0

I have an old .Net Framework 4.7.2 application which is using Sustainsys and Sustainsys.Saml.Mvc (version 2.9.2) to perform authentication via SAML.

The configuration is set in the web.config, following the instructions outlined in the documentation: https://saml2.sustainsys.com/en/v2/configuration.html

When I deploy the application to my test environment it works great. It authenticates with the IDP using SAML and goes on.

When I deploy the application to my production environment, the application does not throw any errors, but it also does not attempt to call the IDP via SAML. What I mean by this is that there is never any HTTP call to the IDP with the SAML request like I would expect. Instead it goes straight into another block of code where it tries to check the Claims on the Claims Principal and promptly errors because there are not any claims.

If I run the application locally, it also attempts to make the call to the IDP using SAML.

I've done a diff of the web.config for the test environment vs the transformed web.config for production. and I was unable to find anything unusual.

It feels to me like something is going wrong in the production environment that is preventing the Sustainsys code from being added to the middleware/pipeline, but that is just a suspicion.

I've been trying to look around in IIS to see if there might be something misconfigured on production that is causing the issue, but I haven't see anything yet.

Does anyone have any ideas or suggestions as to what might be causing the issue?

Improve this question
3
  • the application does not throw any errors...Is there any log information to analyze the problem? Commented Oct 25, 2024 at 6:43
  • Logs are currently set to Information level. There are no logs written that reveal any additional detail about the problem. Turning the logs up to Verbose or Diagnostic is one action I could take. Commented Oct 28, 2024 at 12:18
  • You can also use failed request tracing to get relevant logs and analyze them. This may help you. Refer to this doc: learn.microsoft.com/en-us/troubleshoot/developer/webapps/iis/… Commented Oct 29, 2024 at 10:14

1 Answer 1

Reset to default
0

I was able to fix the issue. I don't know why this fixed it, but it did.

First I downgraded the following packages from 7.6.0 to 7.0.2:

  • Microsoft.IdentityModel.Tokens
  • Microsoft.IdentityModel.Abstractions
  • Microsoft.IdentityModel.JsonWebTokens
  • Microsoft.IdentityModel.Logging

That did not solve the issue on its own, but it is one action I took.

The key that seemed to solve it is that I removed the X-Frame-Options option from the web.config

<!-- Removed this -->    
<add name="X-Frame-Options" value="SAMEORIGIN" />

The X-Frame-Options tag was in

 <system.webServer>
    <httpProtocol>
    <!-- It was here -->
   </httpProtocol>
</system.webServer>

inside the web.config.

Taking those two actions made the site start and authenticate with SustainSys as expected.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.