0

I am currently facing an issue in my SAML implementation using ASP.NET Core 3.1. The SAML login works perfectly in both Chrome and Firefox, but it tells me the form submission is insecure if i try to do it within Safari.

Even when pressing continue it refuses to send the SAML Request to the server and i am getting the following error on the backend.

   Sustainsys.Saml2.Exceptions.NoSamlResponseFoundException: No Saml2 Response found in the http request.
   at Sustainsys.Saml2.WebSso.AcsCommand.Run(HttpRequestData request, IOptions options)
   at Sustainsys.Saml2.AspNetCore2.Saml2Handler.HandleRequestAsync()
   at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
   at Microsoft.AspNetCore.Builder.RouterMiddleware.Invoke(HttpContext httpContext)
   at Microsoft.AspNetCore.Session.SessionMiddleware.Invoke(HttpContext context)
   at Microsoft.AspNetCore.Session.SessionMiddleware.Invoke(HttpContext context)
   at Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware.<Invoke>g__Awaited|6_0(ExceptionHandlerMiddleware middleware, HttpContext context, Task task)

What i tried:

Setting the SAMESITE Cookie policy according based on this article:

https://devblogs.microsoft.com/aspnet/upcoming-samesite-cookie-changes-in-asp-net-and-asp-net-core/

Even though the Safari SAMESITE issue should be fixed in Mojave & IOS 10.13 i tried adding it to the exception rule but it did not fix my problem.

Louis Campbell
  • 61
  • 4
  • 1
    Issue is with SSL/TLS. Can be caused by lots of issues. See if this helps : https://stackoverflow.com/questions/22432616/why-is-the-browser-not-setting-cookies-after-an-ajax-request-returns – jdweng Jun 26 '20 at 15:24
  • Also this : https://nakedsecurity.sophos.com/2020/02/24/apple-chops-safaris-tls-certificate-validity-down-to-one-year/ and this : https://www.techwalla.com/articles/how-to-make-sure-the-ssl-tls-protocols-are-enabled and this : https://geekflare.com/enable-tls-1-3-in-browsers/ – jdweng Jun 26 '20 at 15:26

1 Answers1

0

For anyone coming across the issue in the future.

As mentioned by jdweng it was indeed caused by an SSL/TLS Issue.

SustainSys generates the metadata based on the protocol it was requested with. As our server uses a proxy to add SSL, ASP.NET was running in http mode for the request.

I set the public origin to to the https url in the ConfigureServices file which fixed the issue.

    services.AddSaml2(options =>
    {
      SPOptions ipOptions = options.SPOptions;
      ipOptions.PublicOrigin =
          new Uri(configuration["SAML2PSettings:PublicOrigin"]);
    }
Louis Campbell
  • 61
  • 4