FusionAuth
    • Home
    • Categories
    • Recent
    • Popular
    • Pricing
    • Contact us
    • Docs
    • Login
    1. Home
    2. tw
    T
    • Profile
    • Following 0
    • Followers 0
    • Topics 1
    • Posts 2
    • Best 1
    • Controversial 0
    • Groups 0

    tw

    @tw

    1
    Reputation
    1
    Profile views
    2
    Posts
    0
    Followers
    0
    Following
    Joined Last Online
    tw Unfollow Follow

    Best posts made by tw

    • SAML IDP - message.State is null or empty

      We are setting up Google as an SAML v2 IdP initiated identity provider, the setup is working fine, and the SAML exchange is working & authenticated into FusionAuth.

      Our API gateway (dotnet) is integrated into our FusionAuth via OIDC & when it redirects, it contains the code but is missing the state parameter (which i understand happens in a SAML IdP workflow, after reading the comments on github).

      The redirect back to our gateway for example is:

      /signin-oidc?code=j6rOnUBViLU1kR5UA2eKK_UTzc-cO2auei53TJU9X8g&locale=en_US&userState=Authenticated

      Our gateway throws the error:

      OpenIdConnectAuthenticationHandler: message.State is null or empty.

      We have tried to disable state validation (not ideal), but that does not work.

      options.ProtocolValidator.RequireState = false;
options.ProtocolValidator.RequireStateValidation = false;

      You can see that Auth0 provides a hacky workflow in thier
      documentation

      Just wondering how I can get this to work? Any ideas?

      posted in Q&A
      T
      tw

    Latest posts made by tw

    • RE: SAML IDP - message.State is null or empty

      @dan figured out a workaround based of the auth0 documentation.

      I have added a new route in our API gateway as the callback url in fusionauth. This is the RelayState (or redirect_uri with the acs) that we are providing for our IdP providers.

      The route for example is now:

      /signin-saml-oidc?code=j6rOnUBViLU1kR5UA2eKK_UTzc-cO2auei53TJU9X8g&locale=en_US&userState=Authenticated

      Which we just issue a ChallengeAsync which then redirects back to fusionauth and then redirects back to signin-oidc with the code and state parameter.

      await this.HttpContext.ChallengeAsync()

      Obviously this isn't ideal & add's another redirect in the flow, but it works as the user is authenticated in FusionAuth & our gateway is triggered the challenge (so generating the state)

      FusionAuth Version: 1.44.0

      posted in Q&A
      T
      tw
    • SAML IDP - message.State is null or empty

      We are setting up Google as an SAML v2 IdP initiated identity provider, the setup is working fine, and the SAML exchange is working & authenticated into FusionAuth.

      Our API gateway (dotnet) is integrated into our FusionAuth via OIDC & when it redirects, it contains the code but is missing the state parameter (which i understand happens in a SAML IdP workflow, after reading the comments on github).

      The redirect back to our gateway for example is:

      /signin-oidc?code=j6rOnUBViLU1kR5UA2eKK_UTzc-cO2auei53TJU9X8g&locale=en_US&userState=Authenticated

      Our gateway throws the error:

      OpenIdConnectAuthenticationHandler: message.State is null or empty.

      We have tried to disable state validation (not ideal), but that does not work.

      options.ProtocolValidator.RequireState = false;
options.ProtocolValidator.RequireStateValidation = false;

      You can see that Auth0 provides a hacky workflow in thier
      documentation

      Just wondering how I can get this to work? Any ideas?

      posted in Q&A
      T
      tw