1

I restarted SAML Application pool then try to login through SAML and i get a error message for the first time, but from 2nd time it works fine. In meanwhile, First IDP initiated SSO fails after the SAML application pool is restarted (subsequent SSOs ones are Ok)

I expect, First IDP initiated SSO should not failed after the SAML application pool is restarted.

EDITED

The IdP we're testing with is Okta.

Assertions are encrypted and decryption certificate is loaded at the first attempt but it seems it's unable to decrypt message.

As further attempts works with no issues, I mainly focused on decryption part but no luck.

Please find the exception message below:

ITfoxtec.Identity.Saml2.Saml2RequestException: There is not exactly one Assertion element. Maybe the response is encrypted (set the Saml2Configuration.DecryptionCertificate). at ITfoxtec.Identity.Saml2.Saml2AuthnResponse.GetAssertionElementReference() at ITfoxtec.Identity.Saml2.Saml2AuthnResponse.GetAssertionElement() at ITfoxtec.Identity.Saml2.Saml2AuthnResponse.Read(String xml, Boolean validate, Boolean detectReplayedTokens) at ITfoxtec.Identity.Saml2.Saml2PostBinding.Read(HttpRequest request, Saml2Request saml2RequestResponse, String messageName, Boolean validate, Boolean detectReplayedTokens) at ITfoxtec.Identity.Saml2.Saml2Binding1.ReadSamlResponse(HttpRequest request, Saml2Response saml2Response) at HBCS.Service.SAML.Controllers.AuthController.AssertionConsumerService() at Microsoft.AspNetCore.Mvc.Infrastructure.ActionMethodExecutor.TaskOfIActionResultExecutor.Execute(IActionResultTypeMapper mapper, ObjectMethodExecutor executor, Object controller, Object[] arguments) at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.<InvokeActionMethodAsync>g__Awaited|12_0(ControllerActionInvoker invoker, ValueTask1 actionResultValueTask) at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.g__Awaited|10_0(ControllerActionInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted) at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.Rethrow(ActionExecutedContextSealed context) at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted) at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.InvokeInnerFilterAsync() --- End of stack trace from previous location --- at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.g__Awaited|25_0(ResourceInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted) at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.Rethrow(ResourceExecutedContextSealed context) at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted) at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.InvokeFilterPipelineAsync() --- End of stack trace from previous location --- at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.g__Awaited|17_0(ResourceInvoker invoker, Task task, IDisposable scope) at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.g__Awaited|17_0(ResourceInvoker invoker, Task task, IDisposable scope) at Microsoft.AspNetCore.Routing.EndpointMiddleware.g__AwaitRequestTask|6_0(Endpoint endpoint, Task requestTask, ILogger logger) at Serilog.AspNetCore.RequestLoggingMiddleware.Invoke(HttpContext httpContext) 2023-06-19 19:50:18Z [Error] [HBCS.Service.SAML.Middleware.ErrorHandlingMiddleware] [] Exception[0b1c0c8d44294e4088cde09534d15fb4] Detailed Exception Report: 2023-06-19 19:50:18Z [Error] [HBCS.Service.SAML.Middleware.ErrorHandlingMiddleware] [] ThreadId :29,ReferenceId:0b1c0c8d44294e4088cde09534d15fb4 Exception stack: at ITfoxtec.Identity.Saml2.Saml2AuthnResponse.GetAssertionElementReference() 2023-06-19 19:50:18Z [Error] [HBCS.Service.SAML.Middleware.ErrorHandlingMiddleware] [] Exception[0b1c0c8d44294e4088cde09534d15fb4] stack[22]: " at ITfoxtec.Identity.Saml2.Saml2AuthnResponse.GetAssertionElementReference()" 2023-06-19 19:50:18Z [Error] [HBCS.Service.SAML.Middleware.ErrorHandlingMiddleware] [] ThreadId :29,ReferenceId:0b1c0c8d44294e4088cde09534d15fb4 Exception stack: at ITfoxtec.Identity.Saml2.Saml2AuthnResponse.GetAssertionElement() 2023-06-19 19:50:18Z [Error] [HBCS.Service.SAML.Middleware.ErrorHandlingMiddleware] [] Exception[0b1c0c8d44294e4088cde09534d15fb4] stack[21]: " at ITfoxtec.Identity.Saml2.Saml2AuthnResponse.GetAssertionElement()" 2023-06-19 19:50:18Z [Error] [HBCS.Service.SAML.Middleware.ErrorHandlingMiddleware] [] ThreadId :29,ReferenceId:0b1c0c8d44294e4088cde09534d15fb4 Exception stack: at ITfoxtec.Identity.Saml2.Saml2AuthnResponse.Read(String xml, Boolean validate, Boolean detectReplayedTokens) 2023-06-19 19:50:18Z [Error] [HBCS.Service.SAML.Middleware.ErrorHandlingMiddleware] [] Exception[0b1c0c8d44294e4088cde09534d15fb4] stack[20]: " at ITfoxtec.Identity.Saml2.Saml2AuthnResponse.Read(String xml, Boolean validate, Boolean detectReplayedTokens)" 2023-06-19 19:50:18Z [Error] [HBCS.Service.SAML.Middleware.ErrorHandlingMiddleware] [] ThreadId :29,ReferenceId:0b1c0c8d44294e4088cde09534d15fb4 Exception stack: at ITfoxtec.Identity.Saml2.Saml2PostBinding.Read(HttpRequest request, Saml2Request saml2RequestResponse, String messageName, Boolean validate, Boolean detectReplayedTokens) 2023-06-19 19:50:18Z [Error] [HBCS.Service.SAML.Middleware.ErrorHandlingMiddleware] [] Exception[0b1c0c8d44294e4088cde09534d15fb4] stack[19]: " at ITfoxtec.Identity.Saml2.Saml2PostBinding.Read(HttpRequest request, Saml2Request saml2RequestResponse, String messageName, Boolean validate, Boolean detectReplayedTokens)" 2023-06-19 19:50:18Z [Error] [HBCS.Service.SAML.Middleware.ErrorHandlingMiddleware] [] ThreadId :29,ReferenceId:0b1c0c8d44294e4088cde09534d15fb4 Exception stack: at ITfoxtec.Identity.Saml2.Saml2Binding1.ReadSamlResponse(HttpRequest request, Saml2Response saml2Response) 2023-06-19 19:50:18Z [Error] [HBCS.Service.SAML.Middleware.ErrorHandlingMiddleware] [] Exception[0b1c0c8d44294e4088cde09534d15fb4] stack[18]: " at ITfoxtec.Identity.Saml2.Saml2Binding1.ReadSamlResponse(HttpRequest request, Saml2Response saml2Response)" 2023-06-19 19:50:18Z [Error] [HBCS.Service.SAML.Middleware.ErrorHandlingMiddleware] [] ThreadId :29,ReferenceId:0b1c0c8d44294e4088cde09534d15fb4 Exception stack: at HBCS.Service.SAML.Controllers.AuthController.AssertionConsumerService() 2023-06-19 19:50:18Z [Error] [HBCS.Service.SAML.Middleware.ErrorHandlingMiddleware] [] Exception[0b1c0c8d44294e4088cde09534d15fb4] stack[17]: " at HBCS.Service.SAML.Controllers.AuthController.AssertionConsumerService()" 2023-06-19 19:50:18Z [Error] [HBCS.Service.SAML.Middleware.ErrorHandlingMiddleware] [] ThreadId :29,ReferenceId:0b1c0c8d44294e4088cde09534d15fb4 Exception stack: at Microsoft.AspNetCore.Mvc.Infrastructure.ActionMethodExecutor.TaskOfIActionResultExecutor.Execute(IActionResultTypeMapper mapper, ObjectMethodExecutor executor, Object controller, Object[] arguments) 2023-06-19 19:50:18Z [Error] [HBCS.Service.SAML.Middleware.ErrorHandlingMiddleware] [] Exception[0b1c0c8d44294e4088cde09534d15fb4] stack[16]: " at Microsoft.AspNetCore.Mvc.Infrastructure.ActionMethodExecutor.TaskOfIActionResultExecutor.Execute(IActionResultTypeMapper mapper, ObjectMethodExecutor executor, Object controller, Object[] arguments)" 2023-06-19 19:50:18Z [Error] [HBCS.Service.SAML.Middleware.ErrorHandlingMiddleware] [] ThreadId :29,ReferenceId:0b1c0c8d44294e4088cde09534d15fb4 Exception stack: at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.g__Awaited|12_0(ControllerActionInvoker invoker, ValueTask1 actionResultValueTask) 2023-06-19 19:50:18Z [Error] [HBCS.Service.SAML.Middleware.ErrorHandlingMiddleware] [] Exception[0b1c0c8d44294e4088cde09534d15fb4] stack[15]: " at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.<InvokeActionMethodAsync>g__Awaited|12_0(ControllerActionInvoker invoker, ValueTask1 actionResultValueTask)" 2023-06-19 19:50:18Z [Error] [HBCS.Service.SAML.Middleware.ErrorHandlingMiddleware] [] ThreadId :29,ReferenceId:0b1c0c8d44294e4088cde09534d15fb4 Exception stack: at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.g__Awaited|10_0(ControllerActionInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted) 2023-06-19 19:50:18Z [Error] [HBCS.Service.SAML.Middleware.ErrorHandlingMiddleware] [] Exception[0b1c0c8d44294e4088cde09534d15fb4] stack[14]: " at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.g__Awaited|10_0(ControllerActionInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)" 2023-06-19 19:50:18Z [Error] [HBCS.Service.SAML.Middleware.ErrorHandlingMiddleware] [] ThreadId :29,ReferenceId:0b1c0c8d44294e4088cde09534d15fb4 Exception stack: at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.Rethrow(ActionExecutedContextSealed context) 2023-06-19 19:50:18Z [Error] [HBCS.Service.SAML.Middleware.ErrorHandlingMiddleware] [] Exception[0b1c0c8d44294e4088cde09534d15fb4] stack[13]: " at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.Rethrow(ActionExecutedContextSealed context)" 2023-06-19 19:50:18Z [Error] [HBCS.Service.SAML.Middleware.ErrorHandlingMiddleware] [] ThreadId :29,ReferenceId:0b1c0c8d44294e4088cde09534d15fb4 Exception stack: at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted) 2023-06-19 19:50:18Z [Error] [HBCS.Service.SAML.Middleware.ErrorHandlingMiddleware] [] Exception[0b1c0c8d44294e4088cde09534d15fb4] stack[12]: " at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted)" 2023-06-19 19:50:18Z [Error] [HBCS.Service.SAML.Middleware.ErrorHandlingMiddleware] [] ThreadId :29,ReferenceId:0b1c0c8d44294e4088cde09534d15fb4 Exception stack: at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.InvokeInnerFilterAsync() 2023-06-19 19:50:18Z [Error] [HBCS.Service.SAML.Middleware.ErrorHandlingMiddleware] [] Exception[0b1c0c8d44294e4088cde09534d15fb4] stack[11]: " at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.InvokeInnerFilterAsync()" 2023-06-19 19:50:18Z [Error] [HBCS.Service.SAML.Middleware.ErrorHandlingMiddleware] [] ThreadId :29,ReferenceId:0b1c0c8d44294e4088cde09534d15fb4 Exception stack: --- End of stack trace from previous location --- 2023-06-19 19:50:18Z [Error] [HBCS.Service.SAML.Middleware.ErrorHandlingMiddleware] [] Exception[0b1c0c8d44294e4088cde09534d15fb4] stack[10]: " --- End of stack trace from previous location ---" 2023-06-19 19:50:18Z [Error] [HBCS.Service.SAML.Middleware.ErrorHandlingMiddleware] [] ThreadId :29,ReferenceId:0b1c0c8d44294e4088cde09534d15fb4 Exception stack: at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.g__Awaited|25_0(ResourceInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted) 2023-06-19 19:50:18Z [Error] [HBCS.Service.SAML.Middleware.ErrorHandlingMiddleware] [] Exception[0b1c0c8d44294e4088cde09534d15fb4] stack[09]: " at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.g__Awaited|25_0(ResourceInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)" 2023-06-19 19:50:18Z [Error] [HBCS.Service.SAML.Middleware.ErrorHandlingMiddleware] [] ThreadId :29,ReferenceId:0b1c0c8d44294e4088cde09534d15fb4 Exception stack: at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.Rethrow(ResourceExecutedContextSealed context) 2023-06-19 19:50:18Z [Error] [HBCS.Service.SAML.Middleware.ErrorHandlingMiddleware] [] Exception[0b1c0c8d44294e4088cde09534d15fb4] stack[08]: " at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.Rethrow(ResourceExecutedContextSealed context)" 2023-06-19 19:50:18Z [Error] [HBCS.Service.SAML.Middleware.ErrorHandlingMiddleware] [] ThreadId :29,ReferenceId:0b1c0c8d44294e4088cde09534d15fb4 Exception stack: at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted) 2023-06-19 19:50:18Z [Error] [HBCS.Service.SAML.Middleware.ErrorHandlingMiddleware] [] Exception[0b1c0c8d44294e4088cde09534d15fb4] stack[07]: " at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted)" 2023-06-19 19:50:18Z [Error] [HBCS.Service.SAML.Middleware.ErrorHandlingMiddleware] [] ThreadId :29,ReferenceId:0b1c0c8d44294e4088cde09534d15fb4 Exception stack: at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.InvokeFilterPipelineAsync() 2023-06-19 19:50:18Z [Error] [HBCS.Service.SAML.Middleware.ErrorHandlingMiddleware] [] Exception[0b1c0c8d44294e4088cde09534d15fb4] stack[06]: " at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.InvokeFilterPipelineAsync()" 2023-06-19 19:50:18Z [Error] [HBCS.Service.SAML.Middleware.ErrorHandlingMiddleware] [] ThreadId :29,ReferenceId:0b1c0c8d44294e4088cde09534d15fb4 Exception stack: --- End of stack trace from previous location --- 2023-06-19 19:50:18Z [Error] [HBCS.Service.SAML.Middleware.ErrorHandlingMiddleware] [] Exception[0b1c0c8d44294e4088cde09534d15fb4] stack[05]: " --- End of stack trace from previous location ---" 2023-06-19 19:50:18Z [Error] [HBCS.Service.SAML.Middleware.ErrorHandlingMiddleware] [] ThreadId :29,ReferenceId:0b1c0c8d44294e4088cde09534d15fb4 Exception stack: at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.g__Awaited|17_0(ResourceInvoker invoker, Task task, IDisposable scope) 2023-06-19 19:50:18Z [Error] [HBCS.Service.SAML.Middleware.ErrorHandlingMiddleware] [] Exception[0b1c0c8d44294e4088cde09534d15fb4] stack[04]: " at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.g__Awaited|17_0(ResourceInvoker invoker, Task task, IDisposable scope)" 2023-06-19 19:50:18Z [Error] [HBCS.Service.SAML.Middleware.ErrorHandlingMiddleware] [] ThreadId :29,ReferenceId:0b1c0c8d44294e4088cde09534d15fb4 Exception stack: at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.g__Awaited|17_0(ResourceInvoker invoker, Task task, IDisposable scope) 2023-06-19 19:50:18Z [Error] [HBCS.Service.SAML.Middleware.ErrorHandlingMiddleware] [] Exception[0b1c0c8d44294e4088cde09534d15fb4] stack[03]: " at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.g__Awaited|17_0(ResourceInvoker invoker, Task task, IDisposable scope)" 2023-06-19 19:50:18Z [Error] [HBCS.Service.SAML.Middleware.ErrorHandlingMiddleware] [] ThreadId :29,ReferenceId:0b1c0c8d44294e4088cde09534d15fb4 Exception stack: at Microsoft.AspNetCore.Routing.EndpointMiddleware.g__AwaitRequestTask|6_0(Endpoint endpoint, Task requestTask, ILogger logger) 2023-06-19 19:50:18Z [Error] [HBCS.Service.SAML.Middleware.ErrorHandlingMiddleware] [] Exception[0b1c0c8d44294e4088cde09534d15fb4] stack[02]: " at Microsoft.AspNetCore.Routing.EndpointMiddleware.g__AwaitRequestTask|6_0(Endpoint endpoint, Task requestTask, ILogger logger)" 2023-06-19 19:50:18Z [Error] [HBCS.Service.SAML.Middleware.ErrorHandlingMiddleware] [] ThreadId :29,ReferenceId:0b1c0c8d44294e4088cde09534d15fb4 Exception stack: at Serilog.AspNetCore.RequestLoggingMiddleware.Invoke(HttpContext httpContext) 2023-06-19 19:50:18Z [Error] [HBCS.Service.SAML.Middleware.ErrorHandlingMiddleware] [] Exception[0b1c0c8d44294e4088cde09534d15fb4] stack[01]: " at Serilog.AspNetCore.RequestLoggingMiddleware.Invoke(HttpContext httpContext)" 2023-06-19 19:50:18Z [Error] [HBCS.Service.SAML.Middleware.ErrorHandlingMiddleware] [] ThreadId :29,ReferenceId:0b1c0c8d44294e4088cde09534d15fb4 Exception stack: at HBCS.Service.SAML.Middleware.ErrorHandlingMiddleware.Invoke(HttpContext httpContext) 2023-06-19 19:50:18Z [Error] [HBCS.Service.SAML.Middleware.ErrorHandlingMiddleware] [] Exception[0b1c0c8d44294e4088cde09534d15fb4] stack[00]: " at HBCS.Service.SAML.Middleware.ErrorHandlingMiddleware.Invoke(HttpContext httpContext)" 2023-06-19 19:50:18Z [Error] [HBCS.Service.SAML.Middleware.ErrorHandlingMiddleware] [] Exception[0b1c0c8d44294e4088cde09534d15fb4] data[0, ITfoxtec.Identity.Saml2.Saml2RequestException]: "There is not exactly one Assertion element. Maybe the response is encrypted (set the Saml2Configuration.DecryptionCertificate)." 2023-06-19 19:50:18Z [Information] [HBCS.Service.SAML.Middleware.ErrorHandlingMiddleware] []

Anders Revsgaard
  • 3,636
  • 1
  • 9
  • 25
Nazmus Sakib
  • 11
  • 2

1 Answers1

0

It should not fail. I have not hird of this error before. Pleases add som exception details if possible.

Can it be a metadata time out issue? The IdP sample has a short timeput.

EDITED

For some reason, your application is trying to read the SAML authn response before the encrypted/decryption certificate has been set on the property.

How does your loading code look like? Is the Okta IdP metadata loaded online or from a file?

Anders Revsgaard
  • 3,636
  • 1
  • 9
  • 25