SAML SP for ASP.NET troubleshooting - SSO
Error: @Address is invalid
If the following error is shown in the browser window:
Ubisecure.SAML2.Core.ValidationException SubjectConfirmationData/@Address is invalid. Value: xxx.xxx.xxx.xxx
This indicates that the IIS server is not sending the matching host address. When using IIS with multiple virtual hosts, the Host Headers values must be set correctly. In IIS7.5, host headers are known as 'bindings'. Set host headers / bindings to match the hostname of the address used in Listing 1 at SAML SP for ASP.NET service provider configuration - SSO.
Configuration for IIS5 is shown in Figure 1 and Figure 2. Configuration for IIS7 is shown in Figure 3 and Figure 4.
Figure 1. IIS6 Multiple Web Site Configuration |
Figure 2. IIS6 Host Header Name Confiiguration |
Figure 3. IIS7.5 Bindings |
Figure 4. IIS7.5 Host Name Binding Confiiguration |
404 Not Found Error: "spsso.ashx?ReturnUrl=<return url>"
If this error is shown in the browser window when redirection happens from application to SSO, it might be that you are using SAML SP for ASP.NET with an ASP.NET MVC application.
You need to create empty file named spsso.ashx
into your MVC application folder.
Also to open access to myWebAppURL/spsso.ashx/saml2/metadata.xml
you need update routing configuration of the application by adding for example:
App_Start/RouteConfig.cs file routes.Ignore("spsso.ashx/{*pathInfo}");
Insert the line at the beginning of the RegisterRoutes
method. Example code for the method looks like this
public static void RegisterRoutes(RouteCollection routes) { routes.Ignore("spsso.ashx/{*pathInfo}"); routes.IgnoreRoute("{resource}.axd/{*pathInfo}"); ....