Subject: Missing form variable SAMLResponse
Date: 2017-10-12 14:06:17
From: Michael Vines
Source: missing-form-variable-samlresponse
----------------------------------------------------------------------
Hi,
We are using component pro for our sso. One of our client is sending a saml request and we are getting error in our saml response creation. Can you please help asap.
FYI - Have masked secured information with XXXX
it fails in var samlResponse = ComponentPro.Saml2.Response.Create(HttpContext.Current.Request);
Saml redirection failed
Failed to convert saml message. at ComponentPro.Saml2.PostUtil.c_XOW(HttpRequest c_UQW, String c_RQW, String& c_MJW) at ComponentPro.Saml2.Response.CreateXml(HttpRequest httpRequest, String messageFormVariableName, String& relayState) at ComponentPro.Saml2.Response.Create(HttpRequest httpRequest) at InterventWebApp.SamlUtility.ExtractResponse(SSOProviderDto provider, Response& samlResponse, String& relayState) in SamlUtility.cs:line 91 at InterventWebApp.Controllers.SamlController.d__2.MoveNext() i
2017-10-11 16:41:21.064 Log file opened.
2017-10-11 16:41:24.768 VERBOSE (0)[9] : Form variable SAMLResponse=XXXXX
2017-10-11 16:41:24.768 VERBOSE (0)[9] : SAML message received in form variable 'SAMLResponse':
<samlp:Response ID="_dbfcf073-9984-475a-8133-c94e5b473251" Version="2.0" IssueInstant="2017-10-11T21:41:19.502Z" Destination="http://cde.com/saml/provider/test"
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"><saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">secure.client.com</saml:Issuer>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#"><SignedInfo><CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><Reference URI="#_dbfcf073-9984-475a-8133-c94e5b473251"><Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<InclusiveNamespaces PrefixList="#default samlp saml ds xs xsi" xmlns="http://www.w3.org/2001/10/xml-exc-c14n#" /></Transform></Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><DigestValue>BSBv5/IPJTKK2+IiYMs3Bt/jWZE=</DigestValue></Reference></SignedInfo>
<SignatureValue>XXX</SignatureValue>
<KeyInfo><X509Data><X509Certificate>XXX</X509Certificate></X509Data></KeyInfo></Signature>
<samlp:Status><samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /></samlp:Status>
<saml:Assertion Version="2.0" ID="_4f6d134d-6415-4e1f-b180-a1c7cc10ecc2" IssueInstant="2017-10-11T21:41:19.502Z" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"><saml:Issuer>
secure.client.com</saml:Issuer><saml:Subject><saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">60737415</saml:NameID>
<saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
<saml:SubjectConfirmationData NotOnOrAfter="2017-10-11T21:46:19.502Z" Recipient="http://cde.com/saml/provider/test" />
</saml:SubjectConfirmation></saml:Subject><saml:Conditions NotBefore="2017-10-11T21:36:19.502Z" NotOnOrAfter="2017-10-11T21:46:19.502Z"><saml:AudienceRestriction>
<saml:Audience>https://abc.com</saml:Audience></saml:AudienceRestriction></saml:Conditions><saml:AuthnStatement AuthnInstant="2017-10-11T21:41:19.502Z"><saml:AuthnContext>
<saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</saml:AuthnContextClassRef></saml:AuthnContext></saml:AuthnStatement><saml:AttributeStatement>
<saml:Attribute Name="givenname" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"><saml:AttributeValue>Wellness</saml:AttributeValue></saml:Attribute>
<saml:Attribute Name="surname" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"><saml:AttributeValue>Testing</saml:AttributeValue></saml:Attribute>
<saml:Attribute Name="birthdate" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"><saml:AttributeValue>8/2/1993 12:00:00 AM</saml:AttributeValue></saml:Attribute>
<saml:Attribute Name="uniqueid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"><saml:AttributeValue>60737415</saml:AttributeValue>
</saml:Attribute><saml:Attribute Name="email" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml:AttributeValue xsi:nil="true" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" /></saml:Attribute></saml:AttributeStatement></saml:Assertion></samlp:Response>
2017-10-11 16:41:24.768 VERBOSE (0)[9] : Missing form variable RelayState
2017-10-11 16:41:24.768 VERBOSE (0)[9] : SAML Response received over HTTP POST:
<samlp:Response ID="_dbfcf073-9984-475a-8133-c94e5b473251" Version="2.0" IssueInstant="2017-10-11T21:41:19.502Z" Destination="http://cde.com/saml/provider/test"
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"><saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">secure.client.com</saml:Issuer>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#"><SignedInfo><CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><Reference URI="#_dbfcf073-9984-475a-8133-c94e5b473251"><Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<InclusiveNamespaces PrefixList="#default samlp saml ds xs xsi" xmlns="http://www.w3.org/2001/10/xml-exc-c14n#" /></Transform></Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><DigestValue>BSBv5/IPJTKK2+IiYMs3Bt/jWZE=</DigestValue></Reference></SignedInfo>
<SignatureValue>XXX</SignatureValue>
<KeyInfo><X509Data><X509Certificate>XXX</X509Certificate></X509Data></KeyInfo></Signature>
<samlp:Status><samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /></samlp:Status>
<saml:Assertion Version="2.0" ID="_4f6d134d-6415-4e1f-b180-a1c7cc10ecc2" IssueInstant="2017-10-11T21:41:19.502Z" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"><saml:Issuer>
secure.client.com</saml:Issuer><saml:Subject><saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">60737415</saml:NameID>
<saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
<saml:SubjectConfirmationData NotOnOrAfter="2017-10-11T21:46:19.502Z" Recipient="http://cde.com/saml/provider/test" />
</saml:SubjectConfirmation></saml:Subject><saml:Conditions NotBefore="2017-10-11T21:36:19.502Z" NotOnOrAfter="2017-10-11T21:46:19.502Z"><saml:AudienceRestriction>
<saml:Audience>https://abc.com</saml:Audience></saml:AudienceRestriction></saml:Conditions><saml:AuthnStatement AuthnInstant="2017-10-11T21:41:19.502Z"><saml:AuthnContext>
<saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</saml:AuthnContextClassRef></saml:AuthnContext></saml:AuthnStatement><saml:AttributeStatement>
<saml:Attribute Name="givenname" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"><saml:AttributeValue>Wellness</saml:AttributeValue></saml:Attribute>
<saml:Attribute Name="surname" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"><saml:AttributeValue>Testing</saml:AttributeValue></saml:Attribute>
<saml:Attribute Name="birthdate" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"><saml:AttributeValue>8/2/1993 12:00:00 AM</saml:AttributeValue></saml:Attribute>
<saml:Attribute Name="uniqueid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"><saml:AttributeValue>60737415</saml:AttributeValue>
</saml:Attribute><saml:Attribute Name="email" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml:AttributeValue xsi:nil="true" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" /></saml:Attribute></saml:AttributeStatement></saml:Assertion></samlp:Response>, relayState:
2017-10-11 16:41:36.393 VERBOSE (0)[11] : Missing form variable SAMLResponse
Thanks
----------------------------------------------------------------------
Note: This question has been asked on the Q&A forum of Thang Dang's fraudulent ComponentPro brand
If you purchased anything from ComponentPro, you have been scammed. Contact the payment processor
who sold you the license and ask for your money back.
Back to ComponentPro Q&A Forum Index