Error: @Address is invalid
If the following error is shown in the browser window:
| Code Block | ||
|---|---|---|
| ||
Ubisecure.SAML2.Core.ValidationException SubjectConfirmationData/@Address is invalid. Value: xxx.xxx.xxx.xxx |
This indicates that the IIS server is not sending the matching host address. When using IIS with multiple virtual hosts, the Host Headers values must be set correctly. In IIS7.5, host headers are known as 'bindings'. Set host headers / bindings to match the hostname of the address used in Listing 1 at SAML SP for ASP.NET service provider configuration.
Configuration for IIS5 is shown in Figure 1 and Figure 2. Configuration for IIS7 is shown in Figure 3 and Figure 4.
|
|---|
Figure 1. IIS6 Multiple Web Site Configuration |
|
|---|
| Figure 2. IIS6 Host Header Name Confiiguration |
|
|---|
| Figure 3. IIS7.5 Bindings |
|
|---|
| Figure 4. IIS7.5 Host Name Binding Confiiguration |
404 Not Found Error: "spsso.ashx?ReturnUrl=<return url>"
If this error is shown in the browser window when redirection happens from application to SSO, it might be that you are using SAML SP for ASP.NET with an ASP.NET MVC application.
You need to create empty file named spsso.ashx into your MVC application folder.
Also to open access to myWebAppURL/spsso.ashx/saml2/metadata.xml you need update routing configuration of the application by adding for example:
| Code Block | ||
|---|---|---|
| ||
App_Start/RouteConfig.cs file
routes.Ignore("spsso.ashx/{*pathInfo}"); |
Insert the line at the beginning of the RegisterRoutes method. Example code for the method looks like this
| Code Block | ||
|---|---|---|
| ||
public static void RegisterRoutes(RouteCollection routes)
{
routes.Ignore("spsso.ashx/{*pathInfo}");
routes.IgnoreRoute("{resource}.axd/{*pathInfo}");
.... |