Search code examples
asp.net-coreforgerockitfoxtec-identity-saml2

Integration with ForgeRock

ForgeRock always returns HTTP 500 error for SSO. I am using itfoxtec-identity-saml2 for the binding (redirect) in my asp.net core application as my IDP for forgeRock and following steps mentioned in the github

This is the SAML Auth Request sent out

<saml2p:AuthnRequest
     xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"
     xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" 
     ID="_f149a6ed-298a-4d41-951f-3817a5e3f7ae"
     Version="2.0"
     IssueInstant="2020-08-15T21:53:37.9212248Z" 
    Destination="http://dev.mytest.com/sso/SSORedirect/metaAlias/RRC/idp" 
    AssertionConsumerServiceURL="http://localhost:60017/General/Account/AssertionConsumerService">
       <saml2:Issuer>http://dev.mytest.com:80/sso</saml2:Issuer>
       <saml2:Subject><saml2:NameID> https://localhost:60017</saml2:NameID></saml2:Subject>
       <saml2p:NameIDPolicy AllowCreate="true" 
                  Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" />
</saml2p:AuthnRequest>

2 questions, I have been asked from the ForgeRock

  1. Can I use the samlp and saml tags instead of saml2p and saml2 tags in the request SAML
  2. Binding is not mentioned in the auth request SAMLf

Error Message

HTTP 500 Error from ForgeRock

Solution

  • I'm a little in doubt about your question. If you are asking about XML namespace names. It is not possible to change XML namespace names in the XML the ITfoxtec Identity SAML 2.0 component generates.

    It is probably correct to use a redirect binding.

    You are sending ' https://localhost:60017' in the NameID tag with a space <saml2:NameID> https://localhost:60017</saml2:NameID>. It looks wrong? It should be the username for the user you want to be logged in.