I'm getting the following exception while trying to read the SAML assertion using ITfoxtec Identity SAML2 MVC Core package v4.10.7 in an ASP.NET core 3.1 application:
IDX13102: Exception thrown while reading 'AuthnContext' for Saml2SecurityToken. IDX10000: The parameter 'value' cannot be a 'null' or an empty object. (Parameter 'value')
The error occurs while trying to read the SAML response (3rd line below) in ACS:
var binding = new Saml2PostBinding();
var saml2AuthnResponse = new Saml2AuthnResponse(config);
binding.ReadSamlResponse(Request.ToGenericHttpRequest(), saml2AuthnResponse);
I tried using the SAML Tracer for Chrome and the SAML response appears to be coming OK there even as I saw the 500 Internal Server error.
I'm not sure what value is null in AuthContext. Here's my AuthContext from the SAML tracer:
<saml2:AuthnStatement
xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"
AuthnInstant="2024-01-05T20:20:08.069Z"
SessionIndex="REDACTED"
>
<saml2:AuthnContext>
<saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
</saml2:AuthnContext>
</saml2:AuthnStatement>
I tried playing around with the Saml2 config, but can't make it work. Currently, my Saml2 config looks like this:
"Saml2": {
"IdPMetadata": "https://dish.okta.com/app/REDACTED/sso/saml/metadata",
"Issuer": "http://www.okta.com/REDACTED",
"SignatureAlgorithm": "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256",
"CertificateValidationMode": "ChainTrust",
"RevocationMode": "NoCheck",
"SigningCertificateFile": "okta.cer"
}
I'm stuck. Please help!