Comments (6)
scottbrady91
commented on June 11, 2024
Looks like you OIDC client application is configured with the wrong redirect URI.
You are asking for http://localhost:7000/signin-oidc but your IdentityServer is expecting http://localhost:5001/signin-oidc in its AllowedRedirectUris.
from samples.saml2p.
binbsr
commented on June 11, 2024
Thanks @scottbrady91 !
Is port 5001 hard-coded (for demo license, also change on clientId complains) for OIDC client? SP is also on 5001. So I tried:
- Changed mvc client config on SP:
RedirectUris = {"http://localhost:5001/signin-oidc"},
FrontChannelLogoutUri="http://localhost:5001/signin-oidc",
PostLogoutRedirectUris={"http://localhost:5001/signout-callback-oidc"}
Its same previous error on question.
- Changed SP port to other than 5001, and OIDC client on 5001 and IDP config updated accordingly
// SAML client
new Client
{
ClientId = "http://localhost:4000/saml",
ClientName = "RSK SAML2P Test Client",
ProtocolType = IdentityServerConstants.ProtocolTypes.Saml2p,
AllowedScopes = {"openid", "profile"}
}
and
new ServiceProvider
{
EntityId = "http://localhost:4000/saml",
AssertionConsumerServices =
{new Service(SamlConstants.BindingTypes.HttpPost, "http://localhost:4000/signin-saml")},
SigningCertificates = {new X509Certificate2("testclient.cer")}
}
Here, OIDC Client connects successfully to SP but now IDP complains: May be its expecting SP to run on same old 5001 port.
[20:14:41 Error] IdentityServer4.Saml.Validation.Saml2SingleSignOnRequestValidator
Unrecognized SAML service provider
{
"SubjectId": "anonymous",
"BindingType": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect",
"RelayState": "G8U98F7k-G2vLgfgthnTOSRl",
"SignatureAlgorithm": "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"
}
[20:14:41 Error] IdentityServer4.Saml.Endpoints.Saml2SingleSignOnEndpoint
Request validation failed
[20:14:41 Error] IdentityServer4.Saml.Endpoints.Saml2SingleSignOnEndpoint
Request validation failed
{
"SubjectId": "anonymous",
"BindingType": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect",
"RelayState": "G8U98F7k-G2vLgfgthnTOSRl",
"SignatureAlgorithm": "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"
}
Scott, would you mind telling me what am I missing?
from samples.saml2p.
binbsr
commented on June 11, 2024
@scottbrady91 Any insight on this? My colleague (Samir Karki) already exchanging mails with you (and your team) and have plan to purchase the SAML2P plugin once done with POCs. But its really hard time getting things work.
from samples.saml2p.
scottbrady91
commented on June 11, 2024
Changing the port numbers is fine, but they must match between your client applications and your identity providers. Licensing for the SAML component has no constraints on URLs used.
For the SAML error, this again sounds like ports not matching. Can you confirm that your SP is running on port 4000?
It might be worthwhile moving to our support channel for this, and sending in both your SP and IdP Metadata documents. You can send these to [email protected]
from samples.saml2p.
binbsr
commented on June 11, 2024
Yes, IDS4 SP is configured to 4000 and OIDC MVC app is connecting fine with it. I will forward this to support with metadata you requested. Thanks @scottbrady91!
from samples.saml2p.
scottbrady91
commented on June 11, 2024
No problem!
from samples.saml2p.
Related Issues (20)
- Same issue SAMLRequest IssueInstant is in the future. ... with tolerance of 0 seconds HOT 1
- Getting error when single signon with HttpRedirect HOT 1
- HttpPost Logout response HOT 1
- Where do I get a valid LicenseKey & Licensee HOT 3
- Saml2pAuthenticationOptions for dynamic schemes HOT 2
- Accepted RequestTrustLength Value HOT 2
- OAEP and PKCS1 paddings support HOT 1
- Can we provide the username to ADFS via the SAML Auth Request? HOT 2
- Adding Extra Attribute for SAMLRequest HOT 3
- What is the difference between the projects? HOT 2
- SAML Authentication for REST APIs and SPA applications HOT 1
- Multi-tenant support HOT 1
- SAML unsigned request to IDP - WantAuthenticationRequestsSigned HOT 1
- invalid acs url reported HOT 1
- access_token is always null HOT 1
- user is not authenticated HOT 3
- SingleSignOnEndpoint with a question results in an invalid challenge URI HOT 1
- What's the URL for IdP-Init-SSO
- SamlConfigurationDbContext schema sample
- Incorrect SAML request URL with Idp URL contain querystring HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from samples.saml2p.