Hi, we’ve started to receive this error from a customer:
Receiving an SSO response from a partner identity provider has failed. ComponentSpace.Saml2.Exceptions.SamlErrorStatusException:
An error SAML response status (urn:oasis:names:tc:SAML:2.0:status:Responder) was received.
at ComponentSpace.Saml2.SamlServiceProvider.ProcessSamlResponseAsync(XmlElement samlResponseElement)
at ComponentSpace.Saml2.SamlServiceProvider.ReceiveSsoAsync()
- I would like to know if is there a way to reproduce/simulate it in our test enviroment (our test IDP has been created based on your LowLevel example).
- Also, as far I read we can have this issue when there is something wrong with the IDP configuration, am I right?
If so, do you folks know why we don’t receive this error at every request? Let’s say that we are receiving this error in 1 of 7 requests.
Thank you very much
Normally an error status response from the partner IdP means there’s some sort of configuration mismatch. If you’re receiving an error response intermittently this seems unlikely.
Typically the error response doesn’t have any details of what caused the issue. You’ll need to contact the IdP to ask them to check their logs for more details.
Please enable SAML trace and send the generated log file as an email attachment to support@componentspace.com mentioning your forum post.
https://www.componentspace.com/Forums/7936/Enabling-SAML-Trace
It would be good to see an error response as well as a successful response for comparison. We’ll take a look to see if there’s any obvious issues on the SP side.
The ISamlIdentityProvider.SendSsoAsync(Status status) overload may be used to send an error status response.
Thank you very much for your reply.
The log that we have from the IDP is:
2020-09-10 11:22:09,872 tid:1 INFO [com.customer.SPInitAdapterSelector] SP Entity ID received in Authn Selector: 'https://oursp.com/saml/sp’2020-09-10 11:22:09,872 tid:1 INFO [com.customer.SPInitAdapterSelector] Fetching Connection and respective IDP Adapter configuration2020-09-10 11:22:09,872 tid:1 INFO [com.customer.SPInitAdapterSelector] SP Entity Id: 'customerveevavault’2020-09-10 11:22:09,872 tid:1 INFO [com.customer.SPInitAdapterSelector] Validating Authentication Policy for SP Initiated Connection2020-09-10 11:22:09,872 tid:1 INFO [com.customer.SPInitAdapterSelector] Either ‘ReqSpEntityId’ is NULL or No configuration found for the SP Connection2020-09-10 11:22:09,872 tid:1 INFO [com.customer.SPInitAdapterSelector] SP Entity Id: 'https://sp1.mydomain.com/prod’2020-09-10 11:22:09,872 tid:1 INFO [com.customer.SPInitAdapterSelector] Validating Authentication Policy for SP Initiated Connection2020-09-10 11:22:09,872 tid:1 INFO [com.customer.SPInitAdapterSelector] Either ‘ReqSpEntityId’ is NULL or No configuration found for the SP Connection2020-09-10 11:22:09,872 tid:1 INFO [com.customer.SPInitAdapterSelector] SP Entity Id: 'urn:com:exostar:eag’2020-09-10 11:22:09,872 tid:1 INFO [com.customer.SPInitAdapterSelector] Validating Authentication Policy for SP Initiated Connection2020-09-10 11:22:09,872 tid:1 INFO [com.customer.SPInitAdapterSelector] Either ‘ReqSpEntityId’ is NULL or No configuration found for the SP Connection2020-09-10 11:22:09,872 tid:1 INFO [com.customer.SPInitAdapterSelector] SP Entity Id: 'https://oursp.com/saml/sp’2020-09-10 11:22:09,872 tid:1 INFO [com.customer.SPInitAdapterSelector] Validating Authentication Policy for SP Initiated Connection2020-09-10 11:22:09,872 tid:1 INFO [com.customer.SPInitAdapterSelector] Connection ‘https://oursp.com/saml/sp’ configured for SP Initiated Authentication Selection2020-09-10 11:22:09,872 tid:1 INFO [com.customer.SPInitAdapterSelector] Force AuthN Adapter: 'ADFormAdapter’2020-09-10 11:22:09,872 tid:1 INFO [com.customer.SPInitAdapterSelector] Default Adapter: 'ADPRODSSOadapter’2020-09-10 11:22:09,872 tid:1 INFO [com.customer.SPInitAdapterSelector] Forced authentication set in Authentication Request2020-09-10 11:22:09,872 tid:1 INFO [com.customer.SPInitAdapterSelector] Invoking ForceAuth adapter ‘ADFormAdapter’ for 'https://oursp.com/saml/sp’2020-09-10 11:22:09,872 tid:1 INFO [com.customer.SPInitAdapterSelector] SP Entity Id: 'https://new.mydomain.com/prod’2020-09-10 11:22:09,872 tid:1 INFO [com.customer.SPInitAdapterSelector] Validating Authentication Policy for SP Initiated Connection2020-09-10 11:22:09,872 tid:1 INFO [com.customer.SPInitAdapterSelector] Either ‘ReqSpEntityId’ is NULL or No configuration found for the SP Connection
Our sp is the ‘https://oursp.com/saml/sp’
Also, they are using Ping Fed IDP, and it is still an intermittent issue.
thank you very much
It’s not clear what the PingFederate log is showing.
Has the IdP confirmed that they have a partner SP configured with an entity ID of “https://oursp.com/saml/sp”?
It’s not clear from the log but I suspect either they don’t have such an entry or, if they do, it’s not configured correctly.
They should be able to provide more specific information.