DEVHIDE
Login Or Sign up

MVC 5 Kentor Auth with Okta not working when cookies are cleared

497 Views Asked by At

I have implemented SAML auth support for Okta by following the instructions mentioned on this page https://github.com/Sustainsys/Saml2/blob/master/docs/OwinMiddleware.md.

The very first time someone clicks on the tile in Okta which opens my app, the authentication does not work. Specifically the AuthenticationManager.GetExternalLoginInfoAsync() call from my ExternalLoginCallback function returns null.

When the user clicks the tile for the second time everything works as expected.

I can consistently reproduce the issue by clearing all cookies from browser for my web application and then trying to login from Okta. The first time it always fails, second time it works.

So far, I have narrowed it down to 1 cookie: ASP.NET_SessionId. If I delete this cookie and try to login it fails.

My ExternalLoginCallback method looks pretty standard:

// GET: /Account/ExternalLoginCallback
[AllowAnonymous]
public async Task<ActionResult> ExternalLoginCallback(string returnUrl)
{
    var loginInfo = await AuthenticationManager.GetExternalLoginInfoAsync();
    if (loginInfo == null)
    {
        return RedirectToAction("Login");
    }

    // Sign in the user with this external login provider if the user already has a login
    var result = await SignInManager.ExternalSignInAsync(loginInfo, isPersistent: false);
    switch (result)
    {
        case SignInStatus.Success:
            return RedirectToLocal(returnUrl);
        case SignInStatus.LockedOut:
            return View("Lockout");
        case SignInStatus.RequiresVerification:
            return RedirectToAction("SendCode", new { ReturnUrl = returnUrl, RememberMe = false });
        case SignInStatus.Failure:
        default:
            // If the user does not have an account, then prompt the user to create an account
            ViewBag.ReturnUrl = returnUrl;
            ViewBag.LoginProvider = loginInfo.Login.LoginProvider;
            return View("ExternalLoginConfirmation", new ExternalLoginConfirmationViewModel { Email = loginInfo.Email });
    }
}

What am I missing here?

Note: I tried the same steps of clearing cookies with the SampleOwinApplication app that comes with Kentor Auth Services. And this app works in all cases (even after clearing the cookies)

asp.net-mvc authentication saml-2.0 kentor-authservices
Original Q&A
1

There are 1 best solutions below

0
xdev On BEST ANSWER

Answering my own question: it turned out to be the cookie monster issue described at https://coding.abel.nu/2014/11/catching-the-system-webowin-cookie-monster/

Just added the following code to Startup.Auth.cs and that fixed the issue.

app.UseKentorOwinCookieSaver();

Related Questions in ASP.NET-MVC

Related Questions in AUTHENTICATION

Related Questions in SAML-2.0

Related Questions in KENTOR-AUTHSERVICES

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs

Popular Questions

.

Copyright © 2021 Jogjafile Inc.