Initiation of SSO to the partner identity provider

madu2004 · September 3, 2019, 7:00am

Hi,

I have used the example of the ExampleServiceProvider in one of our web applications. The IDP is PingOne and I have successfully initiated the SSO to the partner identity provider but I am not directed to the Pingone site for SSO. Not sure why its not working. Please help.

aspx.page: Begin PreInit
aspx.page: End PreInit
aspx.page: Begin Init
aspx.page: End Init
aspx.page: Begin InitComplete
aspx.page: End InitComplete
aspx.page: Begin PreLoad
aspx.page: End PreLoad
aspx.page: Begin Load
aspx.page: End Load
aspx.page: Begin LoadComplete
aspx.page: End LoadComplete
aspx.page: Begin PreRender
aspx.page: End PreRender
aspx.page: Begin PreRenderComplete
aspx.page: End PreRenderComplete
aspx.page: Begin SaveState
aspx.page: End SaveState
aspx.page: Begin SaveStateComplete
aspx.page: End SaveStateComplete
aspx.page: Begin Render
aspx.page: End Render
2740/9: 03/09/2019 09:50:35: ComponentSpace.SAML2, Version=3.4.0.0, Culture=neutral, PublicKeyToken=16647a1283418145, .NET v4.0 build, Evaluation.
2740/9: 03/09/2019 09:50:35: CLR: 4.0.30319.42000, OS: Microsoft Windows NT 6.1.7601 Service Pack 1, Account: madhu-PC\madhu, Culture: English (United Kingdom)
2740/9: 03/09/2019 09:50:35: Initializing the SAML environment.
2740/9: 03/09/2019 09:50:35: Loading the SAML configuration file E:\Projects\MailTrack\MailTrack Updated 30082019\MailTrack\WebApplication\saml.config.
2740/9: 03/09/2019 09:50:35: SAML configuration:
<?xml version="1.0"?>

<ServiceProvider Name=“<a href=“https://ExampleServiceProvider””>https://ExampleServiceProvider"
Description=“Example Service Provider”
AssertionConsumerServiceUrl=“~/SAML/AssertionConsumerService.aspx”
LocalCertificateFile=“Certificates\sp.pfx”
LocalCertificatePassword=“********”/>

<PartnerIdentityProvider Name=“<a href=“https://ExampleIdentityProvider””>https://ExampleIdentityProvider"
Description=“Example Identity Provider”
SignAuthnRequest=“true”
SingleSignOnServiceUrl=“<a href=“https://localhost:44390/SAML/SSOService.aspx””>https://localhost:44390/SAML/SSOService.aspx"
SingleLogoutServiceUrl=“<a href=“https://localhost:44390/SAML/SLOService.aspx””>https://localhost:44390/SAML/SLOService.aspx"
PartnerCertificateFile=“Certificates\idp.cer”/>

<PartnerIdentityProvider Name=“<a href=“https://MvcExampleIdentityProvider””>https://MvcExampleIdentityProvider"
Description=“MVC Example Identity Provider”
SignAuthnRequest=“true”
SingleSignOnServiceUrl=“<a href=“https://localhost:44363/SAML/SingleSignOnService””>https://localhost:44363/SAML/SingleSignOnService"
SingleLogoutServiceUrl=“<a href=“https://localhost:44363/SAML/SingleLogoutService””>https://localhost:44363/SAML/SingleLogoutService"
PartnerCertificateFile=“Certificates\idp.cer”/>

<PartnerIdentityProvider Name=“<a href=“http://adfs.test/adfs/services/trust””>http://adfs.test/adfs/services/trust"
Description=“ADFS”
SignAuthnRequest=“true”
SignLogoutRequest=“true”
SignLogoutResponse=“true”
WantAssertionEncrypted=“true”
WantLogoutResponseSigned=“true”
SingleSignOnServiceUrl=“<a href=“https://adfs.test/adfs/ls/””>https://adfs.test/adfs/ls/“
SingleLogoutServiceUrl=”<a href=“https://adfs.test/adfs/ls/”“>https://adfs.test/adfs/ls/”
PartnerCertificateFile=“Certificates\adfs.cer”/>

<PartnerIdentityProvider Name=“<a href=“https://sts.windows.net/f2f933ec-d7c9-433f-8926-d3a0732a7dcf/””>https://sts.windows.net/f2f933ec-d7c9-433f-8926-d3a0732a7dcf/“
Description=“Azure AD”
SignLogoutRequest=“true”
WantLogoutResponseSigned=“true”
SingleSignOnServiceUrl=”<a href=“https://login.microsoftonline.com/f2f933ec-d7c9-433f-8926-d3a0732a7dcf/saml2"”>https://login.microsoftonline.com/f2f933ec-d7c9-433f-8926-d3a0732a7dcf/saml2"
SingleLogoutServiceUrl=“<a href=“https://login.microsoftonline.com/f2f933ec-d7c9-433f-8926-d3a0732a7dcf/saml2"”>https://login.microsoftonline.com/f2f933ec-d7c9-433f-8926-d3a0732a7dcf/saml2”
PartnerCertificateFile=“Certificates\azure.cer”/>

<PartnerIdentityProvider Name=“<a href=“http://www.okta.com/exk89rwwiahjnDQiv0h7"”>http://www.okta.com/exk89rwwiahjnDQiv0h7”
Description=“Okta”
SignAuthnRequest=“true”
SignLogoutRequest=“true”
SignLogoutResponse=“true”
WantLogoutRequestSigned=“true”
WantLogoutResponseSigned=“true”
SingleSignOnServiceUrl=“<a href=“https://componentspace.oktapreview.com/app/componentspacedev527539_exampleserviceprovider_3/exk89rwwiahjnDQiv0h7/sso/saml””>https://componentspace.oktapreview.com/app/componentspacedev527539_exampleserviceprovider_3/exk89rwwiahjnDQiv0h7/sso/saml"
SingleLogoutServiceUrl=“<a href=“https://componentspace.oktapreview.com/app/componentspacedev527539_exampleserviceprovider_3/exk89rwwiahjnDQiv0h7/slo/saml””>https://componentspace.oktapreview.com/app/componentspacedev527539_exampleserviceprovider_3/exk89rwwiahjnDQiv0h7/slo/saml"
PartnerCertificateFile=“Certificates\okta.cer”/>

<PartnerIdentityProvider Name=“<a href=“https://accounts.google.com/o/saml2?idpid=C03kl4l11"”>https://accounts.google.com/o/saml2?idpid=C03kl4l11”
Description=“Google”
SingleSignOnServiceUrl=“<a href=“https://accounts.google.com/o/saml2/idp?idpid=C03kl4l11"”>https://accounts.google.com/o/saml2/idp?idpid=C03kl4l11”
PartnerCertificateFile=“Certificates\google.cer”/>

<PartnerIdentityProvider Name=“<a href=“https://componentspace-dev-ed.my.salesforce.com””>https://componentspace-dev-ed.my.salesforce.com"
Description=“Salesforce”
SingleSignOnServiceUrl=“<a href=“https://componentspace-dev-ed.my.salesforce.com/idp/endpoint/HttpRedirect””>https://componentspace-dev-ed.my.salesforce.com/idp/endpoint/HttpRedirect"
PartnerCertificateFile=“Certificates\salesforce.cer”/>

<PartnerIdentityProvider Name=“<a href=“https://samltest.id/saml/idp””>https://samltest.id/saml/idp"
Description=“Shibboleth”
SignLogoutRequest=“true”
SignLogoutResponse=“true”
SingleSignOnServiceUrl=“<a href=“https://samltest.id/idp/profile/SAML2/Redirect/SSO””>https://samltest.id/idp/profile/SAML2/Redirect/SSO"
SingleLogoutServiceUrl=“<a href=“https://samltest.id/idp/profile/SAML2/Redirect/SLO””>https://samltest.id/idp/profile/SAML2/Redirect/SLO"
PartnerCertificateFile=“Certificates\shibboleth1.cer”
SecondaryPartnerCertificateFile=“Certificates\shibboleth2.cer”/>

<PartnerIdentityProvider Name=“localhost”
Description=“WSO2 Identity Server”
SingleSignOnServiceUrl=“<a href=“https://localhost:9443/samlsso””>https://localhost:9443/samlsso"
SingleLogoutServiceUrl=“<a href=“https://localhost:9443/samlsso””>https://localhost:9443/samlsso"
PartnerCertificateFile=“Certificates\wso2.cer”/>

<PartnerIdentityProvider Name=“<a href=“https://app.onelogin.com/saml/metadata/589361"”>https://app.onelogin.com/saml/metadata/589361”
Description=“OneLogin”
SingleSignOnServiceUrl=“<a href=“https://componentspacetest-dev.onelogin.com/trust/saml2/http-redirect/sso/589361"”>https://componentspacetest-dev.onelogin.com/trust/saml2/http-redirect/sso/589361”
SingleLogoutServiceUrl=“<a href=“https://componentspacetest-dev.onelogin.com/trust/saml2/http-redirect/slo/589361"”>https://componentspacetest-dev.onelogin.com/trust/saml2/http-redirect/slo/589361”
PartnerCertificateFile=“Certificates\onelogin.cer”/>

<PartnerIdentityProvider Name=“<a href=“https://pingone.com/idp/intandemsolutions””>https://pingone.com/idp/intandemsolutions"
Description=“PingOne”
SingleSignOnServiceUrl=“<a href=“https://sso.connect.pingidentity.com/sso/idp/SSO.saml2?idpid=d044d123-a9cf-469a-847b-cdd340ee1c16"”>https://sso.connect.pingidentity.com/sso/idp/SSO.saml2?idpid=d044d123-a9cf-469a-847b-cdd340ee1c16”
SingleLogoutServiceUrl=“<a href=“https://sso.connect.pingidentity.com/sso/SLO.saml2"”>https://sso.connect.pingidentity.com/sso/SLO.saml2”
PartnerCertificateFile=“Certificates\idp-signing.crt”/>

<PartnerIdentityProvider Name=“<a href=“https://www.bitium.com/componentspace.com””>https://www.bitium.com/componentspace.com"
Description=“Bitium”
SignAuthnRequest=“true”
SingleSignOnServiceUrl=“<a href=“https://www.bitium.com/componentspace.com/saml/83926/auth””>https://www.bitium.com/componentspace.com/saml/83926/auth"
PartnerCertificateFile=“Certificates\bitium.cer”/>

<PartnerIdentityProvider Name=“<a href=“https://aam0904.my.centrify.com/48df688f-4247-424b-b393-3f55025b5a60"”>https://aam0904.my.centrify.com/48df688f-4247-424b-b393-3f55025b5a60”
Description=“Centrify”
SingleSignOnServiceUrl=“<a href=“https://aam0904.my.centrify.com/applogin/appKey/48df688f-4247-424b-b393-3f55025b5a60/customerId/AAM0904"”>https://aam0904.my.centrify.com/applogin/appKey/48df688f-4247-424b-b393-3f55025b5a60/customerId/AAM0904”
PartnerCertificateFile=“Certificates\centrify.cer”/>

2740/9: 03/09/2019 09:50:35: The SAML configuration file has been successfully loaded.
2740/9: 03/09/2019 09:50:35: SAML configuration changes in the directory E:\Projects\MailTrack\MailTrack Updated 30082019\MailTrack\WebApplication are being monitored.
2740/9: 03/09/2019 09:50:35: The SAML environment has been successfuly initialized.
2740/9: 03/09/2019 09:50:35: The SAML_SessionId cookie with value 0119c3f0-1f58-4318-bc71-eb3d22315a95 has been set.
2740/9: 03/09/2019 09:50:35: Initiating SSO to the partner identity provider https://pingone.com/idp/intandemsolutions.
2740/9: 03/09/2019 09:50:35: Service provider session (0119c3f0-1f58-4318-bc71-eb3d22315a95) state:
2740/9: 03/09/2019 09:50:35: Sending request over HTTP Redirect, baseURL=https://sso.connect.pingidentity.com/sso/idp/SSO.saml2?idpid=d044d123-a9cf-469a-847b-cdd340ee1c16, samlMessage=<samlp:AuthnRequest ID=“_30b747bc-ddc4-4ba5-8915-74e496d5ac04” Version=“2.0” IssueInstant=“2019-09-03T08:50:35.435Z” Destination=“<a href=“https://sso.connect.pingidentity.com/sso/idp/SSO.saml2?idpid=d044d123-a9cf-469a-847b-cdd340ee1c16"”>https://sso.connect.pingidentity.com/sso/idp/SSO.saml2?idpid=d044d123-a9cf-469a-847b-cdd340ee1c16” ForceAuthn=“false” IsPassive=“false” ProtocolBinding=“urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST” AssertionConsumerServiceURL=“<a href=“https://localhost:44338/SAML/AssertionConsumerService.aspx””>https://localhost:44338/SAML/AssertionConsumerService.aspx" xmlns:samlp=“urn:oasis:names:tc:SAML:2.0:protocol”><saml:Issuer xmlns:saml=“urn:oasis:names:tc:SAML:2.0:assertion”>https://ExampleServiceProvider</saml:Issuer><samlp:NameIDPolicy Format=“urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified” AllowCreate=“true” /></samlp:AuthnRequest>, relayState=
2740/9: 03/09/2019 09:50:35: Creating HTTP redirect query string.
2740/9: 03/09/2019 09:50:35: Encoding SAML message: <samlp:AuthnRequest ID=“_30b747bc-ddc4-4ba5-8915-74e496d5ac04” Version=“2.0” IssueInstant=“2019-09-03T08:50:35.435Z” Destination=“<a href=“https://sso.connect.pingidentity.com/sso/idp/SSO.saml2?idpid=d044d123-a9cf-469a-847b-cdd340ee1c16"”>https://sso.connect.pingidentity.com/sso/idp/SSO.saml2?idpid=d044d123-a9cf-469a-847b-cdd340ee1c16” ForceAuthn=“false” IsPassive=“false” ProtocolBinding=“urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST” AssertionConsumerServiceURL=“<a href=“https://localhost:44338/SAML/AssertionConsumerService.aspx””>https://localhost:44338/SAML/AssertionConsumerService.aspx" xmlns:samlp=“urn:oasis:names:tc:SAML:2.0:protocol”><saml:Issuer xmlns:saml=“urn:oasis:names:tc:SAML:2.0:assertion”>https://ExampleServiceProvider</saml:Issuer><samlp:NameIDPolicy Format=“urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified” AllowCreate=“true” /></samlp:AuthnRequest>
2740/9: 03/09/2019 09:50:35: Encoded SAML message: fVLLbtswEPwVgXfqYVG2RVgu3LhFDaSNEDk59FLQ5LomIJEql3Kdvy8lJ216SABeONzdmdnhCkXX9nwz+JO5h18DoI9224r8yNPDgi0OkiolGWUHUdBlmRV0wYCVc1UImTISPYJDbU1FZnFKoh3iADuDXhgfoDQraRpOvk+XvEh5XsQsL76TaBtYtBF+6jx53yNPEkQbS2sMSB/32vzUCozX/imA3fiYaNUnTXMXj4pnH8JNq0qljKlsllNRyiNl81LQZVBNpVI5SwEymc1J9Nk6CZPFihxFizBKrQWiPsNfpHbWW2nbj9qoQF+RwRluBWrkRnSA3EvebL7e8mCVH65FyL/s9zWt75o9iTaI4EZPN9bg0IFrwJ21hIf7238uWytFe7LoOWN5vkzGiclbnbHA/kKiS9ca5FNQ76vqny2Q9Wqs5lMe7lX/++3iRQZZv8j9dBFd38KznrCic4jFrZJX469cPf8W5u22tW21fBo33gn/Nl0WZxOiFT1OpXww2IPURw0qrLJt7e8bB8KHfLwbQjzJ+sr6/19d/wE=
2740/9: 03/09/2019 09:50:35: Query string: SAMLRequest=fVLLbtswEPwVgXfqYVG2RVgu3LhFDaSNEDk59FLQ5LomIJEql3Kdvy8lJ216SABeONzdmdnhCkXX9nwz%2BJO5h18DoI9224r8yNPDgi0OkiolGWUHUdBlmRV0wYCVc1UImTISPYJDbU1FZnFKoh3iADuDXhgfoDQraRpOvk%2BXvEh5XsQsL76TaBtYtBF%2B6jx53yNPEkQbS2sMSB%2F32vzUCozX%2FimA3fiYaNUnTXMXj4pnH8JNq0qljKlsllNRyiNl81LQZVBNpVI5SwEymc1J9Nk6CZPFihxFizBKrQWiPsNfpHbWW2nbj9qoQF%2BRwRluBWrkRnSA3EvebL7e8mCVH65FyL%2Fs9zWt75o9iTaI4EZPN9bg0IFrwJ21hIf7238uWytFe7LoOWN5vkzGiclbnbHA%2FkKiS9ca5FNQ76vqny2Q9Wqs5lMe7lX%2F%2B%2B3iRQZZv8j9dBFd38KznrCic4jFrZJX469cPf8W5u22tW21fBo33gn%2FNl0WZxOiFT1OpXww2IPURw0qrLJt7e8bB8KHfLwbQjzJ%2Bsr6%2F19d%2FwE%3D
2740/9: 03/09/2019 09:50:35: Redirect URL: https://sso.connect.pingidentity.com/sso/idp/SSO.saml2?idpid=d044d123-a9cf-469a-847b-cdd340ee1c16&SAMLRequest=fVLLbtswEPwVgXfqYVG2RVgu3LhFDaSNEDk59FLQ5LomIJEql3Kdvy8lJ216SABeONzdmdnhCkXX9nwz%2BJO5h18DoI9224r8yNPDgi0OkiolGWUHUdBlmRV0wYCVc1UImTISPYJDbU1FZnFKoh3iADuDXhgfoDQraRpOvk%2BXvEh5XsQsL76TaBtYtBF%2B6jx53yNPEkQbS2sMSB%2F32vzUCozX%2FimA3fiYaNUnTXMXj4pnH8JNq0qljKlsllNRyiNl81LQZVBNpVI5SwEymc1J9Nk6CZPFihxFizBKrQWiPsNfpHbWW2nbj9qoQF%2BRwRluBWrkRnSA3EvebL7e8mCVH65FyL%2Fs9zWt75o9iTaI4EZPN9bg0IFrwJ21hIf7238uWytFe7LoOWN5vkzGiclbnbHA%2FkKiS9ca5FNQ76vqny2Q9Wqs5lMe7lX%2F%2B%2B3iRQZZv8j9dBFd38KznrCic4jFrZJX469cPf8W5u22tW21fBo33gn%2FNl0WZxOiFT1OpXww2IPURw0qrLJt7e8bB8KHfLwbQjzJ%2Bsr6%2F19d%2FwE%3D
2740/9: 03/09/2019 09:50:35: Redirecting to: https://sso.connect.pingidentity.com/sso/idp/SSO.saml2?idpid=d044d123-a9cf-469a-847b-cdd340ee1c16&SAMLRequest=fVLLbtswEPwVgXfqYVG2RVgu3LhFDaSNEDk59FLQ5LomIJEql3Kdvy8lJ216SABeONzdmdnhCkXX9nwz%2BJO5h18DoI9224r8yNPDgi0OkiolGWUHUdBlmRV0wYCVc1UImTISPYJDbU1FZnFKoh3iADuDXhgfoDQraRpOvk%2BXvEh5XsQsL76TaBtYtBF%2B6jx53yNPEkQbS2sMSB%2F32vzUCozX%2FimA3fiYaNUnTXMXj4pnH8JNq0qljKlsllNRyiNl81LQZVBNpVI5SwEymc1J9Nk6CZPFihxFizBKrQWiPsNfpHbWW2nbj9qoQF%2BRwRluBWrkRnSA3EvebL7e8mCVH65FyL%2Fs9zWt75o9iTaI4EZPN9bg0IFrwJ21hIf7238uWytFe7LoOWN5vkzGiclbnbHA%2FkKiS9ca5FNQ76vqny2Q9Wqs5lMe7lX%2F%2B%2B3iRQZZv8j9dBFd38KznrCic4jFrZJX469cPf8W5u22tW21fBo33gn%2FNl0WZxOiFT1OpXww2IPURw0qrLJt7e8bB8KHfLwbQjzJ%2Bsr6%2F19d%2FwE%3D
2740/9: 03/09/2019 09:50:35: Request sent over HTTP Redirect.
2740/9: 03/09/2019 09:50:35: SAML message sent: partner=https://pingone.com/idp/intandemsolutions, message=<samlp:AuthnRequest ID=“_30b747bc-ddc4-4ba5-8915-74e496d5ac04” Version=“2.0” IssueInstant=“2019-09-03T08:50:35.435Z” Destination=“<a href=“https://sso.connect.pingidentity.com/sso/idp/SSO.saml2?idpid=d044d123-a9cf-469a-847b-cdd340ee1c16"”>https://sso.connect.pingidentity.com/sso/idp/SSO.saml2?idpid=d044d123-a9cf-469a-847b-cdd340ee1c16” ForceAuthn=“false” IsPassive=“false” ProtocolBinding=“urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST” AssertionConsumerServiceURL=“<a href=“https://localhost:44338/SAML/AssertionConsumerService.aspx””>https://localhost:44338/SAML/AssertionConsumerService.aspx" xmlns:samlp=“urn:oasis:names:tc:SAML:2.0:protocol”><saml:Issuer xmlns:saml=“urn:oasis:names:tc:SAML:2.0:assertion”>https://ExampleServiceProvider</saml:Issuer><samlp:NameIDPolicy Format=“urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified” AllowCreate=“true” /></samlp:AuthnRequest>, relay state=, destination URL=https://sso.connect.pingidentity.com/sso/idp/SSO.saml2?idpid=d044d123-a9cf-469a-847b-cdd340ee1c16
2740/9: 03/09/2019 09:50:35: The SAML_SessionId cookie with value b1419e4e-14d3-4cfb-a721-b5766ba1a5e1 has been set.
2740/9: 03/09/2019 09:50:35: Service provider session (b1419e4e-14d3-4cfb-a721-b5766ba1a5e1) state:
Pending response state:
Action: ReceiveSamlResponse
Partner name: https://pingone.com/idp/intandemsolutions
Relay state:
In response to: _30b747bc-ddc4-4ba5-8915-74e496d5ac04

2740/9: 03/09/2019 09:50:35: Initiation of SSO to the partner identity provider https://pingone.com/idp/intandemsolutions has completed successfully.

ComponentSpace · September 3, 2019, 1:52pm

Everything looks correct in the log. You should have been redirected to PingOne and be prompted to login.
What do you see in the browser?
Are you still at your site or at PingOne?
The SAML authn request is sent to PingOne using an HTTP 302 redirect.
Make sure that your application isn’t writing to the HTTP response and overriding this 302.