I'm working on integrating SAML2 Single Sign-On (SSO) in my .NET 6 Blazor application using the Sustainsys.Saml2 library (Sustainsys.Saml2.AspNetCore2). I've set up OneLogin as my Identity Provider (IdP). However, I'm encountering an issue with the Assertion Consumer Service (ACS) URL: after successful authentication, OneLogin attempts to redirect to an IP address instead of the desired host URL. My application is running in a Kubernetes container behind a load balancer, and direct access to the IP is not feasible.
Here's an overview of what I've done:
- Configured SAML2 in Startup.cs with Sustainsys.Saml2.
- Set up the OneLogin application with the necessary SAML settings. I set the ACS (Consumer) URL Validator and the ACS (Consumer) URL to [host url]/smal2/acs
I'm unsure how to configure the ACS URL in my application to ensure the redirection after authentication.
Here's a snippet of my current configuration:
services.AddAuthentication(options =>
{
options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = "Saml2";
}).AddCookie()
.AddSaml2(options =>
{
options.SPOptions.EntityId = new EntityId(Configuration["SAML:OneLoginAppEntityID"]);
options.IdentityProviders.Add(
new IdentityProvider(
new EntityId(Configuration["SAML:OneLoginEntityID"]), options.SPOptions)
{
MetadataLocation = Configuration["SAML:OneLoginMetaURL"],
LoadMetadata = true
});
});
Questions:
How do I correctly configure the ACS URL in a .NET 6 Blazor (Server-side) application using the Sustainsys.Saml2 library to ensure that post-authentication redirection is to my host URL and not the IP address?
Is there a specific setting or approach in the Sustainsys.Saml2 configuration or OneLogin setup that I might be missing?
Any insights or guidance on configuring the ACS URL correctly in this scenario would be greatly appreciated!
Update::
I've discovered that the issue seems to be with my web application rather than with OneLogin. Upon further inspection, I found that OneLogin is correctly posting to the proper URL (https://---redirect-web-preview.k8s-dev.int.---/Saml2/Acs). However, my web application is then performing a 303 redirect to the internal IP address 10.2--------:5000.
This behavior suggests that the problem lies within my application or its configuration in the Kubernetes environment. Here's a screenshot that captures this behavior: 
I'm seeking insights into why my application might be redirecting to the internal IP instead of processing the SAML response as expected. Any suggestions or guidance on what could be causing this redirect within a .NET 6 Blazor application, especially in a Kubernetes setup, would be greatly appreciated.