.NetCore code with sustainsys-saml2 does nothing

up vote
0
down vote

favorite

I have an .Net MVC project with SSO working. The SSO config looks like this:

    <system.identityModel>

    <identityConfiguration saveBootstrapContext="true">

      <caches>

        <sessionSecurityTokenCache type="Vixion.IdentityModel.Cache.SharedSessionSecurityTokenCache, Vixion.IdentityModel.Cache">

          <cacheServiceAddress url="http://tvwapps35434d.kpnis.nl:1008/SessionSecurityTokenCacheService.svc" />

        </sessionSecurityTokenCache>

      </caches>

      <audienceUris>

        <add value="http://localhost:24442/" />

      </audienceUris>

      <securityTokenHandlers>

        <remove type="System.IdentityModel.Services.Tokens.MachineKeySessionSecurityTokenHandler, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />

        <add type="System.IdentityModel.Tokens.SessionSecurityTokenHandler, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />

        <add type="System.IdentityModel.Tokens.Saml2SecurityTokenHandler, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />

      </securityTokenHandlers>

      <certificateValidation certificateValidationMode="None" />

      <issuerNameRegistry type="System.IdentityModel.Tokens.ValidatingIssuerNameRegistry, System.IdentityModel.Tokens.ValidatingIssuerNameRegistry">

        <authority name="http://vix-make-o:8080">

          <keys>

            <add thumbprint="5137c779a1e77a0f4a78abd356b0238912637469" />

          </keys>

          <validIssuers>

            <add name="http://vix-make-o:8080" />

          </validIssuers>

        </authority>

      </issuerNameRegistry>

    </identityConfiguration>

  </system.identityModel>

  <system.identityModel.services>

    <federationConfiguration>

      <cookieHandler requireSsl="false" path="/" />

      <wsFederation passiveRedirectEnabled="true" issuer="http://vix-make-o:8080" realm="http://localhost:24442/" requireHttps="false" reply="http://localhost:24442/" />

    </federationConfiguration>

  </system.identityModel.services>

According to the example here:
https://github.com/Sustainsys/Saml2/tree/master/Sustainsys.Saml2.AspNetCore2

I write this code in a new .NetCore app:

services.AddIdentity<IdentityUser, IdentityRole>()                

                .AddDefaultTokenProviders();



services.AddDistributedMemoryCache();



services.AddSession(options =>

{

    options.Cookie.HttpOnly = true;

});



services.AddMvc()

    .AddJsonOptions(options => options.SerializerSettings.ContractResolver = new DefaultContractResolver());



services.AddAuthentication()

    .AddSaml2(options =>

    {

        options.SPOptions.EntityId = new EntityId("http://vix-make-o:8080");

        options.IdentityProviders.Add(

            new IdentityProvider(

                new EntityId("http://vix-make-o:8080/ws_saml_metadata"), options.SPOptions)

            {

                //LoadMetadata = true

            });                    

    });



app.UseAuthentication();

app.UseSession();

app.UseMvc(routes =>

{

    routes.MapRoute(

        name: "default",

        template: "{controller=Home}/{action=Index}/{id?}");

});

When I start the app, the browser goes straight to the index page. No error, no nothing. When I check with SAML Chrome Panel it shows no traffic at all.

I do not expect my code working, but it should at least do something to give me a hint to how to go further.

Any suggestions are welcome.

Thank you.

asked Nov 7 at 12:05

S. Meinert

add a comment |

up vote
0
down vote

favorite

I have an .Net MVC project with SSO working. The SSO config looks like this:

    <system.identityModel>

    <identityConfiguration saveBootstrapContext="true">

      <caches>

        <sessionSecurityTokenCache type="Vixion.IdentityModel.Cache.SharedSessionSecurityTokenCache, Vixion.IdentityModel.Cache">

          <cacheServiceAddress url="http://tvwapps35434d.kpnis.nl:1008/SessionSecurityTokenCacheService.svc" />

        </sessionSecurityTokenCache>

      </caches>

      <audienceUris>

        <add value="http://localhost:24442/" />

      </audienceUris>

      <securityTokenHandlers>

        <remove type="System.IdentityModel.Services.Tokens.MachineKeySessionSecurityTokenHandler, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />

        <add type="System.IdentityModel.Tokens.SessionSecurityTokenHandler, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />

        <add type="System.IdentityModel.Tokens.Saml2SecurityTokenHandler, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />

      </securityTokenHandlers>

      <certificateValidation certificateValidationMode="None" />

      <issuerNameRegistry type="System.IdentityModel.Tokens.ValidatingIssuerNameRegistry, System.IdentityModel.Tokens.ValidatingIssuerNameRegistry">

        <authority name="http://vix-make-o:8080">

          <keys>

            <add thumbprint="5137c779a1e77a0f4a78abd356b0238912637469" />

          </keys>

          <validIssuers>

            <add name="http://vix-make-o:8080" />

          </validIssuers>

        </authority>

      </issuerNameRegistry>

    </identityConfiguration>

  </system.identityModel>

  <system.identityModel.services>

    <federationConfiguration>

      <cookieHandler requireSsl="false" path="/" />

      <wsFederation passiveRedirectEnabled="true" issuer="http://vix-make-o:8080" realm="http://localhost:24442/" requireHttps="false" reply="http://localhost:24442/" />

    </federationConfiguration>

  </system.identityModel.services>

According to the example here:
https://github.com/Sustainsys/Saml2/tree/master/Sustainsys.Saml2.AspNetCore2

I write this code in a new .NetCore app:

services.AddIdentity<IdentityUser, IdentityRole>()                

                .AddDefaultTokenProviders();



services.AddDistributedMemoryCache();



services.AddSession(options =>

{

    options.Cookie.HttpOnly = true;

});



services.AddMvc()

    .AddJsonOptions(options => options.SerializerSettings.ContractResolver = new DefaultContractResolver());



services.AddAuthentication()

    .AddSaml2(options =>

    {

        options.SPOptions.EntityId = new EntityId("http://vix-make-o:8080");

        options.IdentityProviders.Add(

            new IdentityProvider(

                new EntityId("http://vix-make-o:8080/ws_saml_metadata"), options.SPOptions)

            {

                //LoadMetadata = true

            });                    

    });



app.UseAuthentication();

app.UseSession();

app.UseMvc(routes =>

{

    routes.MapRoute(

        name: "default",

        template: "{controller=Home}/{action=Index}/{id?}");

});

When I start the app, the browser goes straight to the index page. No error, no nothing. When I check with SAML Chrome Panel it shows no traffic at all.

I do not expect my code working, but it should at least do something to give me a hint to how to go further.

Any suggestions are welcome.

Thank you.

asked Nov 7 at 12:05

S. Meinert

add a comment |

up vote
0
down vote

favorite

I have an .Net MVC project with SSO working. The SSO config looks like this:

    <system.identityModel>

    <identityConfiguration saveBootstrapContext="true">

      <caches>

        <sessionSecurityTokenCache type="Vixion.IdentityModel.Cache.SharedSessionSecurityTokenCache, Vixion.IdentityModel.Cache">

          <cacheServiceAddress url="http://tvwapps35434d.kpnis.nl:1008/SessionSecurityTokenCacheService.svc" />

        </sessionSecurityTokenCache>

      </caches>

      <audienceUris>

        <add value="http://localhost:24442/" />

      </audienceUris>

      <securityTokenHandlers>

        <remove type="System.IdentityModel.Services.Tokens.MachineKeySessionSecurityTokenHandler, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />

        <add type="System.IdentityModel.Tokens.SessionSecurityTokenHandler, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />

        <add type="System.IdentityModel.Tokens.Saml2SecurityTokenHandler, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />

      </securityTokenHandlers>

      <certificateValidation certificateValidationMode="None" />

      <issuerNameRegistry type="System.IdentityModel.Tokens.ValidatingIssuerNameRegistry, System.IdentityModel.Tokens.ValidatingIssuerNameRegistry">

        <authority name="http://vix-make-o:8080">

          <keys>

            <add thumbprint="5137c779a1e77a0f4a78abd356b0238912637469" />

          </keys>

          <validIssuers>

            <add name="http://vix-make-o:8080" />

          </validIssuers>

        </authority>

      </issuerNameRegistry>

    </identityConfiguration>

  </system.identityModel>

  <system.identityModel.services>

    <federationConfiguration>

      <cookieHandler requireSsl="false" path="/" />

      <wsFederation passiveRedirectEnabled="true" issuer="http://vix-make-o:8080" realm="http://localhost:24442/" requireHttps="false" reply="http://localhost:24442/" />

    </federationConfiguration>

  </system.identityModel.services>

According to the example here:
https://github.com/Sustainsys/Saml2/tree/master/Sustainsys.Saml2.AspNetCore2

I write this code in a new .NetCore app:

services.AddIdentity<IdentityUser, IdentityRole>()                

                .AddDefaultTokenProviders();



services.AddDistributedMemoryCache();



services.AddSession(options =>

{

    options.Cookie.HttpOnly = true;

});



services.AddMvc()

    .AddJsonOptions(options => options.SerializerSettings.ContractResolver = new DefaultContractResolver());



services.AddAuthentication()

    .AddSaml2(options =>

    {

        options.SPOptions.EntityId = new EntityId("http://vix-make-o:8080");

        options.IdentityProviders.Add(

            new IdentityProvider(

                new EntityId("http://vix-make-o:8080/ws_saml_metadata"), options.SPOptions)

            {

                //LoadMetadata = true

            });                    

    });



app.UseAuthentication();

app.UseSession();

app.UseMvc(routes =>

{

    routes.MapRoute(

        name: "default",

        template: "{controller=Home}/{action=Index}/{id?}");

});

When I start the app, the browser goes straight to the index page. No error, no nothing. When I check with SAML Chrome Panel it shows no traffic at all.

I do not expect my code working, but it should at least do something to give me a hint to how to go further.

Any suggestions are welcome.

Thank you.

asked Nov 7 at 12:05

S. Meinert

I have an .Net MVC project with SSO working. The SSO config looks like this:

    <system.identityModel>

    <identityConfiguration saveBootstrapContext="true">

      <caches>

        <sessionSecurityTokenCache type="Vixion.IdentityModel.Cache.SharedSessionSecurityTokenCache, Vixion.IdentityModel.Cache">

          <cacheServiceAddress url="http://tvwapps35434d.kpnis.nl:1008/SessionSecurityTokenCacheService.svc" />

        </sessionSecurityTokenCache>

      </caches>

      <audienceUris>

        <add value="http://localhost:24442/" />

      </audienceUris>

      <securityTokenHandlers>

        <remove type="System.IdentityModel.Services.Tokens.MachineKeySessionSecurityTokenHandler, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />

        <add type="System.IdentityModel.Tokens.SessionSecurityTokenHandler, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />

        <add type="System.IdentityModel.Tokens.Saml2SecurityTokenHandler, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />

      </securityTokenHandlers>

      <certificateValidation certificateValidationMode="None" />

      <issuerNameRegistry type="System.IdentityModel.Tokens.ValidatingIssuerNameRegistry, System.IdentityModel.Tokens.ValidatingIssuerNameRegistry">

        <authority name="http://vix-make-o:8080">

          <keys>

            <add thumbprint="5137c779a1e77a0f4a78abd356b0238912637469" />

          </keys>

          <validIssuers>

            <add name="http://vix-make-o:8080" />

          </validIssuers>

        </authority>

      </issuerNameRegistry>

    </identityConfiguration>

  </system.identityModel>

  <system.identityModel.services>

    <federationConfiguration>

      <cookieHandler requireSsl="false" path="/" />

      <wsFederation passiveRedirectEnabled="true" issuer="http://vix-make-o:8080" realm="http://localhost:24442/" requireHttps="false" reply="http://localhost:24442/" />

    </federationConfiguration>

  </system.identityModel.services>

According to the example here:
https://github.com/Sustainsys/Saml2/tree/master/Sustainsys.Saml2.AspNetCore2

I write this code in a new .NetCore app:

services.AddIdentity<IdentityUser, IdentityRole>()                

                .AddDefaultTokenProviders();



services.AddDistributedMemoryCache();



services.AddSession(options =>

{

    options.Cookie.HttpOnly = true;

});



services.AddMvc()

    .AddJsonOptions(options => options.SerializerSettings.ContractResolver = new DefaultContractResolver());



services.AddAuthentication()

    .AddSaml2(options =>

    {

        options.SPOptions.EntityId = new EntityId("http://vix-make-o:8080");

        options.IdentityProviders.Add(

            new IdentityProvider(

                new EntityId("http://vix-make-o:8080/ws_saml_metadata"), options.SPOptions)

            {

                //LoadMetadata = true

            });                    

    });



app.UseAuthentication();

app.UseSession();

app.UseMvc(routes =>

{

    routes.MapRoute(

        name: "default",

        template: "{controller=Home}/{action=Index}/{id?}");

});

When I start the app, the browser goes straight to the index page. No error, no nothing. When I check with SAML Chrome Panel it shows no traffic at all.

I do not expect my code working, but it should at least do something to give me a hint to how to go further.

Any suggestions are welcome.

Thank you.

sustainsys-saml2

asked Nov 7 at 12:05

S. Meinert

asked Nov 7 at 12:05

S. Meinert

asked Nov 7 at 12:05

S. Meinert

asked Nov 7 at 12:05

S. Meinert

asked Nov 7 at 12:05

S. Meinert

add a comment |

1 Answer
1

active

oldest

votes

up vote
0
down vote

Remove the web.config content. It is not used with the ASP.NET Core module.

Set back the LoadMetadata flag, or add the necessary config manually.

Set Saml2 as the default challenge protocol for authentication.

Finally, add an [Authorize] attribute to your controllers that should require authentication to initiate the authentication process.

answered Nov 9 at 8:59

Anders Abel

55.5k9120197

Sorry for the misunderstanding, but I know that I don't use the web.config in .NetCore. I just gave it for the working example.
– S. Meinert
Nov 9 at 20:00

When I set back the LoadMetadata flag the app crashes. I do not get back any metadata from this server.
– S. Meinert
Nov 9 at 20:02

If the server doesn't provide any metadata, you need to configure the required parameters manually on the IdentityProvider object: SsoServiceUrl, Binding and SigningCertificate.
– Anders Abel
Nov 10 at 12:45

add a comment |

Your Answer

StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");

StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});

}
});

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Post as a guest

Name

Required, but never shown

StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53189131%2fnetcore-code-with-sustainsys-saml2-does-nothing%23new-answer', 'question_page');
}
);

Post as a guest

Name

Required, but never shown

1 Answer
1

active

oldest

votes

1 Answer
1

active

oldest

votes

up vote
0
down vote

Remove the web.config content. It is not used with the ASP.NET Core module.

Set back the LoadMetadata flag, or add the necessary config manually.

Set Saml2 as the default challenge protocol for authentication.

Finally, add an [Authorize] attribute to your controllers that should require authentication to initiate the authentication process.

answered Nov 9 at 8:59

Anders Abel

55.5k9120197

Sorry for the misunderstanding, but I know that I don't use the web.config in .NetCore. I just gave it for the working example.
– S. Meinert
Nov 9 at 20:00

When I set back the LoadMetadata flag the app crashes. I do not get back any metadata from this server.
– S. Meinert
Nov 9 at 20:02

If the server doesn't provide any metadata, you need to configure the required parameters manually on the IdentityProvider object: SsoServiceUrl, Binding and SigningCertificate.
– Anders Abel
Nov 10 at 12:45

add a comment |

up vote
0
down vote

Remove the web.config content. It is not used with the ASP.NET Core module.

Set back the LoadMetadata flag, or add the necessary config manually.

Set Saml2 as the default challenge protocol for authentication.

Finally, add an [Authorize] attribute to your controllers that should require authentication to initiate the authentication process.

answered Nov 9 at 8:59

Anders Abel

55.5k9120197

Sorry for the misunderstanding, but I know that I don't use the web.config in .NetCore. I just gave it for the working example.
– S. Meinert
Nov 9 at 20:00

When I set back the LoadMetadata flag the app crashes. I do not get back any metadata from this server.
– S. Meinert
Nov 9 at 20:02

If the server doesn't provide any metadata, you need to configure the required parameters manually on the IdentityProvider object: SsoServiceUrl, Binding and SigningCertificate.
– Anders Abel
Nov 10 at 12:45

add a comment |

up vote
0
down vote

Remove the web.config content. It is not used with the ASP.NET Core module.

Set back the LoadMetadata flag, or add the necessary config manually.

Set Saml2 as the default challenge protocol for authentication.

Finally, add an [Authorize] attribute to your controllers that should require authentication to initiate the authentication process.

answered Nov 9 at 8:59

Anders Abel

55.5k9120197

Remove the web.config content. It is not used with the ASP.NET Core module.

Set back the LoadMetadata flag, or add the necessary config manually.

Set Saml2 as the default challenge protocol for authentication.

Finally, add an [Authorize] attribute to your controllers that should require authentication to initiate the authentication process.

answered Nov 9 at 8:59

Anders Abel

55.5k9120197

answered Nov 9 at 8:59

Anders Abel

55.5k9120197

answered Nov 9 at 8:59

Anders Abel

55.5k9120197

answered Nov 9 at 8:59

Anders Abel

55.5k9120197

Sorry for the misunderstanding, but I know that I don't use the web.config in .NetCore. I just gave it for the working example.
– S. Meinert
Nov 9 at 20:00

When I set back the LoadMetadata flag the app crashes. I do not get back any metadata from this server.
– S. Meinert
Nov 9 at 20:02

If the server doesn't provide any metadata, you need to configure the required parameters manually on the IdentityProvider object: SsoServiceUrl, Binding and SigningCertificate.
– Anders Abel
Nov 10 at 12:45

add a comment |

Sorry for the misunderstanding, but I know that I don't use the web.config in .NetCore. I just gave it for the working example.
– S. Meinert
Nov 9 at 20:00

When I set back the LoadMetadata flag the app crashes. I do not get back any metadata from this server.
– S. Meinert
Nov 9 at 20:02

If the server doesn't provide any metadata, you need to configure the required parameters manually on the IdentityProvider object: SsoServiceUrl, Binding and SigningCertificate.
– Anders Abel
Nov 10 at 12:45

Sorry for the misunderstanding, but I know that I don't use the web.config in .NetCore. I just gave it for the working example.
– S. Meinert
Nov 9 at 20:00

When I set back the LoadMetadata flag the app crashes. I do not get back any metadata from this server.
– S. Meinert
Nov 9 at 20:02

If the server doesn't provide any metadata, you need to configure the required parameters manually on the IdentityProvider object: SsoServiceUrl, Binding and SigningCertificate.
– Anders Abel
Nov 10 at 12:45

add a comment |

draft saved

draft discarded

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Post as a guest

Name

Required, but never shown

Post as a guest

Name

Required, but never shown

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Post as a guest

Name

Required, but never shown

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Post as a guest

Name

Required, but never shown

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Post as a guest

Name

Required, but never shown

Name

Required, but never shown

Name

Required, but never shown

This page is only for reference, If you need detailed information, please check here

搜尋此網誌

Wsrtjtyk