SAML SSO to Service Provider and I am getting the error - Failed to send the SAML message over HTTP-Post.
This is a result from the call:
await amlIdentityProvider.InitiateSsoAsync(serviceUserInfo.SamlIssuerUrl, serviceUserInfo.UserID, attributes, relayState);
Below is the stack trace:
12:56:01:6455 Debug [ComponentSpace.Saml2.Session.DistributedSsoSessionStore] [] [] [45156] : SSO session state for saml-session-jsobzAmevwp0CHA3eKVfXfN8-SamlState is being saved to the distributed cache.
12:56:01:6930 Debug [ComponentSpace.Saml2.SamlIdentityProvider] [] [] [45156] : Sending the SAML response.
12:56:01:6947 Debug [ComponentSpace.Saml2.Bindings.Post.HttpPostBinding] [] [] [45156] : Sending a SAML message over HTTP-Post.
12:56:01:6959 Error [ComponentSpace.Saml2.SamlIdentityProvider] [] [] [45156] : Initiation of SSO to the partner service provider ********* has failed.
ComponentSpace.Saml2.Exceptions.SamlBindingException: Failed to send the SAML message over HTTP-Post.
—> System.NullReferenceException: Object reference not set to an instance of an object.
at ComponentSpace.Saml2.Bindings.AspNetHttpResponse.AddHeader(String headerName, StringValues headerValues)
at ComponentSpace.Saml2.Bindings.Post.HttpPostBinding.SendMessageAsync(String url, String message, Boolean isResponse, String relayState)
— End of inner exception stack trace —
at ComponentSpace.Saml2.Bindings.Post.HttpPostBinding.SendMessageAsync(String url, String message, Boolean isResponse, String relayState)
at ComponentSpace.Saml2.SamlProvider.SendMessageAsync(String destinationUrl, String binding, XmlElement messageElement, Boolean isResponse, String relayState, AsymmetricAlgorithm key, String signatureAlgorithm)
at ComponentSpace.Saml2.SamlIdentityProvider.SendSamlResponseAsync(XmlElement samlResponseElement, String relayState, String assertionConsumerServiceUrl, String assertionConsumerServiceBinding)
at ComponentSpace.Saml2.SamlIdentityProvider.InitiateSsoAsync(String partnerName, String userID, IList`1 attributes, String relayState, String authnContext, String nameIDFormat)
What am I missing? Is the HTTP context null?
Thank you for your help !
AspNetHttpResponse.AddHeader
is attempting at add an HTTP header to the HTTP response as part of sending the SAML message.
The HTTP response is accessed through the IHttpContextAccessor.HttpContext
which appears to be null.
Can you access the HttpContext in your application?
I suggest taking a look at the ExampleIdentityProvider
project, and especially its Program.cs, to see if there are any obvious differences.
If we inspect the property IHttpContextAccessor.HttpContext of SamlIdentityProvider on the line “await SamlIdentityProvider.InitiateSsoAsync” it is not null. But within the code it becomes null, I this it has something to do with the distributed session store.
What makes you think it might be something to do with the distributed session store?
Please enable SAML trace and send the generated log file as an email attachment to support@componentSpace.com mentioning your forum post.
Also, are you able to reproduce the issue in a simple test app?
If so, please zip up the source code and project and include this so we can attempt to reproduce the problem here.
There must be something a little different about the app or the environment in which it runs to cause such a fundamental problem.
Any ideas what might be different about this app or the environment?
Thanks.