Hi
I have two sites
first a .NET site that the saml works just fine
and after first login everything OK …
second, I have an angular project that load before the login is accessing a web API to retrieve a data.
and I need the userName for that data
//
SAMLServiceProvider.ReceiveSSO(HttpContext.Current.Request, out isInResponseTo, out partnerIdP, out userName, out attributes, out targetUrl);
and getting this error
ComponentSpace.SAML2.Exceptions.SAMLEnvironmentException: ‘There is no HTTP session state as ASP.NET session cookies are not enabled.’
which I can understand cause there isn’t a session state in API
So, how can I get the user Name within the web API?
Our recommendation is to authenticate the user through SAML SSO as you are doing and to then create a JWT, based off information (eg user name) returned in the SAML assertion from the IdP, and to return this JWT to the Angular app. The JWT is included when calling the web API and is used for the authorization check.
[quote][/quote]
Our recommendation is to authenticate the user through SAML SSO as you are doing and to then create a JWT, based off information (eg user name) returned in the SAML assertion from the IdP, and to return this JWT to the Angular app. The JWT is included when calling the web API and is used for the authorization check.
OP's team member here,
as he mentioned, we cannot do the init on our web api code.
we tried these two ways:
SAMLServiceProvider.InitiateSSO(new HttpResponseWrapper(HttpContext.Current.Response), null, null);
SAMLServiceProvider.InitiateSSO(HttpContext.Current.Response, null, null);
and got this RUNTIME error:
'There is no HTTP session state as ASP.NET session cookies are not enabled.'
the next step is to do the receive sso itself but it also didnt work
SAMLServiceProvider.ReceiveSSO(HttpContext.Current.Request, out isInResponseTo, out partnerIdP, out userName, out attributes, out targetUrl);
we are using ComponentSpace.SAML2 version 2.6.0.15
thank you so much
To support the SAML protocol in the release you’re using, we maintain SAML session state in the ASP.NET session. The error you’re seeing results from ASP.NET sessions not being enabled for your web API.
Could you try enabling ASP.NET sessions?
In more recent releases we store the SAML session state using a separate SAML_SessionId cookie and don’t require ASP.NET sessions to be enabled. If this is preferable, you could download an evaluation version to see if it meets your requirements and, if so, upgrade to the latest release.
[quote][/quote]
To support the SAML protocol in the release you're using, we maintain SAML session state in the ASP.NET session. The error you’re seeing results from ASP.NET sessions not being enabled for your web API.
Could you try enabling ASP.NET sessions?
In more recent releases we store the SAML session state using a separate SAML_SessionId cookie and don’t require ASP.NET sessions to be enabled. If this is preferable, you could download an evaluation version to see if it meets your requirements and, if so, upgrade to the latest release.
Could you try enabling ASP.NET sessions?
In more recent releases we store the SAML session state using a separate SAML_SessionId cookie and don’t require ASP.NET sessions to be enabled. If this is preferable, you could download an evaluation version to see if it meets your requirements and, if so, upgrade to the latest release.
thanks,
I cant enable ASP.NET session.
where can i download the latest release?
You can download the 30 day evaluation version from our website.
If you have a current support subscription, please contact support@componentspace.com for the latest licensed release.
[quote][/quote]
thanks,You can download the 30 day evaluation version from our website.
If you have a current support subscription, please contact support@componentspace.com for the latest licensed release.
If you have a current support subscription, please contact support@componentspace.com for the latest licensed release.
which one is the one without the need to enable asp.net session?
Assuming your application is ASP.NET, you should download the SAML for ASP.NET evaluation.
[quote][/quote]
Hi,
I can't see anything remotely close to WebApi so I tried to work with the console application project.
in this project, there is an XML parsing.
I tried to mimic that behavior, but couldn't figure out where the data to this XML comes from?
also, do you have a working WebApi example ? it's all webform there.
thanks,
Tal
Just to confirm, are you wishing to participate in SAML SSO as a web API rather than a web forms or MVC application?
Remember that SAML SSO is a browser-based protocol. All messages between the identity provider and service provider sites are sent via the browser. Typically as part of SAML SSO, the identity provider will prompt the user to login. SAML SSO is not a web API call etc between two applications.
We don’t have any web API specific examples but if you have an Angular app and a web API back-end, the recommendation is to have a non-web API endpoint at the back-end app that the Angular app accesses via a browser HTTP Get to initiate SSO to the identity provider. Once SSO completes, return control back to the Angular app via an HTTP redirect. You can include an authentication cookie or JWT for the Angular app to present in subsequent authorized calls to the web API.
[quote][/quote]
Just to confirm, are you wishing to participate in SAML SSO as a web API rather than a web forms or MVC application?
Remember that SAML SSO is a browser-based protocol. All messages between the identity provider and service provider sites are sent via the browser. Typically as part of SAML SSO, the identity provider will prompt the user to login. SAML SSO is not a web API call etc between two applications.
We don't have any web API specific examples but if you have an Angular app and a web API back-end, the recommendation is to have a non-web API endpoint at the back-end app that the Angular app accesses via a browser HTTP Get to initiate SSO to the identity provider. Once SSO completes, return control back to the Angular app via an HTTP redirect. You can include an authentication cookie or JWT for the Angular app to present in subsequent authorized calls to the web API.
Remember that SAML SSO is a browser-based protocol. All messages between the identity provider and service provider sites are sent via the browser. Typically as part of SAML SSO, the identity provider will prompt the user to login. SAML SSO is not a web API call etc between two applications.
We don't have any web API specific examples but if you have an Angular app and a web API back-end, the recommendation is to have a non-web API endpoint at the back-end app that the Angular app accesses via a browser HTTP Get to initiate SSO to the identity provider. Once SSO completes, return control back to the Angular app via an HTTP redirect. You can include an authentication cookie or JWT for the Angular app to present in subsequent authorized calls to the web API.
ok, sounds great.
I'm using an angular based with webAPI
do you have any example for using an angular project ?
thank you!
I’m afraid not. This is on our to-do list. We do have an Angular example that’s included with our SAML for ASP.NET Core product but we haven’t as yet added an Angular example for the SAML for ASP.NET product. However, the approach would be the same in both cases and is as I described.
If you like, you’re welcome to contact support@componentspace.com mentioning your forum post and we’ll send you the Angular example from our ASP.NET Core product. This should help in explaining the approach we recommend.