2

I'm trying to dynamically add a SAML2 authentication scheme using IAuthenticationSchemeProvider in ASP.NET Core and the Sustainsys.Saml2 library:

schemeProvider.AddScheme(new AuthenticationScheme("myAuthScheme", "myAuthScheme", typeof(Saml2Handler)));

Along with the scheme, I need to configure the Saml2Options that go along with it. I'm attempting to do this using IOptionsMonitorCache<Saml2Options> like so:

samlOptionsCache.TryAdd("myAuthScheme", options);

When I then attempt to authenticate using this scheme, I get the following error:

NullReferenceException: Object reference not set to an instance of an object. Sustainsys.Saml2.WebSso.Saml2Urls..ctor(HttpRequestData request, IOptions options) Sustainsys.Saml2.WebSso.SignInCommand.Run(EntityId idpEntityId, string returnPath, HttpRequestData request, IOptions options, IDictionary relayData) Sustainsys.Saml2.AspNetCore2.Saml2Handler.ChallengeAsync(AuthenticationProperties properties)

So it looks like the properties are never being linked with the scheme.

I'm not sure that I'm going down the correct path with this. Is it possible to dynamically register a scheme in this way?

Robert Dougan
  • 307
  • 5
  • 16

1 Answers1

3

It turns out it was the just the logger that wasn't instantiated, all the other options were fine. I solved this by adding...

options.SPOptions.Logger = new AspNetCoreLoggerAdapter(loggerFactory.CreateLogger<Saml2Handler>());

...when I set up the options.

loggerFactory refers to an injected instance of Microsoft.Extensions.Logging.ILoggerFactory.

Robert Dougan
  • 307
  • 5
  • 16
  • 1
    Nice catch. The reason this doesn't work automatically is that the Saml2 `IPostConfigureOptions` is not wired up when you call `AddScheme` yourself instead of relying on the supplied `AddSaml2` method. – Anders Abel Feb 25 '19 at 20:44