the IdP that I am using has 2 different locations for it's SingleSignOnService and they are:
<SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://rengirtu.sciedu.jp/sub/Redirect/SSO"/>
<SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://rengirtu.sciedu.jp/sub/POST/SSO"/>
When my SP web app connects, it always uses the HTTP-Redirect address(https://rengirtu.sciedu.jp/sub/Redirect/SSO).
Is there a way to force ITfoxTec to use the HTTP-POST address(https://rengirtu.sciedu.jp/sub/POST/SSO) instead?
Here is the code for the ITfoxTec Login() method I am using:
[Route("Login")]
public IActionResult Login(string returnUrl = null)
{
var binding = new Saml2PostBinding();
binding.SetRelayStateQuery(new Dictionary<string, string> { { relayStateReturnUrl, returnUrl ?? Url.Content("~/") } });
return binding.Bind(new Saml2AuthnRequest(config)
{
//ForceAuthn = true,
//Subject = new Subject { NameID = new NameID { ID = "Japan_Portal" } },
//NameIdPolicy = new NameIdPolicy { AllowCreate = true, Format = "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" },
//Extensions = new AppExtensions(),
//RequestedAuthnContext = new RequestedAuthnContext
//{
// Comparison = AuthnContextComparisonTypes.Exact,
// AuthnContextClassRef = new string[] { AuthnContextClassTypes.PasswordProtectedTransport.OriginalString },
//},
}).ToActionResult();
}
Thanks!
The login part looks fine to me, but check the SingleSignOnDestination in the service configuration; I had to make some changes there to select the right url. I think the sample just selects the first url in the metadata regardless of method.
Uri postBinding = new Uri("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST");
saml2Configuration.SingleSignOnDestination = entityDescriptor.IdPSsoDescriptor.SingleSignOnServices
.Single(b => b.Binding == postBinding).Location;