Reputation: 41
.Net Framework - Sustainsys not launching call to IDP
I have an old .Net Framework 4.7.2 application which is using Sustainsys and Sustainsys.Saml.Mvc (version 2.9.2) to perform authentication via SAML.
The configuration is set in the web.config, following the instructions outlined in the documentation: https://saml2.sustainsys.com/en/v2/configuration.html
When I deploy the application to my test environment it works great. It authenticates with the IDP using SAML and goes on.
When I deploy the application to my production environment, the application does not throw any errors, but it also does not attempt to call the IDP via SAML. What I mean by this is that there is never any HTTP call to the IDP with the SAML request like I would expect. Instead it goes straight into another block of code where it tries to check the Claims on the Claims Principal and promptly errors because there are not any claims.
If I run the application locally, it also attempts to make the call to the IDP using SAML.
I've done a diff of the web.config for the test environment vs the transformed web.config for production. and I was unable to find anything unusual.
It feels to me like something is going wrong in the production environment that is preventing the Sustainsys code from being added to the middleware/pipeline, but that is just a suspicion.
I've been trying to look around in IIS to see if there might be something misconfigured on production that is causing the issue, but I haven't see anything yet.
Does anyone have any ideas or suggestions as to what might be causing the issue?
Upvotes: 0
Views: 56
Answers (1)
Reputation: 41
I was able to fix the issue. I don't know why this fixed it, but it did.
First I downgraded the following packages from 7.6.0 to 7.0.2:
- Microsoft.IdentityModel.Tokens
- Microsoft.IdentityModel.Abstractions
- Microsoft.IdentityModel.JsonWebTokens
- Microsoft.IdentityModel.Logging
That did not solve the issue on its own, but it is one action I took.
The key that seemed to solve it is that I removed the X-Frame-Options option from the web.config
<!-- Removed this -->
<add name="X-Frame-Options" value="SAMEORIGIN" />
The X-Frame-Options tag was in
<system.webServer>
<httpProtocol>
<!-- It was here -->
</httpProtocol>
</system.webServer>
inside the web.config.
Taking those two actions made the site start and authenticate with SustainSys as expected.
Upvotes: 0
Related Questions
- Using different Web.config in development and production environment
- Web Application Problems (web.config errors) HTTP 500.19 with IIS7.5 and ASP.NET v2
- How is Math.Pow() implemented in .NET Framework?
- GetExternalLoginInfoAsync always returns null when using Okta for authentication
- Sustainsys SAML2 Sample for ASP.NET Core WebAPI without Identity
- Can we get the attributes sent by IDP after sending to saml2/ACS in SP return url?
- Implement SP initiated scenario using SAML2 library
- Can I limit the amount of claims received in my SP?
- Extract Sustainsys SAML 2.0 Assertion
- Federate .NET MVC application with SAML using Sustainsys / Saml2