Loading…
Tilbage
×

Info

Der findes en nyere version af resourcen her

OIOSAML.NET version 1.7.13

06-10-2015 13:26:22
Version: 1.7.13

Releasedate: 2015-04-14

Releasenote

* Fixed a bug that could be reproduced by following the test IT-SLO-3 defined in “Integrationstest ved tilslutning til NemLog-in” version 1.4. The concrete problem was that if the the oiosamlSession cookie was missing or the oiosaml session was expired, then a null pointer exception would occur in the oiosaml component when receiving a logout request from other service providers in progress of doing a federation logout. 

Profilbillede

Problemer med sample

Christian Aune
24. maj 2017, 9:08

Hi, i've not been able to get the sessions to work in my environment. When i log in with one of the provided logins i get this error

dk.nita.saml20.Saml20Exception: Your session has been disconnected, please logon again at dk.nita.saml20.protocol.Saml20SignonHandler.CheckReplayAttack(HttpContext context, String inResponseTo)

And i can see that this part, inserts into the session faktory.

SessionFactory.SessionContext.Current[SessionConstants.ExpectedInResponseTo] = request.ID;

 

But when this code calls it, its allready been disposed or something.

var expectedInResponseToSessionState = SessionFactory.SessionContext.Current[SessionConstants.ExpectedInResponseTo];

 

I've forllowed the Net SAML2 Service Provider Framework.pdf guide provided, all the way to point 5.3. Im useing a iis 7, and i've tried on localhost too.

 

Profilbillede

Kasper Vestergaard Møller
24. maj 2017, 9:16

Hi Christian

Are you running https?

The session cookie has the secure flag set.

Best regards

Kasper V. Møller

Profilbillede

Christian Aune
24. maj 2017, 13:23

Hey. Thanks alot, that soved the problem.

 

Now i've encounted this instead 

The signature of the incoming message is invalid.

  1. I've checked all the certificates and thay all look like thay're correct. 
  2. I've tried setting <IDPEndPoints metadata="C:\nemlogin\idp">
     <add id="https://udvikling01.a-data.dk:443/Idp/ ">
      <CertificateValidation>
       <add type="dk.nita.saml20.Specification.SelfIssuedCertificateSpecification, dk.nita.saml20"/>
      </CertificateValidation>
     </add>
    </IDPEndPoints>
  3. I changed this <SigningCertificate findValue="9A6F450257FCD7E56FAE5757E5225A343E52CC3A" storeLocation="LocalMachine" storeName="My" x509FindType="FindByThumbprint"/> To match the SP Certificate thumbprint

Any other idears that might help?

 

Profilbillede

Kasper Vestergaard Møller
24. maj 2017, 14:10

Try checking with certutil that certificates are ok. certutil will also show you if there are issues with access to the CRL.

See https://blogs.technet.microsoft.com/pki/2006/11/30/basic-crl-checking-with-certutil/

Best regards

Kasper V. Møller

Profilbillede

Christian Aune
26. maj 2017, 9:16

I got it to work, just had to change this line. Wasnt enough with just the config file apparently.

 

File: SpecificationFactory.cs

Line: 42

specs.Add(new DefaultCertificateSpecification());

TO > 

specs.Add(new SelfIssuedCertificateSpecification());