C# owin implementation

0
votes

I am implementing SP-initiated login for SAML authentication(with sustainsys saml library) with owin pipeline. I am facing an issue with receiving the saml response on the configured acs url. The saml response is received from IDP and user is successfully logged in, but when i try to read the saml response at the ACS url endpoint, that method is never hit in the debug flow.

I believe ACS endpoint is where the saml response will be sent back from idp(idp-browser and browser-acs endpoint), can someone point at the issue why saml response is received on the browser but not redirected to ACS URL.

Configured the ACS url on IDP and SP side. i can see the correct ACS url in Saml request.

Sustainsys.Saml2.Owin.Saml2AuthenticationMiddleware Verbose: 0 : Signature validation passed for Saml Response Microsoft.IdentityModel.Tokens.Saml2.Saml2Id Sustainsys.Saml2.Owin.Saml2AuthenticationMiddleware Verbose: 0 : Extracted SAML assertion <--Assertion_id--> Sustainsys.Saml2.Owin.Saml2AuthenticationMiddleware Information: 0 : Successfully processed SAML response Microsoft.IdentityModel.Tokens.Saml2.Saml2Id and authenticated <--User--> Application Insights Telemetry (unconfigured): ":,"ai.location.ip":"::1","ai.internal.sdkVersion"},"data":{"baseType":"RequestData","baseData":{"ver":2,"id":"|/WNNPHCMHVk=.56095c49_","name":"POST <--ACS URL- BASE URL-->","duration":"00:00:00.2807934","success":true,"responseCode":"303","url":"<--ACS URL-->","properties":{"DeveloperMode":"true","_MS.ProcessedByMetricExtractors":"(Name:'Requests', Ver:'1.0')"}}}}

2
sustainsys-saml2

2 Answers

0
votes

The ACS endpoint is implemented by the library. And as seen in your log, it is done successfully.

Then the library issues a login using the configured login scheme, which is normally the external cookie scheme (but can also be the application cookie scheme). It's probably something there that's not correctly configured in your code.

0
votes

I have set up the authentication type to ExternalCookie, it still doesn't reach my acs url with the saml response. POST request to acs url is returning with a 303 status code

In Startup

app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
 AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
 CookieSecure = CookieSecureOption.Always,
 ExpireTimeSpan = TimeSpan.FromMinutes(30),
 LoginPath = new PathString("/Account/SignIn"),
 SlidingExpiration = true,
});
 app.SetDefaultSignInAsAuthenticationType(DefaultAuthenticationTypes.ExternalCookie);
 app.UseSaml2Authentication(CreateSaml2Options());

public ActionResult ExternalLogin(string provider, string rURL, string uname)
{
 return new ChallengeResult(provider, 
                            Url.Action("ExternalLoginCallback",
                            "Account"), uname);
}

ACS ENDPOINT

[HttpPost]
public ActionResult Acs(string username, string samlResponse)
{
         ......
}

It will be very helpful if anyone can provide some input on this.