SSO on mvc.net web api project

Hi -

I have an MVC.NET web API project that I need to get SSO to work. Since this is a Web API project, I’m planning to use DatabaseSSOSessionStore to store the session ID.
I created the session table in the DB as per your documentation but nothing seems to be writing to the table.
Here’s my code:

string connString = System.Configuration.ConfigurationManager.ConnectionStrings[“DefaultConnection”].ToString();
SAMLController.SSOSessionStore = new DatabaseSSOSessionStore(“System.Data.SqlClient”, connString, “SAML_SSO_Sessions”);

string partnerSP = System.Configuration.ConfigurationManager.AppSettings[“ws_DotLoop_SAML”];
string targetUrl = “”;
string userName = “”;
HttpResponse response = null;

userName = User.Identity.Name;
AssociateObject loggedInUser = GetAssociate(userName);

IDictionary<string, string> attributes = new Dictionary<string, string>();
attributes.Add(“email”, loggedInUser.email);

SAMLIdentityProvider.InitiateSSO(
response,
userName,
attributes,
targetUrl,
partnerSP);



Here’s the output from the logs (masked sensitive areas):

iisexpress.exe Information: 0 : DotNetOpenAuth.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=2780ccd10d57b246 (official)
iisexpress.exe Information: 0 : Reporting will use isolated storage with scope: User, Domain, Assembly
ComponentSpace.SAML2 Verbose: 0 : 12244/93: 3/6/2019 11:37:30 AM: ComponentSpace.SAML2, Version=2.6.0.18, Culture=neutral, PublicKeyToken=7c51d97b3a0a8ff9, .NET v4.0 build (retail license).
ComponentSpace.SAML2 Verbose: 0 : 12244/93: 3/6/2019 11:37:30 AM: CLR: 4.0.30319.42000, OS: Microsoft Windows NT 10.0.17134.0, Account: *****, Culture: English (United States)
ComponentSpace.SAML2 Verbose: 0 : 12244/93: 3/6/2019 11:37:30 AM: The database SSO session store provider name is System.Data.SqlClient, the connection string is **** and the table name is SAML_SSO_Sessions.
ComponentSpace.SAML2 Verbose: 0 : 12244/93: 3/6/2019 11:37:30 AM: The SSO session store is DatabaseSSOSessionStore.
ComponentSpace.SAML2 Verbose: 0 : 12244/93: 3/6/2019 11:37:30 AM: Initializing the SAML environment.
ComponentSpace.SAML2 Verbose: 0 : 12244/93: 3/6/2019 11:37:30 AM: Loading the SAML configuration file C:\inetpub\wwwroot\RC_Web-API\TORC_V2_Mobile_API\saml.config.
ComponentSpace.SAML2 Verbose: 0 : 12244/93: 3/6/2019 11:37:30 AM: The SAML configuration file has been successfully loaded.
ComponentSpace.SAML2 Verbose: 0 : 12244/93: 3/6/2019 11:37:30 AM: SAML configuration changes in the directory C:\inetpub\wwwroot\RC_Web-API\TORC_V2_Mobile_API are being monitored.
ComponentSpace.SAML2 Verbose: 0 : 12244/93: 3/6/2019 11:37:30 AM: The default SAML configuration has been loaded.
ComponentSpace.SAML2 Verbose: 0 : 12244/93: 3/6/2019 11:37:30 AM: The local identity provider is *****.
ComponentSpace.SAML2 Verbose: 0 : 12244/93: 3/6/2019 11:37:30 AM: The partner service provider is *****
ComponentSpace.SAML2 Verbose: 0 : 12244/93: 3/6/2019 11:37:30 AM: The SAML environment has been successfuly initialized.
ComponentSpace.SAML2 Verbose: 0 : 12244/93: 3/6/2019 11:37:30 AM: The IdentityProviderSession is being loaded from the database SSO session store.
ComponentSpace.SAML2 Verbose: 0 : 12244/93: 3/6/2019 11:37:30 AM: Database provider name: System.Data.SqlClient.
ComponentSpace.SAML2 Verbose: 0 : 12244/93: 3/6/2019 11:37:30 AM: Exception: ComponentSpace.SAML2.Exceptions.SAMLEnvironmentException: There is no HTTP session state as ASP.NET session cookies are not enabled.
ComponentSpace.SAML2 Verbose: 0 : 12244/93: 3/6/2019 11:37:30 AM: at ComponentSpace.SAML2.Utility.SAML.GetHttpSessionState()

Since this is a web api project, I don’t have ASP.NET session cookies enabled. But according to the logs it’s still trying to use session cookies even though I am specifying SSOSessionStore = DatabaseSSOSessionStore.

I am quite new to this so any help would be greatly appreciated. Thanks!



In the product version you have we still use the ASP.NET session ID as the key into the SSO session store.
In later releases we use a separate cookie to provide the key so you don’t have to enable ASP.NET sessions.
You could enable ASP.NET session cookies enabled.
The SAML SSO session data will be stored in the database and the ASP.NET session cookie will be used to provide the session ID which is used as the primary key into the database table.
Alternatively, please contact us to discuss upgrading to the latest release.

[quote]
ComponentSpace - 3/6/2019
In the product version you have we still use the ASP.NET session ID as the key into the SSO session store.
In later releases we use a separate cookie to provide the key so you don't have to enable ASP.NET sessions.
You could enable ASP.NET session cookies enabled.
The SAML SSO session data will be stored in the database and the ASP.NET session cookie will be used to provide the session ID which is used as the primary key into the database table.
Alternatively, please contact us to discuss upgrading to the latest release.

[/quote]

Thanks. What do I need to do to get the latest release? We are already using this on another regular site with sessions enabled and wanted to make sure it would not break anything there if we upgrade. Do I just replace the dll in my project?

You would need to rebuild with the new DLL.
There shouldn’t be any issues in upgrading.

[quote]
ComponentSpace - 3/6/2019
You would need to rebuild with the new DLL.
There shouldn't be any issues in upgrading.
[/quote]

Hi - I got the latest dll but still don't see any entries in the SQL database. Part of the code below:

string connString = ConfigurationManager.ConnectionStrings["DefaultConnection"].ToString();
SAMLController.SSOSessionStore = new DatabaseSSOSessionStore("System.Data.SqlClient", connString, "SAML_SSO_Sessions")
{
SessionIDDelegate = delegate()
{
return null;
}
};

Data from the Logs:


iisexpress.exe Information: 0 : DotNetOpenAuth.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=2780ccd10d57b246 (official)
iisexpress.exe Information: 0 : Reporting will use isolated storage with scope: User, Domain, Assembly
ComponentSpace.SAML2 Verbose: 0 : 6204/89: 3/25/2019 11:11:45 AM: ComponentSpace.SAML2, Version=3.2.0.0, Culture=neutral, PublicKeyToken=null, .NET v4.0 build, Licensed.
ComponentSpace.SAML2 Verbose: 0 : 6204/89: 3/25/2019 11:11:45 AM: CLR: 4.0.30319.42000, OS: Microsoft Windows NT 10.0.17134.0, Account: *****, Culture: English (United States)
ComponentSpace.SAML2 Verbose: 0 : 6204/89: 3/25/2019 11:11:45 AM: The database SSO session store provider name is System.Data.SqlClient, the connection string is ******** and the table name is SAML_SSO_Sessions.
ComponentSpace.SAML2 Verbose: 0 : 6204/89: 3/25/2019 11:11:45 AM: The SSO session store is DatabaseSSOSessionStore.
ComponentSpace.SAML2 Verbose: 0 : 6204/89: 3/25/2019 11:11:45 AM: Initializing the SAML environment.
ComponentSpace.SAML2 Verbose: 0 : 6204/89: 3/25/2019 11:11:45 AM: Loading the SAML configuration file C::test\saml.config.

omponentSpace.SAML2 Verbose: 0 : 6204/89: 3/25/2019 11:11:45 AM: The SAML configuration file has been successfully loaded.
ComponentSpace.SAML2 Verbose: 0 : 6204/89: 3/25/2019 11:11:45 AM: SAML configuration changes in the directory C:\inetpub\wwwroot\RC_Web-API\TORC_V2_Mobile_API are being monitored.
ComponentSpace.SAML2 Verbose: 0 : 6204/89: 3/25/2019 11:11:45 AM: The SAML environment has been successfuly initialized.
ComponentSpace.SAML2 Verbose: 0 : 6204/89: 3/25/2019 11:11:45 AM: The SAMLConfigurationState is being loaded from the database SSO session store.
ComponentSpace.SAML2 Verbose: 0 : 6204/89: 3/25/2019 11:11:45 AM: Database provider name: System.Data.SqlClient.
ComponentSpace.SAML2 Verbose: 0 : 6204/89: 3/25/2019 11:11:45 AM: Exception: ComponentSpace.SAML2.Exceptions.SAMLEnvironmentException: A unique SSO session ID is required.
ComponentSpace.SAML2 Verbose: 0 : 6204/89: 3/25/2019 11:11:45 AM: at ComponentSpace.SAML2.Data.AbstractSSOSessionStore.CreateSessionIDForType(Type type)

The error indicates that the SessionIDDelegate used by the DatabaseSSOSessionStore is returning null for the SSO session ID.
This session ID is used to uniquely identify each user’s session.
By default the SessionIDDelegates.GetSessionIDFromSAMLCookie returns the session ID from a SAML session cookie.
There’s also a SessionIDDelegates.GetSessionIDFromHttpSessionState which returns the session ID from the ASP.NET session.
And of course you can write your own custom delegate.
In your code above the SessionIDDelegate is returning null.
You need to either use of of our delegates or provide a complete implementation of your custom delegate.
I recommend using the default delegate.

[quote]
ComponentSpace - 3/25/2019
The error indicates that the SessionIDDelegate used by the DatabaseSSOSessionStore is returning null for the SSO session ID.
This session ID is used to uniquely identify each user's session.
By default the SessionIDDelegates.GetSessionIDFromSAMLCookie returns the session ID from a SAML session cookie.
There's also a SessionIDDelegates.GetSessionIDFromHttpSessionState which returns the session ID from the ASP.NET session.
And of course you can write your own custom delegate.
In your code above the SessionIDDelegate is returning null.
You need to either use of of our delegates or provide a complete implementation of your custom delegate.
I recommend using the default delegate.

[/quote]

Thanks for getting back. Could you provide some c# sample code to implement this? Like I mentioned earlier, I am not using ASP.NET session cookies. I was told that the newer version used a separate cookie to track the session ID. How do I do this?
Thanks.

That’s correct. Bu default, it uses a separate cookie.
Don’t specify a delegate and the separate cookie will be used.
SAMLController.SSOSessionStore = new DatabaseSSOSessionStore(“System.Data.SqlClient”, connString, “SAML_SSO_Sessions”);

[quote]
ComponentSpace - 3/25/2019
That's correct. Bu default, it uses a separate cookie.
Don't specify a delegate and the separate cookie will be used.
SAMLController.SSOSessionStore = new DatabaseSSOSessionStore("System.Data.SqlClient", connString, "SAML_SSO_Sessions");
[/quote]

I made the change and get this error in my code:

System.NullReferenceException: Object reference not set to an instance of an object.
at ComponentSpace.SAML2.Bindings.HTTPPostBinding.SendResponse(HttpResponse httpResponse, String targetURL, XmlElement samlMessage, String relayState)
at ComponentSpace.SAML2.InternalSAMLIdentityProvider.InitiateSSO(HttpResponse httpResponse, String userName, SAMLAttribute[] attributes, String authnContext, String relayState, String partnerSP, String assertionConsumerServiceUrl)
at ComponentSpace.SAML2.SAMLIdentityProvider.InitiateSSO(HttpResponse httpResponse, String userName, IDictionary attributes, String relayState, String partnerSP)

However I still don't see any entries in the database and no noticeable SQL errors in the logs. Are the session ID's automatically deleted from the database?

ComponentSpace.SAML2 Verbose: 0 : 7688/24: 3/25/2019 4:26:50 PM: The SAML configuration file has been successfully loaded.
ComponentSpace.SAML2 Verbose: 0 : 7688/24: 3/25/2019 4:26:50 PM: SAML configuration changes in the directory C:\Websites\RC-Mobile-API are being monitored.
ComponentSpace.SAML2 Verbose: 0 : 7688/24: 3/25/2019 4:26:50 PM: The SAML environment has been successfuly initialized.
ComponentSpace.SAML2 Verbose: 0 : 7688/24: 3/25/2019 4:26:50 PM: The SAMLConfigurationState is being loaded from the database SSO session store.
ComponentSpace.SAML2 Verbose: 0 : 7688/24: 3/25/2019 4:26:50 PM: Database provider name: System.Data.SqlClient.
ComponentSpace.SAML2 Verbose: 0 : 7688/24: 3/25/2019 4:26:50 PM: Database command: SELECT SessionObject FROM SAML_SSO_Sessions WHERE SessionID = @SessionID
ComponentSpace.SAML2 Verbose: 0 : 7688/24: 3/25/2019 4:26:50 PM: Database parameters:
SessionID=d3e4e15e-328c-44dc-b9de-e673bebef597:SAMLConfigurationState
ComponentSpace.SAML2 Verbose: 0 : 7688/24: 3/25/2019 4:26:50 PM: The IdentityProviderSession is being loaded from the database SSO session store.
ComponentSpace.SAML2 Verbose: 0 : 7688/24: 3/25/2019 4:26:50 PM: Database provider name: System.Data.SqlClient.
ComponentSpace.SAML2 Verbose: 0 : 7688/24: 3/25/2019 4:26:50 PM: Database command: SELECT SessionObject FROM SAML_SSO_Sessions WHERE SessionID = @SessionID
ComponentSpace.SAML2 Verbose: 0 : 7688/24: 3/25/2019 4:26:50 PM: Database parameters:
SessionID=d3e4e15e-328c-44dc-b9de-e673bebef597:IdentityProviderSession
ComponentSpace.SAML2 Verbose: 0 : 7688/24: 3/25/2019 4:26:50 PM: Initiating SSO to the partner service provider https://www.dotloop.saml.com.
ComponentSpace.SAML2 Verbose: 0 : 7688/24: 3/25/2019 4:26:50 PM: Identity provider session (d3e4e15e-328c-44dc-b9de-e673bebef597) state:
ComponentSpace.SAML2 Verbose: 0 : 7688/24: 3/25/2019 4:26:50 PM: The SAMLConfigurationState is being loaded from the database SSO session store.
ComponentSpace.SAML2 Verbose: 0 : 7688/24: 3/25/2019 4:26:50 PM: Database provider name: System.Data.SqlClient.
ComponentSpace.SAML2 Verbose: 0 : 7688/24: 3/25/2019 4:26:50 PM: Database command: SELECT SessionObject FROM SAML_SSO_Sessions WHERE SessionID = @SessionID
ComponentSpace.SAML2 Verbose: 0 : 7688/24: 3/25/2019 4:26:50 PM: Database parameters:
SessionID=d3e4e15e-328c-44dc-b9de-e673bebef597:SAMLConfigurationState
ComponentSpace.SAML2 Verbose: 0 : 7688/24: 3/25/2019 4:26:50 PM: The SAMLConfigurationState is being loaded from the database SSO session store.
ComponentSpace.SAML2 Verbose: 0 : 7688/24: 3/25/2019 4:26:50 PM: Database provider name: System.Data.SqlClient.
ComponentSpace.SAML2 Verbose: 0 : 7688/24: 3/25/2019 4:26:50 PM: Database command: SELECT SessionObject FROM SAML_SSO_Sessions WHERE SessionID = @SessionID
ComponentSpace.SAML2 Verbose: 0 : 7688/24: 3/25/2019 4:26:50 PM: Database parameters:
SessionID=d3e4e15e-328c-44dc-b9de-e673bebef597:SAMLConfigurationState
ComponentSpace.SAML2 Verbose: 0 : 7688/24: 3/25/2019 4:26:50 PM: XML signature generation was successful.

If the database is being updated you should see INSERT/UPDATE/DELETE entries in the SAML log file as well. All I see are SELECTs.
Was the NullReferenceException part of this log?
The log looks incomplete so perhaps the exception occurred without SAML SSO completing correctly and therefore the database wasn’t updated.
Please send the complete SAML log file as an email attachment to support@componentspace.com mentioning your forum post and I’ll take a closer look.

[quote]
ComponentSpace - 3/25/2019
If the database is being updated you should see INSERT/UPDATE/DELETE entries in the SAML log file as well. All I see are SELECTs.
Was the NullReferenceException part of this log?
The log looks incomplete so perhaps the exception occurred without SAML SSO completing correctly and therefore the database wasn't updated.
Please send the complete SAML log file as an email attachment to support@componentspace.com mentioning your forum post and I'll take a closer look.
[/quote]

Sorry. It was an issue on the front end. I think I got it to work. I see the data in the session table now.
Thank you so much for all your help!!

You’re welcome. Thanks for letting us know.