ADFS reply aborts - asp.net-mvc-4

I am trying to setup ADFS for my MVC application.
my site is on https://mysites.domain:336/
When I login I am redirected to ADFS and can authenticate but when it returns me back to https://mysites.domain:336/
it send me to https://mysites.domain/ instead and the network traffic in the browser says that the request was aborted.
I have run out of ideas please help

I found the problem...It turns out that in the ADFS Relying Party properties The endpoint was configured without the portnumber

Related

When is the SAML logout callback invoked with Auth0 as the SAML IdP?

I have Auth0 as SAML IdP, connected to an AWS Cognito User Pool used as Service Provider (SP).
Login works fine, but I am having trouble getting Auth0's SAML logout callback to fire at all.
I've followed the guide found here: https://auth0.com/docs/authenticate/login/logout/log-users-out-of-saml-idps#configure-slo-when-auth0-is-the-saml-idp
So far, I have configured a random URL hosted in AWS API Gateway, set up to log all incoming data so I can investigate further usage and payload. I have yet to get any data within this log. FYI, I have tested the endpoint using other means and it is working properly, logging all requests.
Should that work?
Does it have to match the Application's allowed logout URLs for it to work?
Should it be triggered when I call my logout endpoint with client_id properly defined (https://<account>.auth0.com/v2/logout?federated&client_id=XXX)?
What am I missing?
Thanks in advance.
PS: Question originally posted at https://community.auth0.com/t/when-is-the-saml-logout-callback-invoked-with-auth0-as-the-saml-idp/94504

Negative SAML authentication response

I have an application that I need to do the authentication to an IDP (Azure) and if the authentication fails I want that the IDP to send back a response to my application that user is not authorise .the issue is that IDPs are not sending any information regarding the authentication failed and is just remaining on login screen.
Any ideas?
Best regards,
Mircea
Regardless of the SSO protocol used, Azure AD will always return an error code, message and debugging information.
If that's not the case, then Collect a network trace with Fiddler and post the results here minus any confidential information for additional debugging.
Optionally, you may try to Test SAML-based single sign-on from the Azure Portal to verify your application correct configuration.
Most likely it is an issue with the Redirect URI being used in the application for the event when user is not found on the IDP (Azure AD). This seems to quite similar to the following issue: Redirect not working for SAML login, php-saml with Azure Active Directory

C# Webservice Proxy Windows Authentication

I have a c# application which consumes a webservice through a client proxy. The webservice is setup to use windows authentication (HTTP 401 challange through Active Directory). My user account configured to be authorized to access the webservice.
When I call the webservice through the browser it worked well. The browser is able to do the 401 challange and does not ask for any user id password (as internally the server and client do it through AD controller).
The problem is that when I try to consume the service through the C# application, it throws HTTP request unauthorized error.
I have tried all the below options for the webservice proxy to do windows authentication.
ClientCredentials.Windows.AllowedImpersonationLevel = System.Security.Principal.TokenImpersonationLevel.Impersonation
ClientCredentials.Windows.ClientCredential = System.Net.CredentialCache.DefaultCredentials as System.Net.NetworkCredential
ClientCredentials.Windows.AllowedImpersonationLevel =System.Security.Principal.TokenImpersonationLevel.Impersonation
Can someone please help on how I can make the webservice call just like how the browser does. I cannot pass user id and password while calling the service.
I figured out myself a workaround.The service call works well (HTTP 401 challange) with HTTPWebRequest with Credentials = CredentialCache.DefaultCredentials. Browser seems to be using the same approach.The problem is while creating a client proxy which is unable to do this 401 challange.
I could not figureout the reason but may be the service does not have enough meta information to establish a proper handshake with a client proxy.

Cross Domain Request to SAP authentication service

I've to authenticate my webapp using a third party SAP authentication service. On hitting the service, it redirects the request to a Active Directory server, which authenticates the user and redirects back to the third party server. This third party server doesn't redirect back to me. Is there a way in which I can get the session details?
I thought of using an IFrame, but then I won't be able to access session details set to IFrame by the third party server.
Is there any other way in which I can solve this and get session details?

Get 401 Unauthorized when call web api even if I enable Anonymous Authentication

I am developing a web api. When I ran web api in local workstation by Visual Studio and used Fiddler or IE to consume it, all things were fine.
But if I deployed it into a remote IIS server, I get 401 error code in IE, Fiddler or client application. Even I enable Anonymous Authentication in IIS, 401 still occurs.
Could anyone give me some suggestions?
Thanks.
You can right click in the Authentification the "Anonymous Authentification" and select Edit. From there, you can assign on which credential you run the Anonymous authentification. If you set your own account, it should work (or any account that can run the web api).