Navigation

    FusionAuth
    • Login
    • Search
    • Home
    • Categories
    • Recent
    • Popular
    • Pricing
    • Contact us
    • Docs

    UNSOLVED SAML IDP - message.State is null or empty

    Q&A
    2
    2
    21
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      tw last edited by

      We are setting up Google as an SAML v2 IdP initiated identity provider, the setup is working fine, and the SAML exchange is working & authenticated into FusionAuth.

      Our API gateway (dotnet) is integrated into our FusionAuth via OIDC & when it redirects, it contains the code but is missing the state parameter (which i understand happens in a SAML IdP workflow, after reading the comments on github).

      The redirect back to our gateway for example is:

      /signin-oidc?code=j6rOnUBViLU1kR5UA2eKK_UTzc-cO2auei53TJU9X8g&locale=en_US&userState=Authenticated
      

      Our gateway throws the error:

      OpenIdConnectAuthenticationHandler: message.State is null or empty.
      

      We have tried to disable state validation (not ideal), but that does not work.

      options.ProtocolValidator.RequireState = false;
      options.ProtocolValidator.RequireStateValidation = false;
      

      You can see that Auth0 provides a hacky workflow in thier
      documentation

      Just wondering how I can get this to work? Any ideas?

      dan 1 Reply Last reply Reply Quote 1
      • dan
        dan @tw last edited by

        @tw Hmmm. Did you ever get this working?

        A few thoughts:

        • what version of FusionAuth are you running?
        • have you turned on the debug switch and checked the event log? If so, can you share?
        • This issue may be of interest: https://github.com/FusionAuth/fusionauth-issues/issues/1077

        --
        FusionAuth - Auth for devs, built by devs.
        https://fusionauth.io

        1 Reply Last reply Reply Quote 0
        • First post
          Last post