CODEWITHSUNDEEP
c#single-sign-onsaml
Nivas Pandian
Nivas Pandian

Reputation: 424

Failed to receive SAML response by HTTP post

In SSO Implementation, having validated the User, I created a SAMLResponse object and posted it to the Default Landing URL using IdentityProvider.SendSAMLResponseByHTTPPost() Method.

IdentityProvider.SendSAMLResponseByHTTPPost(Response, strAssertionConsumerServiceURL, samlResponseXml, relayState);

samlResponseXml - contains the SAML Request XML

On ServiceProvider.ReceiveSAMLResponseByHTTPPost() Method, I am getting the below Catch Exception.

Failed to receive SAML response by HTTP post

Both the Identity Provider and Service Provider are in same network domain.

Attached the logs for ComponentSpace.SAML2

ComponentSpace.SAML2 Verbose: 0 : 9:19:44 PM: Missing form variable SAMLResponse
ComponentSpace.SAML2 Verbose: 0 : 9:19:44 PM: Exception: ComponentSpace.SAML2.SAMLBindingException: The form is missing the variable SAMLResponse
ComponentSpace.SAML2 Verbose: 0 : 9:19:44 PM: Exception: ComponentSpace.SAML2.SAMLBindingException: Failed to receive response over HTTP POST. ---> ComponentSpace.SAML2.SAMLBindingException: The form is missing the variable SAMLResponse
   at ComponentSpace.SAML2.Bindings.HTTPPostBinding.GetFormVariables(HttpRequest httpRequest, String messageFormVariableName, XmlElement& samlMessage, String& relayState)
   at ComponentSpace.SAML2.Bindings.HTTPPostBinding.ReceiveResponse(HttpRequest httpRequest, XmlElement& samlMessage, String& relayState)
   --- End of inner exception stack trace ---

Upvotes: 0

Views: 8697

Answers (2)

Nivas Pandian
Nivas Pandian

Reputation: 424

After multiple attempts with Firebug Console and Fiddler2, it has been Identified that Http GET was invoked when I tried posting Data to AssertionConsumerServiceURL Page eventhough SendSAMLResponseByHTTPPost() and ReceiveSAMLResponseByHTTPPost() been used.

 string strAssertionConsumerServiceURL = "http://localhost:58986/AssertionInternal.aspx";

The Above AssertionConsumer Service url was being modified to as below,

 string strAssertionConsumerServiceURL = "http://localhost:58986/AssertionInternal";

With this URL, the SAML POST Data has been received successfully.

Specifying URL with .aspx extension invoked GET Verb in my application rather than POST Verb.

Upvotes: 1

winstonhong
winstonhong

Reputation: 1339

Issue:
(1) Failed to receive SAML response by HTTP post

(2) 

ComponentSpace.SAML2 Verbose: 0 : 9:19:44 PM: Missing form variable SAMLResponse
ComponentSpace.SAML2 Verbose: 0 : 9:19:44 PM: Exception: ComponentSpace.SAML2.SAMLBindingException: The form is missing the variable SAMLResponse

Resolution:

The log of SAML exception states that the form/format of SAML Response is incorrect.

Creating SAML Response for SSO provides the following sample code to demonstrate how to generate SAML Response using ComponentSpace libray.

        // Create a SAML response with the user's local identity.
        private SAMLResponse CreateSAMLResponse()
        {
            //Trace.Write("IdPreating SAML response");
           SAMLResponse samlResponse = new SAMLResponse();
            samlResponse.Destination = strAssertionConsumerServiceURL;
            Issuer issuer = new Issuer(CreateAbsoluteURL("~/"));
            samlResponse.Issuer = issuer;
            samlResponse.Status = new Status(SAMLIdentifiers.PrimaryStatusCodes.Success, null);
            SAMLAssertion samlAssertion = new SAMLAssertion();
            samlAssertion.Issuer = issuer;
            //Subject subject = new Subject(new NameID(User.Identity.Name));
            Subject subject = new Subject(new NameID());
            SubjectConfirmation subjectConfirmation = new SubjectConfirmation(SAMLIdentifiers.SubjectConfirmationMethods.Bearer);
            SubjectConfirmationData subjectConfirmationData = new SubjectConfirmationData();
            subjectConfirmationData.Recipient = strAssertionConsumerServiceURL;
            subjectConfirmation.SubjectConfirmationData = subjectConfirmationData;
            subject.SubjectConfirmations.Add(subjectConfirmation);
            samlAssertion.Subject = subject;
            samlAssertion.SetAttributeValue("MemberId", this.txtMemberId.Text);
            samlAssertion.SetAttributeValue("Name", this.txtName.Text);
            samlAssertion.SetAttributeValue("Phone", this.txtPhone.Text);
            AuthnStatement authnStatement = new AuthnStatement();
            authnStatement.AuthnContext = new AuthnContext();
            authnStatement.AuthnContext.AuthnContextClassRef = new AuthnContextClassRef(SAMLIdentifiers.AuthnContextClasses.Password);
            samlAssertion.Statements.Add(authnStatement);
           samlResponse.Assertions.Add(samlAssertion);
            return samlResponse;
        }
        // Send the SAML response to the SP.
        private void SendSAMLResponse(SAMLResponse samlResponse, string relayState)
        {
            // Serialize the SAML response for transmission.
            XmlElement samlResponseXml = samlResponse.ToXml();
            // Sign the SAML response.
           X509Certificate2 x509Certificate = (X509Certificate2)Application["IdPX509Certificate"];
            SAMLMessageSignature.Generate(samlResponseXml, x509Certificate.PrivateKey, x509Certificate);
          IdentityProvider.SendSAMLResponseByHTTPPost(Response, strAssertionConsumerServiceURL, samlResponseXml, relayState);
        }

Upvotes: 2

Related Questions