This is my first post here so please excuse any noob mistakes. I am seeing the below error messages during a SP-initiated authentication. Additionally I am seeing the same session ID with two different inResponseTo ids. I found the below post that seemed related but there was no solution posted. So I have emailed you the detailed SAML trace as you suggested in that post and have referenced this post in that email.
The pending SAML action is being overridden.
ComponentSpace.Saml2.Exceptions.SamlProtocolException: There is no service provider pending a SAML response.
at ComponentSpace.Saml2.SamlIdentityProvider.SendSsoAsync(String userID, IList attributes, String authnContext, Status status)
at ComponentSpace.Saml2.SamlIdentityProvider.SendSsoAsync(String userID, IList attributes, String authnContext)
Thanks for sending the log file. It includes a number of instances where a SAML authn request is sent twice (ie The pending SAML action ReceiveSamlResponse is being overridden).
This can lead to issues with the SAML response received from the IdP not matching the expected response as outlined below.
1. InitiateSsoAsync to create and send SAML authn request #1. Expect SAML response for #1. 2. InitiateSsoAsync to create and send SAML authn request #2. Now expect SAML response for #2. 3. IdP sends SAML response for #1. 4. ReceiveSsoAsync to receive and process the SAML response for #1. 5. Error as expecting SAML response for #2.
To avoid this issue, please ensure you don’t call InitiateSsoAsync a second time.
You can call GetStatusAsync().IsSsoCompletionPending() to check whether a SAML response is pending.
Alternatively, disable the UI (eg button etc) that initiates SSO if this has already been done.
Thanks for sending the log file. It includes a number of instances where a SAML authn request is sent twice (ie The pending SAML action ReceiveSamlResponse is being overridden).
This can lead to issues with the SAML response received from the IdP not matching the expected response as outlined below.
1. InitiateSsoAsync to create and send SAML authn request #1. Expect SAML response for #1. 2. InitiateSsoAsync to create and send SAML authn request #2. Now expect SAML response for #2. 3. IdP sends SAML response for #1. 4. ReceiveSsoAsync to receive and process the SAML response for #1. 5. Error as expecting SAML response for #2.
To avoid this issue, please ensure you don't call InitiateSsoAsync a second time.
You can call GetStatusAsync().IsSsoCompletionPending() to check whether a SAML response is pending.
Alternatively, disable the UI (eg button etc) that initiates SSO if this has already been done.
[/quote]
Hi,
Thanks for your prompt response. Could you please provide a code sample for using GetStatusAsync().IsSsoCompletionPending()? Eg: What would the appropriate response/redirect be in the scenario where it is true.
That depends on your application. If SSO was triggered by a user clicking a button, the button click event would call GetStatusAsync().IsSsoCompletionPending() to check if there’s a pending SSO and if there is it would most likely do nothing. Alternatively, it could display a message saying SSO is in progress.
Normally once the SSO flow starts, control will be immediately passed to the IdP’s website so the user won’t have an opportunity to initiate SSO again. However, it can occur if they use the back button etc.