We are using the componentspace library to act as an IDP. We are integrating SSO with an SP (Freshdesk). When Freshdesk (SP) sends the authn request to the IDP, it’s delivered as HTTP-Redirect. However, when we turn on the logging, we get the following error (below). It seems the SAMLRequest is dropped or missing somewhere between the SP and IDP. Why would this happen? Is there anything that can be done to figure where the SAMLRequest gets dropped? Please advise. Thanks
ComponentSpace.SAML2 Verbose: 0 : 8:20:03 PM: Parsing HTTP redirect URL: /SAML/SSOService/1246
ComponentSpace.SAML2 Verbose: 0 : 8:20:03 PM: Exception: ComponentSpace.SAML2.Exceptions.SAMLBindingException: The query string is missing SAMLRequest
ComponentSpace.SAML2 Verbose: 0 : 8:20:03 PM: Exception: ComponentSpace.SAML2.Exceptions.SAMLBindingException: Failed to receive request over HTTP Redirect. —> ComponentSpace.SAML2.Exceptions.SAMLBindingException: The query string is missing SAMLRequest
at ComponentSpace.SAML2.Bindings.HTTPRedirectBinding.ParseQueryString(String redirectURL, String messageQueryName, XmlElement& samlMessage, String& relayState, String& signatureAlgorithm, String& signature)
at ComponentSpace.SAML2.Bindings.HTTPRedirectBinding.ReceiveRequest(HttpRequest httpRequest, XmlElement& samlMessage, String& relayState, String& signatureAlgorithm, String& signature)
— End of inner exception stack trace —
ComponentSpace.SAML2 Verbose: 0 : 8:20:03 PM: Exception: ComponentSpace.SAML2.Exceptions.SAMLProfileException: Failed to receive authentication request by HTTP redirect —> ComponentSpace.SAML2.Exceptions.SAMLBindingException: Failed to receive request over HTTP Redirect. —> ComponentSpace.SAML2.Exceptions.SAMLBindingException: The query string is missing SAMLRequest
at ComponentSpace.SAML2.Bindings.HTTPRedirectBinding.ParseQueryString(String redirectURL, String messageQueryName, XmlElement& samlMessage, String& relayState, String& signatureAlgorithm, String& signature)
at ComponentSpace.SAML2.Bindings.HTTPRedirectBinding.ReceiveRequest(HttpRequest httpRequest, XmlElement& samlMessage, String& relayState, String& signatureAlgorithm, String& signature)
— End of inner exception stack trace —
at ComponentSpace.SAML2.Bindings.HTTPRedirectBinding.ReceiveRequest(HttpRequest httpRequest, XmlElement& samlMessage, String& relayState, String& signatureAlgorithm, String& signature)
at ComponentSpace.SAML2.Bindings.HTTPRedirectBinding.ReceiveRequest(HttpRequest httpRequest, XmlElement& samlMessage, String& relayState, Boolean& signed, AsymmetricAlgorithm key)
at ComponentSpace.SAML2.Profiles.SSOBrowser.IdentityProvider.ReceiveAuthnRequestByHTTPRedirect(HttpRequest httpRequest, XmlElement& authnRequest, String& relayState, Boolean& signed, AsymmetricAlgorithm key)
— End of inner exception stack trace —
We don’t drop the query string parameter or modify the HTTP request in any way.
If the SAMLRequest query string parameter is being sent by the SP but not received by the IdP then something else must be removing it.
Could you please send the full SAML log file as an email attachment to support@componentspace.com?
Also, please use Fiddler to capture the HTTP traffic and include the .saz file as an email attachment.
If the SAMLRequest query string parameter is being sent by the SP but not received by the IdP then something else must be removing it.
Could you please send the full SAML log file as an email attachment to support@componentspace.com?
Also, please use Fiddler to capture the HTTP traffic and include the .saz file as an email attachment.
We are running into the same issue. Please see my SAML log.
ComponentSpace.SAML2 Verbose: 0 : 14448/28: 2/12/2020 11:24:29 AM: ComponentSpace.SAML2, Version=4.0.0.0, Culture=neutral, PublicKeyToken=16647a1283418145, .NET v4.6.2 build, Licensed.ComponentSpace.SAML2 Verbose: 0 : 14448/28: 2/12/2020 11:24:29 AM: CLR: 4.0.30319.42000, OS: Microsoft Windows NT 10.0.18362.0, Account: IIS APPPOOL\ezpaygov, Culture: English (United States)ComponentSpace.SAML2 Verbose: 0 : 14448/28: 2/12/2020 11:24:29 AM: The configuration ID for the session (632a2864-ed8f-486a-85a7-e14ff5c1d721) is CityOfAbc.ComponentSpace.SAML2 Verbose: 0 : 14448/28: 2/12/2020 11:24:29 AM: The database SSO session store provider name is System.Data.SqlClient, the connection string is ******** and the table name is SSOSessions.ComponentSpace.SAML2 Verbose: 0 : 14448/28: 2/12/2020 11:24:29 AM: The ISSOSessionStore is being loaded from the database SSO session store.ComponentSpace.SAML2 Verbose: 0 : 14448/28: 2/12/2020 11:24:29 AM: Database provider name: System.Data.SqlClient.ComponentSpace.SAML2 Verbose: 0 : 14448/28: 2/12/2020 11:24:30 AM: Database command: SELECT SessionObject FROM SSOSessions WHERE SessionID = @SessionIDComponentSpace.SAML2 Verbose: 0 : 14448/28: 2/12/2020 11:24:30 AM: Database parameters:SessionID=632a2864-ed8f-486a-85a7-e14ff5c1d721:ISSOSessionStoreComponentSpace.SAML2 Verbose: 0 : 14448/28: 2/12/2020 11:24:30 AM: Initializing the SAML environment.ComponentSpace.SAML2 Verbose: 0 : 14448/28: 2/12/2020 11:24:30 AM: The SAML environment has been successfully initialized.ComponentSpace.SAML2 Verbose: 0 : 14448/28: 2/12/2020 11:24:30 AM: Receiving an SSO request from a partner service provider.ComponentSpace.SAML2 Verbose: 0 : 14448/28: 2/12/2020 11:24:30 AM: Identity provider session (632a2864-ed8f-486a-85a7-e14ff5c1d721) state:ComponentSpace.SAML2 Verbose: 0 : 14448/28: 2/12/2020 11:24:30 AM: Receiving request over HTTP Redirect.ComponentSpace.SAML2 Verbose: 0 : 14448/28: 2/12/2020 11:24:30 AM: HTTP request:GET /idpssoservice.aspx?connection=CityOfAbc&SAMLRequest=fVJdb5swFP0ryO98JjSrFVJR0mlITYKAdlJfJmNMa83YzNd0SX%2F9HNi69qF9Pb7nnnPu8RpILwacjuZJluzXyMA4%2BTZBPzoa0y6MI%2FeSdKG7JF9W7uViGbmMNPEiJhZddMi5Zxq4kgmKvAA5OcDIcgmGSGOhIArcIHLDqA4vcBTgZeCtgtUDcrZWhUtiJuaTMQNg36fcnFRHGuoZ%2B%2ByxF3cgJ48rn7cDgAKmnzllHoHheEWVlIxO%2FMzSDl3aUOR8VZqyKUmCOiKAnR0VBIA%2Fs1ek0MooqsQ1ly2XjwkatcSKAAcsSc8AG4qrdHeLbSLczEOAv9V14RaHqkZOCtbKWTpTEsae6Wp2dlfe%2Fg%2FDW3WEOcjPsdHEo6r3%2BaC0IcL%2FaMOc7ZoLwXTeJruLVVM%2BxNW2RM6xFxLw1NXnjoe%2F8dBmfZ7GUyX6Df9zOvlnDW3uyj3ODrvisL%2FZ11WRZjf49dbfiWF67b9RmOUGvLcr822hBKencyE9MR8rhl44Ibx1u2kUjxIGRnnHWWsvLYT6nWlmxRJk9Gjb8zez6vsfu%2FkD&RelayState=CityOfAbcWater&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=nGk9asFoWfrlRkNZ6fxfPeF0PyCQkJ%2FfojVBN%2By7XdBtNtiFiv%2BbKPJ2lF2Qmry0cK94HN6EDlGNPa9%2FY%2Bmc%2FAFxVXGr%2FcoAZXohtWnLVkNALN24txTCukQxdYhIlefwoMic6sJBvZG9Gy5vrhhRWd9GepRhHPOsM1gU%2Fu1r6CoXavHW0%2BJuv3VF4f4g1f8nLrKB43OxJ23HurcH9TbScNiDHfJsBp0PehKQaY%2FDMMLj4njFBV7O5jzVuh9U8uf4KqsFRhkYnkBJwLs3YAQXTygXzOO6wOa%2Bg8NgwmFNf9MJglX01jNT%2Fad%2FHkSJAYH9SmV2Yf6McQI%2B78QJhVvAiw%3D%3D HTTP/1.1Cache-Control: max-age=0Connection: closeAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Encoding: gzip, deflate, brAccept-Language: en-CA,en-US;q=0.9,en;q=0.8,de;q=0.7Cookie: ai_user=mQSGm|2020-02-04T17:33:11.570Z; SAML_SessionId=632a2864-ed8f-486a-85a7-e14ff5c1d721; __AntiXsrfToken=24ff67654b3b4146845c950121b9a332; biller=cityofabc.test.ez-pay.io; SupportCookies=True; EZ-PAY_sessionid=weox4335wa4zmsljk5cn0l11; EZ-PAY=18DE48D74D3358A1CEBA936098475D0F587D7D2D0E5972E1BB8150A64B918DCFD4B52F3EA1C41452140EB8BEECA694B21606B4E4567D09593F8DA344495C672E07DC1338C7A95A6FFF41A247AF99205B4D5C65654451064C94EA5E2B1BD0DDE5F49D130B98D5A87A8A7E883F3D7EB5A60E0E45AE6C9E13E4417D3093768F44E624DC7CB0B174B656949BAD1FDBB6A531EB94CA419C6A4F4206F2BAA0694D8C87ACC519671A751D28C9D5C2E4A93678FE63EEEA8D72204808B9DBDCCA6941ABB1245EED4DF5594C4A71495F6FE63EC768D9D22E40; EZ-PAY_Data=ID=XU2aiQL1OdGVUOhKimQyoVYqJFRgUTabelKOrqnTOLloRaVF8s08UTWKfSOmvxxfHost: cityofabc.test.ez-pay.ioReferer: https://idoxs.test.kubra.com/iportal/?BillerId=M67bRZ5SDRUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36upgrade-insecure-requests: 1sec-fetch-dest: documentsec-fetch-site: cross-sitesec-fetch-mode: navigatesec-fetch-user: ?1
ComponentSpace.SAML2 Verbose: 0 : 14448/28: 2/12/2020 11:24:30 AM: Parsing HTTP redirect URL: /idpssoservice.aspx?connection=CityOfAbc&SAMLRequest=fVJdb5swFP0ryO98JjSrFVJR0mlITYKAdlJfJmNMa83YzNd0SX%2F9HNi69qF9Pb7nnnPu8RpILwacjuZJluzXyMA4%2BTZBPzoa0y6MI%2FeSdKG7JF9W7uViGbmMNPEiJhZddMi5Zxq4kgmKvAA5OcDIcgmGSGOhIArcIHLDqA4vcBTgZeCtgtUDcrZWhUtiJuaTMQNg36fcnFRHGuoZ%2B%2ByxF3cgJ48rn7cDgAKmnzllHoHheEWVlIxO%2FMzSDl3aUOR8VZqyKUmCOiKAnR0VBIA%2Fs1ek0MooqsQ1ly2XjwkatcSKAAcsSc8AG4qrdHeLbSLczEOAv9V14RaHqkZOCtbKWTpTEsae6Wp2dlfe%2Fg%2FDW3WEOcjPsdHEo6r3%2BaC0IcL%2FaMOc7ZoLwXTeJruLVVM%2BxNW2RM6xFxLw1NXnjoe%2F8dBmfZ7GUyX6Df9zOvlnDW3uyj3ODrvisL%2FZ11WRZjf49dbfiWF67b9RmOUGvLcr822hBKencyE9MR8rhl44Ibx1u2kUjxIGRnnHWWsvLYT6nWlmxRJk9Gjb8zez6vsfu%2FkD&RelayState=CityOfAbcWater&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=nGk9asFoWfrlRkNZ6fxfPeF0PyCQkJ%2FfojVBN%2By7XdBtNtiFiv%2BbKPJ2lF2Qmry0cK94HN6EDlGNPa9%2FY%2Bmc%2FAFxVXGr%2FcoAZXohtWnLVkNALN24txTCukQxdYhIlefwoMic6sJBvZG9Gy5vrhhRWd9GepRhHPOsM1gU%2Fu1r6CoXavHW0%2BJuv3VF4f4g1f8nLrKB43OxJ23HurcH9TbScNiDHfJsBp0PehKQaY%2FDMMLj4njFBV7O5jzVuh9U8uf4KqsFRhkYnkBJwLs3YAQXTygXzOO6wOa%2Bg8NgwmFNf9MJglX01jNT%2Fad%2FHkSJAYH9SmV2Yf6McQI%2B78QJhVvAiw%3D%3DComponentSpace.SAML2 Verbose: 0 : 14448/28: 2/12/2020 11:24:30 AM: Decoding SAML message: fVJdb5swFP0ryO98JjSrFVJR0mlITYKAdlJfJmNMa83YzNd0SX/9HNi69qF9Pb7nnnPu8RpILwacjuZJluzXyMA4+TZBPzoa0y6MI/eSdKG7JF9W7uViGbmMNPEiJhZddMi5Zxq4kgmKvAA5OcDIcgmGSGOhIArcIHLDqA4vcBTgZeCtgtUDcrZWhUtiJuaTMQNg36fcnFRHGuoZ++yxF3cgJ48rn7cDgAKmnzllHoHheEWVlIxO/MzSDl3aUOR8VZqyKUmCOiKAnR0VBIA/s1ek0MooqsQ1ly2XjwkatcSKAAcsSc8AG4qrdHeLbSLczEOAv9V14RaHqkZOCtbKWTpTEsae6Wp2dlfe/g/DW3WEOcjPsdHEo6r3+aC0IcL/aMOc7ZoLwXTeJruLVVM+xNW2RM6xFxLw1NXnjoe/8dBmfZ7GUyX6Df9zOvlnDW3uyj3ODrvisL/Z11WRZjf49dbfiWF67b9RmOUGvLcr822hBKencyE9MR8rhl44Ibx1u2kUjxIGRnnHWWsvLYT6nWlmxRJk9Gjb8zez6vsfu/kDComponentSpace.SAML2 Verbose: 0 : 14448/28: 2/12/2020 11:24:30 AM: Decoded SAML message: URN:COMPONENTSPACE:CityOfAbcWaterComponentSpace.SAML2 Verbose: 0 : 14448/28: 2/12/2020 11:24:30 AM: Relay state: CityOfAbcWaterComponentSpace.SAML2 Verbose: 0 : 14448/28: 2/12/2020 11:24:30 AM: Signature algorithm: http://www.w3.org/2001/04/xmldsig-more#rsa-sha256ComponentSpace.SAML2 Verbose: 0 : 14448/28: 2/12/2020 11:24:30 AM: Signature: nGk9asFoWfrlRkNZ6fxfPeF0PyCQkJ/fojVBN+y7XdBtNtiFiv+bKPJ2lF2Qmry0cK94HN6EDlGNPa9/Y+mc/AFxVXGr/coAZXohtWnLVkNALN24txTCukQxdYhIlefwoMic6sJBvZG9Gy5vrhhRWd9GepRhHPOsM1gU/u1r6CoXavHW0+Juv3VF4f4g1f8nLrKB43OxJ23HurcH9TbScNiDHfJsBp0PehKQaY/DMMLj4njFBV7O5jzVuh9U8uf4KqsFRhkYnkBJwLs3YAQXTygXzOO6wOa+g8NgwmFNf9MJglX01jNT/ad/HkSJAYH9SmV2Yf6McQI+78QJhVvAiw==ComponentSpace.SAML2 Verbose: 0 : 14448/28: 2/12/2020 11:24:30 AM: Received request over HTTP Redirect, samlMessage=URN:COMPONENTSPACE:CityOfAbcWater, relayState=CityOfAbcWater, signatureAlgorithm=http://www.w3.org/2001/04/xmldsig-more#rsa-sha256, signature=nGk9asFoWfrlRkNZ6fxfPeF0PyCQkJ/fojVBN+y7XdBtNtiFiv+bKPJ2lF2Qmry0cK94HN6EDlGNPa9/Y+mc/AFxVXGr/coAZXohtWnLVkNALN24txTCukQxdYhIlefwoMic6sJBvZG9Gy5vrhhRWd9GepRhHPOsM1gU/u1r6CoXavHW0+Juv3VF4f4g1f8nLrKB43OxJ23HurcH9TbScNiDHfJsBp0PehKQaY/DMMLj4njFBV7O5jzVuh9U8uf4KqsFRhkYnkBJwLs3YAQXTygXzOO6wOa+g8NgwmFNf9MJglX01jNT/ad/HkSJAYH9SmV2Yf6McQI+78QJhVvAiw==ComponentSpace.SAML2 Verbose: 0 : 14448/28: 2/12/2020 11:24:30 AM: SAML message received: partner=URN:COMPONENTSPACE:CityOfAbcWater, message=URN:COMPONENTSPACE:CityOfAbcWater, relay state=CityOfAbcWaterComponentSpace.SAML2 Verbose: 0 : 14448/28: 2/12/2020 11:24:30 AM: Identity provider session (632a2864-ed8f-486a-85a7-e14ff5c1d721) state:Pending response state:Action: SendSamlResponsePartner name: URN:COMPONENTSPACE:CityOfAbcWaterRelay state: CityOfAbcWaterIn response to: _fc5cf152-9af1-4a87-9342-eab535a9af3fAssertion consumer service URL: https://idoxs.test.kubra.com/iportal/AssertionConsumerService.aspx?BillerId=M67bRZ5SDR">https://cityofabc.test.ez-pay.io/idpssoservice.aspx?connection=CityOfAbc" ForceAuthn="false" IsPassive="false" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" AssertionConsumerServiceURL="https://idoxs.test.kubra.com/iportal/AssertionConsumerService.aspx?BillerId=M67bRZ5SDR" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">URN:COMPONENTSPACE:CityOfAbcWaterComponentSpace.SAML2 Verbose: 0 : 14448/28: 2/12/2020 11:24:30 AM: Relay state: CityOfAbcWaterComponentSpace.SAML2 Verbose: 0 : 14448/28: 2/12/2020 11:24:30 AM: Signature algorithm: http://www.w3.org/2001/04/xmldsig-more#rsa-sha256ComponentSpace.SAML2 Verbose: 0 : 14448/28: 2/12/2020 11:24:30 AM: Signature: nGk9asFoWfrlRkNZ6fxfPeF0PyCQkJ/fojVBN+y7XdBtNtiFiv+bKPJ2lF2Qmry0cK94HN6EDlGNPa9/Y+mc/AFxVXGr/coAZXohtWnLVkNALN24txTCukQxdYhIlefwoMic6sJBvZG9Gy5vrhhRWd9GepRhHPOsM1gU/u1r6CoXavHW0+Juv3VF4f4g1f8nLrKB43OxJ23HurcH9TbScNiDHfJsBp0PehKQaY/DMMLj4njFBV7O5jzVuh9U8uf4KqsFRhkYnkBJwLs3YAQXTygXzOO6wOa+g8NgwmFNf9MJglX01jNT/ad/HkSJAYH9SmV2Yf6McQI+78QJhVvAiw==ComponentSpace.SAML2 Verbose: 0 : 14448/28: 2/12/2020 11:24:30 AM: Received request over HTTP Redirect, samlMessage=URN:COMPONENTSPACE:CityOfAbcWater, relayState=CityOfAbcWater, signatureAlgorithm=http://www.w3.org/2001/04/xmldsig-more#rsa-sha256, signature=nGk9asFoWfrlRkNZ6fxfPeF0PyCQkJ/fojVBN+y7XdBtNtiFiv+bKPJ2lF2Qmry0cK94HN6EDlGNPa9/Y+mc/AFxVXGr/coAZXohtWnLVkNALN24txTCukQxdYhIlefwoMic6sJBvZG9Gy5vrhhRWd9GepRhHPOsM1gU/u1r6CoXavHW0+Juv3VF4f4g1f8nLrKB43OxJ23HurcH9TbScNiDHfJsBp0PehKQaY/DMMLj4njFBV7O5jzVuh9U8uf4KqsFRhkYnkBJwLs3YAQXTygXzOO6wOa+g8NgwmFNf9MJglX01jNT/ad/HkSJAYH9SmV2Yf6McQI+78QJhVvAiw==ComponentSpace.SAML2 Verbose: 0 : 14448/28: 2/12/2020 11:24:30 AM: SAML message received: partner=URN:COMPONENTSPACE:CityOfAbcWater, message=URN:COMPONENTSPACE:CityOfAbcWater, relay state=CityOfAbcWaterComponentSpace.SAML2 Verbose: 0 : 14448/28: 2/12/2020 11:24:30 AM: Identity provider session (632a2864-ed8f-486a-85a7-e14ff5c1d721) state:Pending response state:Action: SendSamlResponsePartner name: URN:COMPONENTSPACE:CityOfAbcWaterRelay state: CityOfAbcWaterIn response to: _fc5cf152-9af1-4a87-9342-eab535a9af3fAssertion consumer service URL: https://idoxs.test.kubra.com/iportal/AssertionConsumerService.aspx?BillerId=M67bRZ5SDR
ComponentSpace.SAML2 Verbose: 0 : 14448/28: 2/12/2020 11:24:30 AM: An SSO request from the partner service provider URN:COMPONENTSPACE:CityOfAbcWater has been successfully received.ComponentSpace.SAML2 Verbose: 0 : 14448/31: 2/12/2020 11:24:40 AM: The configuration ID for the session (632a2864-ed8f-486a-85a7-e14ff5c1d721) is CityOfAbc.ComponentSpace.SAML2 Verbose: 0 : 14448/28: 2/12/2020 11:24:56 AM: The configuration ID for the session (632a2864-ed8f-486a-85a7-e14ff5c1d721) is CityOfAbc.ComponentSpace.SAML2 Verbose: 0 : 14448/28: 2/12/2020 11:24:56 AM: The database SSO session store provider name is System.Data.SqlClient, the connection string is ******** and the table name is SSOSessions.ComponentSpace.SAML2 Verbose: 0 : 14448/28: 2/12/2020 11:24:56 AM: The ISSOSessionStore is being loaded from the database SSO session store.ComponentSpace.SAML2 Verbose: 0 : 14448/28: 2/12/2020 11:24:56 AM: Database provider name: System.Data.SqlClient.ComponentSpace.SAML2 Verbose: 0 : 14448/28: 2/12/2020 11:24:56 AM: Database command: SELECT SessionObject FROM SSOSessions WHERE SessionID = @SessionIDComponentSpace.SAML2 Verbose: 0 : 14448/28: 2/12/2020 11:24:56 AM: Database parameters:SessionID=632a2864-ed8f-486a-85a7-e14ff5c1d721:ISSOSessionStoreComponentSpace.SAML2 Verbose: 0 : 14448/28: 2/12/2020 11:24:56 AM: Receiving an SSO request from a partner service provider.ComponentSpace.SAML2 Verbose: 0 : 14448/28: 2/12/2020 11:24:56 AM: Identity provider session (632a2864-ed8f-486a-85a7-e14ff5c1d721) state:Pending response state:Action: SendSamlResponsePartner name: URN:COMPONENTSPACE:CityOfAbcWaterRelay state: CityOfAbcWaterIn response to: _fc5cf152-9af1-4a87-9342-eab535a9af3fAssertion consumer service URL: https://idoxs.test.kubra.com/iportal/AssertionConsumerService.aspx?BillerId=M67bRZ5SDR
ComponentSpace.SAML2 Verbose: 0 : 14448/28: 2/12/2020 11:24:56 AM: Receiving request over HTTP Redirect.ComponentSpace.SAML2 Verbose: 0 : 14448/28: 2/12/2020 11:24:56 AM: HTTP request:GET /IdpSsoService.aspx?connection=CityOfAbc&RelayState=CityOfAbcWater HTTP/1.1Cache-Control: max-age=0Connection: closeAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Encoding: gzip, deflate, brAccept-Language: en-CA,en-US;q=0.9,en;q=0.8,de;q=0.7Cookie: ai_user=mQSGm|2020-02-04T17:33:11.570Z; SAML_SessionId=632a2864-ed8f-486a-85a7-e14ff5c1d721; __AntiXsrfToken=24ff67654b3b4146845c950121b9a332; biller=cityofabc.test.ez-pay.io; SupportCookies=True; EZ-PAY_sessionid=q55t20sqwuexf55wexuvn5cn; EZ-PAY=870AD59FC5FD5321E94180606EF709B1944C87F4A99B1C92449B7D38DBF5DE505C781615304788A341598412A3C16E9CA78102FA7834C1F0F4E2BDEE7AA57DBD1264AFC98E36AB253914568F0EE6A7506BF675F10740BB211AF5FEDB7594E923B74730644DF5D22171160EF63E18122AA8D8859DE82A7F8148FEF37672DB143C6B017E12AF74C0A8A37363A38E274525D23A745416802352537E6314232F969AFF8E944AA6A818518E11C6E535F05A417AF55ED33A92A12DE86A41E86ED71A15B181C404A598EA2F4B14EBBA9D984D5F42BAAD59; EZ-PAY_Data=ID=IPmSA6im2MN7W1FjnftUKkgJ80mxMFQFzjKhB4hg6FOWXkFho2MBD1SdBIQLoSeI; ai_session=hy9H6|1581524672717|1581524681458.325Host: cityofabc.test.ez-pay.ioReferer: https://cityofabc.test.ez-pay.io/SignInSecretQuestion.aspx?connection=CityOfAbc&RelayState=CityOfAbcWaterUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36upgrade-insecure-requests: 1sec-fetch-dest: documentsec-fetch-site: same-originsec-fetch-mode: navigatesec-fetch-user: ?1
ComponentSpace.SAML2 Verbose: 0 : 14448/28: 2/12/2020 11:24:56 AM: Parsing HTTP redirect URL: /IdpSsoService.aspx?connection=CityOfAbc&RelayState=CityOfAbcWaterComponentSpace.SAML2 Verbose: 0 : 14448/28: 2/12/2020 11:24:56 AM: Exception: ComponentSpace.SAML2.Exceptions.SAMLBindingException: The query string is missing SAMLRequestComponentSpace.SAML2 Verbose: 0 : 14448/28: 2/12/2020 11:24:56 AM: at ComponentSpace.SAML2.Bindings.HTTPRedirectBinding.ParseQueryString(String redirectURL, String messageQueryName, XmlElement& samlMessage, String& relayState, String& signatureAlgorithm, String& signature) at ComponentSpace.SAML2.Bindings.HTTPRedirectBinding.ReceiveRequest(HttpRequest httpRequest, XmlElement& samlMessage, String& relayState, String& signatureAlgorithm, String& signature) at ComponentSpace.SAML2.InternalSAMLIdentityProvider.ReceiveAuthnRequest(HttpRequest httpRequest, XmlElement& authnRequestElement, String& relayState, String& signatureAlgorithm, String& signature, String& binding) at ComponentSpace.SAML2.InternalSAMLIdentityProvider.ReceiveSSO(HttpRequest httpRequest, String& partnerSP, SSOOptions& ssoOptions) at ComponentSpace.SAML2.SAMLIdentityProvider.ReceiveSSO(HttpRequest httpRequest, String& partnerSP) at ezpaygov.SAML.IDP.IdpSsoService.ProcessRequest(HttpContext context) in C:\Dev\ezpaygov\ezpaygov\SAML\IDP\IdpSsoService.cs:line 55 at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() at System.Web.HttpApplication.<>c__DisplayClass285_0.b__0() at System.Web.HttpApplication.StepInvoker.Invoke(Action executionStep) at System.Web.HttpApplication.StepInvoker.<>c__DisplayClass4_0.b__0() at Microsoft.AspNet.TelemetryCorrelation.TelemetryCorrelationHttpModule.OnExecuteRequestStep(HttpContextBase context, Action step) at System.Web.HttpApplication.<>c__DisplayClass284_0.b__0(Action nextStepAction) at System.Web.HttpApplication.StepInvoker.Invoke(Action executionStep) at System.Web.HttpApplication.ExecuteStepImpl(IExecutionStep step) at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) at System.Web.HttpApplication.PipelineStepManager.ResumeSteps(Exception error) at System.Web.HttpApplication.BeginProcessRequestNotification(HttpContext context, AsyncCallback cb) at System.Web.HttpRuntime.ProcessRequestNotificationPrivate(IIS7WorkerRequest wr, HttpContext context) at System.Web.Hosting.PipelineRuntime.ProcessRequestNotificationHelper(IntPtr rootedObjectsPointer, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags) at System.Web.Hosting.PipelineRuntime.ProcessRequestNotification(IntPtr rootedObjectsPointer, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags) at System.Web.Hosting.UnsafeIISMethods.MgdIndicateCompletion(IntPtr pHandler, RequestNotificationStatus& notificationStatus) at System.Web.Hosting.PipelineRuntime.ProcessRequestNotificationHelper(IntPtr rootedObjectsPointer, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags) at System.Web.Hosting.PipelineRuntime.ProcessRequestNotification(IntPtr rootedObjectsPointer, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags)
Thank you for the log. It shows two HTTP Get requests being received.
The first request’s path and query string parameters are: /idpssoservice.aspx?connection=CityOfAbc&SAMLRequest=fVJdb5…
This correctly includes the SAMLRequest query string parameter.
The second request’s path and query string parameters are: /IdpSsoService.aspx?connection=CityOfAbc&RelayState=CityOfAbcWater
No SAMLRequest query string parameter is included.
I suggest using the browser developer tools or Fiddler to capture the network traffic to see why there’s an HTTP Get to /IdpSsoService.aspx without a SAMLRequest query string parameter.