I believe there’s a possible race condition in SamlServiceProvider if multiple SAML flows are being started at the same time.
Any advice on how to mitigate?
Situation:
- New private/Incognito tab
- 5 applications using the same ComponentSpace instance configured 99,9% identical to sample in SAMLv20.Core-licensed\SAML for .NET Core\Examples\NET-Core-3.1\SSO\SamlProxy
- Those 5 applications are bookmarked in one Firefox “Bookmark folder”
- Manually open the first application
- SAML ping pong starts, login with upstream identity provider just fine
- Application 1: logged in => everything ok
- On bookmark folder “Open all in tabs”
- Not all the SAML flows complete succesfully because of error: ComponentSpace.Saml2.SamlServiceProvider Receiving an SSO response from a partner identity provider has failed. ComponentSpace.Saml2.Exceptions.SamlProtocolException: An SP-initiated SAML response from was received unexpectedly.
Setup:
- Applications are configured to require authentication on the first request
- services.AddSession() //asp.net sessions
- services.AddScoped<ISsoSessionStore, AspNetSsoSessionStore>();
- app.UseSession();
-