Raj Raj - 1 month ago 11
ASP.NET (C#) Question

Kentor HTTPModule- ADFS Login SAMLResponse ERROR

In our ASP.Net project, I am using

Kentor.AuthServices.HTTPModule
and have configured ADFS.

Have given the SAML Assertion Consumer Binding as "redirect" and Trusted-URL as "ourSiteUrl".

After ADFS login is successful, it will redirect to
ourSiteURL/AuthServices/Acs?SAMLResponse=...
and it throws an Exception


Kentor.AuthServices.Exceptions.InvalidSignatureException: Cannot
verify signature of message from unknown sender
win-3obaenpbsol.dc10.inapp.com/adfs/services/trust.


What could be the reason for this issue?

Answer

The reason is that AuthServices does not recognize the Idp with entity id win-3obaenpbsol.dc10.inapp.com/adfs/services/trust.

I also see that you are using the Redirect binding when sending the response to AuthServices, which is not supported. That is a setting you need to change on the ADFS side.

To make configuration easier, please use metadata. AuthServices supports importing ADFS metadata and AuthServices generates metadata that ADFS can consume at ourSiteURL/AuthServices/.

Comments