[quote]ComponentSpace - 9/27/2021
You should have the partner identity provider's certificate as this is used to verify the signature on the SAML response or assertion returned by the identity provider.
I suggest emailing us the SAML log file if you need assistance debugging the current issue.
Looking at the log file I think the issue is that it is sending a form to the IdP. I think it should be sending them params in a POST body, then they are going to present a form to the user.
Is this normal behavior? Should I send you the log file or does this point to a configuration issue?
[/quote]Also, the IdP has their certificate exposed in their metadata endpoint like so:
"="">
"="">"="">"="">">http://www.w3.org/2000/09/xmldsig#">base64String
Does this work with SAML for .NET or do I need the actual certificate stored in the Certificates folder?
[/quote]Hi again!
We worked out the first issue, as I thought, they needed my cert not just my key as they had asked. Now I am able to initiate the flow and get an exception that I think might point to my not having a copy of their cert (available from their metadata as stated earlier).
I get this in the log file: Initiation of SSO to the partner identity provider
https://globalsignin.cobalttest.net has completed successfully.
But on the web page, I get an exception saying the "The partner identity provider xxx is not configured" which they obviously are. Does this point to my not having their cert? Would you like me to send you the log file?
Thanks again for all your help!
[/quote]That sounds like a configuration issue rather than a certificate issue. You should have a entry with a Name of "xxx".
You're welcome to send the SAML log file as an email attachment to
support@componentspace.com if you'd like us to take a look.
[/quote]I do have that, I don't think I could connect to them at all otherwise. Here it is with their name changed:
<PartnerIdentityProvider
Name="
https://my-idp.net" Description="Global Sign In IdP"
SignAuthnRequest="true"
SingleSignOnServiceBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
SingleSignOnServiceUrl="
https://my-idp.net/Authentication/SAML2IDP/CertificationPortal/SingleSignonService.ashx" SingleLogoutServiceUrl="
"="">">https://my-idp.net/Authentication/SAML2IDP/CertificationPortal/SingleLogoutService.ashx"> [/quote]Here is the stack trace if helpful:
[SAMLConfigurationException: The partner identity provider https://my-idp.net/ is not configured.]
ComponentSpace.SAML2.Configuration.Resolver.SAMLConfigurationResolver.GetPartnerIdentityProviderConfiguration(String configurationID, String partnerName) +457
ComponentSpace.SAML2.InternalSAMLServiceProvider.GetPartnerIdentityProviderConfiguration(String partnerName) +29
ComponentSpace.SAML2.InternalSAMLServiceProvider.ReceiveSSO(HttpRequestBase httpRequest, Boolean& isInResponseTo, String& partnerIdP, String& authnContext, String& userName, SAMLAttribute[]& attributes, String& relayState) +102
CertificationPortal.Controllers.SamlController.AssertionConsumerService() in C:\Users\paul.keefe\Source\Repos\CertificationPortal\CertificationPortal\Controllers\SamlController.cs:61
lambda_method(Closure , ControllerBase , Object[] ) +62
System.Web.Mvc.ActionMethodDispatcher.Execute(ControllerBase controller, Object[] parameters) +14
System.Web.Mvc.ReflectedActionDescriptor.Execute(ControllerContext controllerContext, IDictionary parameters) +169
System.Web.Mvc.ControllerActionInvoker.InvokeActionMethod(ControllerContext controllerContext, ActionDescriptor actionDescriptor, IDictionary parameters) +27
System.Web.Mvc.Async.<>c.b__9_0(IAsyncResult asyncResult, ActionInvocation innerInvokeState) +22
System.Web.Mvc.Async.WrappedAsyncResult.CallEndDelegate(IAsyncResult asyncResult) +29
System.Web.Mvc.Async.WrappedAsyncResultBase.End() +49
System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeActionMethod(IAsyncResult asyncResult) +32
System.Web.Mvc.Async.<>c__DisplayClass11_0.b__0() +58
System.Web.Mvc.Async.<>c__DisplayClass11_2.b__2() +228
System.Web.Mvc.Async.<>c__DisplayClass7_0.b__1(IAsyncResult asyncResult) +10
System.Web.Mvc.Async.WrappedAsyncResult.CallEndDelegate(IAsyncResult asyncResult) +10
System.Web.Mvc.Async.WrappedAsyncResultBase.End() +49
System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeActionMethodWithFilters(IAsyncResult asyncResult) +34
System.Web.Mvc.Async.<>c__DisplayClass3_6.b__4() +35
System.Web.Mvc.Async.<>c__DisplayClass3_1.b__1(IAsyncResult asyncResult) +100
System.Web.Mvc.Async.WrappedAsyncResult.CallEndDelegate(IAsyncResult asyncResult) +10
System.Web.Mvc.Async.WrappedAsyncResultBase.End() +49
System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeAction(IAsyncResult asyncResult) +27
System.Web.Mvc.<>c.b__152_1(IAsyncResult asyncResult, ExecuteCoreState innerState) +11
System.Web.Mvc.Async.WrappedAsyncVoid.CallEndDelegate(IAsyncResult asyncResult) +29
System.Web.Mvc.Async.WrappedAsyncResultBase.End() +49
System.Web.Mvc.Controller.EndExecuteCore(IAsyncResult asyncResult) +45
System.Web.Mvc.<>c.b__151_2(IAsyncResult asyncResult, Controller controller) +13
System.Web.Mvc.Async.WrappedAsyncVoid.CallEndDelegate(IAsyncResult asyncResult) +22
System.Web.Mvc.Async.WrappedAsyncResultBase.End() +49
System.Web.Mvc.Controller.EndExecute(IAsyncResult asyncResult) +26
System.Web.Mvc.Controller.System.Web.Mvc.Async.IAsyncController.EndExecute(IAsyncResult asyncResult) +10
System.Web.Mvc.<>c.b__20_1(IAsyncResult asyncResult, ProcessRequestState innerState) +28
System.Web.Mvc.Async.WrappedAsyncVoid.CallEndDelegate(IAsyncResult asyncResult) +29
System.Web.Mvc.Async.WrappedAsyncResultBase.End() +49
System.Web.Mvc.MvcHandler.EndProcessRequest(IAsyncResult asyncResult) +28
System.Web.Mvc.MvcHandler.System.Web.IHttpAsyncHandler.EndProcessRequest(IAsyncResult result) +9
System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +577
System.Web.HttpApplication.ExecuteStepImpl(IExecutionStep step) +132
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +163