Hi, my company recently started using your SAML SSO for ASP.NET Core library. We were able to successfully integrate it with one of our applications - thank you for providing it!
However, we are working on integrating a second application and would like to set up an IdP proxy application to handle both of them, and we’re running into some issues getting it to work.
So first of all, will the SAML Proxy example project included in the examples folder work out of the box, with just changes to the appsettings configuration files for both the service provider application and the proxy?
Secondly, if it will just work out of the box, we’re getting this error:
An unhandled exception ocurred while processing the request.
SamlProtocolException: The SAML request destination https://[HOST]/samlproxy/SAML/IDP/SingleSignOnService doesn’t match the local provider name or URL.
I believe we have the correct request destinations set in the appsettings.json file of the service provider and the proxy - they certainly match as I’ve copied and pasted from one to the other:
service provider
{
“Name”: “https://[HOST]/samlproxy”,
“Description”: “SAML Proxy”,
“SingleSignOnServiceUrl”: “https://[HOST]/samlproxy/SAML/IDP/SingleSignOnService”,
“SingleLogoutServiceUrl”: “https://[HOST]/samlproxy/SAML/IDP/SingleLogoutService”,
“ArtifactResolutionServiceUrl”: “https://[HOST]/samlproxy/SAML/IDP/ArtifactResolutionService”,
“LocalCertificates”: [
{
“FileName”: “certificates/[CERT]”
}
]
}
proxy
“LocalIdentityProviderConfiguration”: {
“Name”: “https://[HOST]/samlproxy”,
“Description”: “SAML Proxy”,
“SingleSignOnServiceUrl”: “https://[HOST]/samlproxy/SAML/IDP/SingleSignOnService”,
“SingleLogoutServiceUrl”: “https://[HOST]/samlproxy/SAML/IDP/SingleLogoutService”,
“ArtifactResolutionServiceUrl”: “https://[HOST]/samlproxy/SAML/IDP/ArtifactResolutionService”,
“LocalCertificates”: [
{
“FileName”: “certificates/[CERT]”,
“Password”: “[PASSWORD]”
}
]
},
Basically I took the example URLs and put the actual hostname over the different localhost:port from the example appsettings. I did have to put the proxy in its own application pool in IIS to get it to run. Any suggestions?
The SamlProxy should work out of the box. It will most likely be a configuration mismatch but I can’t see anything obviously wrong in the snippets you included.
Please enable SAML trace and send the generated log file as an email attachment to support@componentspace.com mentioning your forum post. SAML trace should already be enabled for the SamlProxy but, if it isn’t, please refer to:
https://www.componentspace.com/Forums/7936/Enabling-SAML-Trace
With help from Mitchell in support I figured this out - flagrant user error. The application was reading from either the appsettings.Development.json or appsettings.Production.json instead of the appsettings.json file that I had customized. I renamed the former two files and the proxy worked (well there are other issues but not related to this, I will reach out to support if I get stuck again). Thanks for your help.
You’re welcome. Thanks for the update.