Daniel Dugger Posted May 1, 2018 Share Posted May 1, 2018 Hi, We are using Passwordstate (V8.3 Build 8345) with SAML logins (on-prem ADFS 2016), which has been working so far. However, one user receives the following error when attempting to reach the site: Server Error in '/' Application. Runtime Error Description: An exception occurred while processing your request. Additionally, another exception occurred while executing the custom error page for the first exception. The request has been terminated. All other SAML connected applications are working for this user, and other users can log into Passwordstate using SAML - it is only just this one user in Passwordstate. I have removed the user in Passwordstate and added them back, however the issue persists. After the SAML redirection, the user is brought to the following page: https://pwd.redacted.com/error/generalerror.aspx?aspxerrorpath=/logins/saml/default.aspx The IIS logs show the following for the login: 2018-05-01 17:56:10 10.45.1.38 GET / - 443 - 10.45.2.103 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/66.0.3359.139+Safari/537.36 - 302 0 0 312 2018-05-01 17:56:10 10.45.1.38 GET /logins/loginadan.aspx - 443 - 10.45.2.103 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/66.0.3359.139+Safari/537.36 - 302 0 0 78 2018-05-01 17:56:10 10.45.1.38 GET /logins/saml.aspx - 443 - 10.45.2.103 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/66.0.3359.139+Safari/537.36 - 302 0 0 109 2018-05-01 17:56:11 10.45.1.38 POST /logins/saml/default.aspx - 443 - 10.45.2.103 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/66.0.3359.139+Safari/537.36 https://login.redacted.com/adfs/ls/wia?loginToRp=https://pwd.redacted.com&SAMLRequest=lZDBasMwEER%2fxeguW3Ii*redacted*XDAFpsugMlsYvXfWkZnz1%2b7LhBw%3d%3d&client-request-id=b33b82ca-d6da-416c-c316-0080000000ba 302 0 0 187 2018-05-01 17:56:11 10.45.1.38 GET /favicon.ico - 443 - 10.45.2.103 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/66.0.3359.139+Safari/537.36 https://pwd.redacted.com/error/generalerror.aspx?aspxerrorpath=/logins/saml/default.aspx 200 0 0 140 Any idea on what might be causing this? Link to comment Share on other sites More sharing options...
support Posted May 1, 2018 Share Posted May 1, 2018 Hi Daniel, Sorry, we're not sure why this would be happening for just the one user - we've never seen that behaviour before. Do you know if there is something different about the users browser environment, compared to other users i.e. browser extensions, AV software, browser type, etc? If you have a look at the following article, you can make a change which will hopefully provide us more error details - https://www.clickstudios.com.au/community/index.php?/topic/2257-turning-off-custom-errors/egards Regards Click Studios Link to comment Share on other sites More sharing options...
Daniel Dugger Posted May 1, 2018 Author Share Posted May 1, 2018 The user has a hyphen in their last name - that's the only difference that I can think of. I turned off the custom errors - here is the error including the stack trace: Server Error in '/' Application. Object reference not set to an instance of an object. Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code. Exception Details: System.NullReferenceException: Object reference not set to an instance of an object. Source Error: An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below. Stack Trace: [NullReferenceException: Object reference not set to an instance of an object.] Passwordstate.Saml.Response.GetNameID() +259 logins_saml_default.Page_Load(Object sender, EventArgs e) +402 System.Web.UI.Control.OnLoad(EventArgs e) +102 System.Web.UI.Control.LoadRecursive() +11927921 System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +1384 Version Information: Microsoft .NET Framework Version:4.0.30319; ASP.NET Version:4.7.2623.0 Link to comment Share on other sites More sharing options...
support Posted May 1, 2018 Share Posted May 1, 2018 Hi Daniel, Does this user have an email address associate with their account in ADFS? It is the email address which is passed back to Passwordstate, to try and find a match in the UserAccounts table based on the same email address - so in the two environments, they must match? Regards Click Studios Link to comment Share on other sites More sharing options...
Daniel Dugger Posted May 1, 2018 Author Share Posted May 1, 2018 That would be it! The user did not have a email address in AD or Passwordstate. Added it in AD and Passwordstate, and the login proceeds. Not sure how I missed that before! Thank you! Link to comment Share on other sites More sharing options...
support Posted May 1, 2018 Share Posted May 1, 2018 Excellent - thanks Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.