[IdP] Configure idp

[IdP] Configure idp

  
Forge Component
(26)
Published on 4 Jul by Telmo Martins
26 votes
Published on 4 Jul by Telmo Martins

Hi,

We want to use the idp connector to provide SSO featue, we followed the steps and set up our ADFS. Also assertions. But we are experiencing a weird that is telling us that in the SAMLLogMessages


"Error processing response."

So we found that this is generated by SAML_Process action and captured in SAML_Responce_Process.

The flow seems to work well, we try to access to our own app that uses the idp, a redirection is done to http://myserver/idp/sso.aspx, passing first for our ADFS url, and then SSO page is displayed with ther error mentioned below.

Any insights or piece of advice to help us and check?


Hi Javier,

what's the error detail on service center?

Regards.

Hi Thanks for the quick response.

These are logs we are seeing.



Hi,

And the error detail?

Error detail for Object reference not set to an instance of an object

Error detail for "invalid request: no SAML message found."

Error detail for "Value cannot be null"

Solution

Hi Juan,

I'm assuming the the last error is the only one still with issues.

By the error you have currently version 3.5.0 or older. The assertion does not seem to be encrypted, and you may have the component configured as the assertion is encrypted.

That specific error should no longer occurs in the latest versions, since the component automatically detects by itself if the assertion is encrypted or not.

Regards.


Solution

Hi Telmo - Thanks for your quick reply. I already updated to latest version and looks like it's working as expected now. Will perform some tests and get back to you in case we need further support.

Again, thanks a lot for all your help. Really appreciate it.

Thank very much Telmo. It is woking

@juan: We are facing the same error as you : Error detail for Object reference not set to an instance of an object. Could you share what you have done to fix this one?

Hi Anthony,

Do you already have the latest version of the component installed?

Regards

Telmo Martins wrote:

Hi Anthony,

Do you already have the latest version of the component installed?

Regards

Yes, got the 3.5.3 version installed. 


Hi,

Can you share the detailed error log, since it should be on another location of the code.

Regards

Telmo Martins wrote:

Hi,

Can you share the detailed error log, since it should be on another location of the code.

Regards

Seems to be the same:

Object reference not set to an instance of an object.
   at OutSystems.NssSAML_Utils.SAML.IsValid_Timestamp(Int32 timespanThreshold)
   at OutSystems.NssSAML_Utils.CssSAML_Utils.MssSAML_Response(String ssSAML_Response, String ssSAML_Cert, String ssSAML_Issuer, RLAttributeRecordList ssSAML_AttributeStatement, Boolean ssOnlyAcceptEncryptedAssertions, Int32 ssTimespanThreshold, Byte[] ssSAML_Assertion_KeyStore, String ssSAML_Assertion_KeyStorePassword, Boolean ssDebug_ReturnAllAttributes, RCSAMLValidationRecord& ssSAMLValidation, RCValidationRecord& ssValidation, RCDataRecord& ssData)


Just re-checked the SAML response message and it shows a Reponder status code:


<samlp:Status><samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Responder" /></samlp:Status>

Which would mean that there is a problem in the configuration on the ADFS side. Going to check that now.

Hi Anthony,

It's the same error type, but in a different location due other reasons.

Yes, the status should be success, the error itself seems to be caused due mandatory fields are missing in the saml response (but probably are missing due the status it's not success).

Regards

Telmo Martins wrote:

Hi Anthony,

It's the same error type, but in a different location due other reasons.

Yes, the status should be success, the error itself seems to be caused due mandatory fields are missing in the saml response (but probably are missing due the status it's not success).

Regards

Issue is solved, claims were not mapped correctly. Thank you for the support thus far.