Search code examples
owinokta

HttpContext.GetOwinContext().Authentication.GetExternalLoginInfoAsync() always return null after successfully login using OKTA SAML2.0

I'm currently trying to get Okta to work with our ASP.Net MVC 4.7 based application. what i observe okta login get successfully but Unfortunatly After the authentication (saml response accepted) challenge, ExternalLoginCallback is called then checks if Okta info is present to use for own authentication but it always return null refer ExternalLoginCallback method. or https://github.com/bvillanueva-mdsol/OktaSaml2OwinSample/issues/1 as code base and also raised issue in git hub for respective owner.

     <add key="ApplicationBaseUri" value="https://localhost:2687" />
  <add key="IdentityProviderIssuer" value="http://www.okta.com/exk3js0t73vBlN4Vq5d7" />
  <add key="IdentityProviderSsoUri" value="https://dev-00349616.okta.com/app/dev-00349616_httpslocalhost2687signinsaml_1/exk3js0t73vBlN4Vq5d7/sso/saml" />


 

public void Configuration(IAppBuilder app)
    {
        app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);
        app.UseCookieAuthentication(new CookieAuthenticationOptions
        {
            AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
            LoginPath = new PathString("/Account/Login"),
            AuthenticationMode = AuthenticationMode.Active
        });
        
        app.UseSaml2Authentication(CreateSaml2Options());
    }

    private static Saml2AuthenticationOptions CreateSaml2Options()
    {
        var applicationBaseUri = new Uri(ConfigurationManager.AppSettings["ApplicationBaseUri"]);
        var saml2BaseUri = new Uri(applicationBaseUri, "saml2");
        var identityProviderIssuer = ConfigurationManager.AppSettings["IdentityProviderIssuer"];
        var identityProviderSsoUri = new Uri(ConfigurationManager.AppSettings["IdentityProviderSsoUri"]);

        var Saml2Options = new Saml2AuthenticationOptions(false)
        {
            SPOptions = new SPOptions
            {
                EntityId = new EntityId(saml2BaseUri.AbsoluteUri),
                
                ReturnUrl = applicationBaseUri
                
            }
        };

        var identityProvider = new IdentityProvider(new EntityId(identityProviderIssuer), Saml2Options.SPOptions)
        {
            AllowUnsolicitedAuthnResponse = true,
            Binding = Saml2BindingType.HttpRedirect,
            SingleSignOnServiceUrl = identityProviderSsoUri
        };

        identityProvider.SigningKeys.AddConfiguredKey(
            new X509Certificate2(
                HostingEnvironment.MapPath(
                    "~/App_Data/okta.cert")));

        Saml2Options.IdentityProviders.Add(identityProvider);

        return Saml2Options;
    }

AccountController.cs file

 [AllowAnonymous]
    public ActionResult Login(string returnUrl)
    {
        //ControllerContext.HttpContext.Session.RemoveAll();
        return new Saml2ChallengeResult(Url.Action("ExternalLoginCallback", "Account", new { ReturnUrl = returnUrl }));
    }

    [AllowAnonymous]
    public async Task<ActionResult> ExternalLoginCallback(string returnUrl)
    {
        var loginInfo = await  HttpContext.GetOwinContext().Authentication.GetExternalLoginInfoAsync();
        if (loginInfo == null) // always return null 
        {
            return RedirectToAction("LoginError");
        }

        var identity = new ClaimsIdentity(loginInfo.ExternalIdentity.Claims,
            DefaultAuthenticationTypes.ApplicationCookie);
        var authProps = new AuthenticationProperties
        {
            IsPersistent = true,
            ExpiresUtc = DateTime.UtcNow.AddMinutes(1)
        };            
        HttpContext.GetOwinContext().Authentication.SignIn(authProps, identity);

        return RedirectToLocal(returnUrl);
    }

    [AllowAnonymous]
    public ActionResult LoginError()
    {
        return Content("Error Logging in!");
    }

    private IAuthenticationManager AuthenticationManager =>
        HttpContext.GetOwinContext().Authentication;

    private ActionResult RedirectToLocal(string returnUrl)
    {
        if (Url.IsLocalUrl(returnUrl))
        {
            return Redirect(returnUrl);
        }
        return RedirectToAction("Index", "Home");
    }

    internal class Saml2ChallengeResult : HttpUnauthorizedResult
    {
        public string RedirectUri { get; set; }

        public Saml2ChallengeResult(string redirectUri)
        {
            RedirectUri = redirectUri;
        }
        
        public override void ExecuteResult(ControllerContext context)
        {
            context.RequestContext.HttpContext.Response.SuppressFormsAuthenticationRedirect = true;

            var properties = new AuthenticationProperties { RedirectUri = RedirectUri };
            context.HttpContext.GetOwinContext().Authentication.Challenge(properties, "Saml2");
        }
    }
}
Solution

  • Solution is more related to correct steps which I missed.

    1. code is absolutely fine and it will work

    In order to run the application we have roslyn folder in bin folder and by mistake I copied roslyn folder from RUUNING https://localhost:44376 application. We should not copy and paste roslyn folder from running application to https://localhost:2687.

    Clue : surprisingly IIS shows 2 application running even https://localhost:44376 visual studio application was closed.

    and now I am getting login info details from okta

    enter image description here

    enter image description here