I am using the ITfoxtec Identity SAML 2.0
library with .Net 7 project to connect to a SAML 2.0 IdP.
I tested it first using Okta SAML and it worked great!
However, when I try another SAML 2.0 IdP that uses SAML 2.0 and shibboleth, I am getting the following error:
Error: UnableToDecode
400 Bad Request
https://physics.lab.xxx.edu/idp/profile/Shibboleth/SSO?SAMLRequest=
kjrtgtboMwDIZfBeUOCSmDNgKkar1U2rRpTDvsMgUwIhIkWWykPf7Sbof1sqNtff79uUa9
LtKr40azfYHPDZCSr3WxqH4mDduCVU6jQWX1Cqhoo96nrg16TCgfHLnBLewv8z%2BiES
GQcZYl51PDPnKYoNqLPp32UqSFFHnaT9UuHcShlGN5EJwhtrIGASPTsLgigogbnC2Sth
RbQso0l6koX%2bhuyt3dlZncHd5Zcoo2xupLWsNmIo%2BKcx8v8C5Q5g1RBuPGzeh5NJ
nMArybTd%2B7BWjmXffE2vqqpK6JoX2OyMXk3lkLA7lQ85v5b3n7z%2FYbAAD%2F%2Fw
MA&RelayState=ReturnUrl%3D%252F
When I step through my app in Visual Studio, it errors out at the end of this controller login method:
[Route("Login")]
public IActionResult Login(string returnUrl = null)
{
var binding = new Saml2RedirectBinding();
binding.SetRelayStateQuery(new Dictionary<string, string> { { relayStateReturnUrl, returnUrl ?? Url.Content("~/") } });
return binding.Bind(new Saml2AuthnRequest(config)).ToActionResult();
}
This is the metadata used by my app:
appsettings.json:
"Saml2": {
"IdPMetadata": "https://physics.lab.xxx.edu/idp/shibboleth",
"Issuer": "SSOLoginApp",
"SignatureAlgorithm": "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256",
"CertificateValidationMode": "None",
"RevocationMode": "NoCheck"
}
The only thing I can think of is it maybe because this IdP uses shibboleth
?
Decoded SAML 2.0:
<saml2p:AuthnRequest xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"
xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"
ID="_2efe780b-f120-4201-bf73-c0962d690701" Version="2.0"
IssueInstant="2022-12-06T16:42:56.239Z"
Destination="https://physics.lab.xxx.edu/idp/profile/Shibboleth/SSO">
<saml2:Issuer>LabLoginApp</saml2:Issuer>
</saml2p:AuthnRequest>
Maybe the IdP expect you to use a PostBinding?
I can't decode the SAMLRequest you are sending either
Try to decode on https://www.foxids.com/tools/Saml