Jump to content

SAML Login Runtime Error


Daniel Dugger

Recommended Posts

Hi,

 

We are using Passwordstate (V8.3 Build 8345) with SAML logins (on-prem ADFS 2016), which has been working so far. However, one user receives the following error when attempting to reach the site:

Server Error in '/' Application.

Runtime Error

Description: An exception occurred while processing your request. Additionally, another exception occurred while executing the custom error page for the first exception. The request has been terminated.

All other SAML connected applications are working for this user, and other users can log into Passwordstate using SAML - it is only just this one user in Passwordstate.

 

I have removed the user in Passwordstate and added them back, however the issue persists.

 

After the SAML redirection, the user is brought to the following page:

https://pwd.redacted.com/error/generalerror.aspx?aspxerrorpath=/logins/saml/default.aspx

The IIS logs show the following for the login:

2018-05-01 17:56:10 10.45.1.38 GET / - 443 - 10.45.2.103 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/66.0.3359.139+Safari/537.36 - 302 0 0 312
2018-05-01 17:56:10 10.45.1.38 GET /logins/loginadan.aspx - 443 - 10.45.2.103 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/66.0.3359.139+Safari/537.36 - 302 0 0 78
2018-05-01 17:56:10 10.45.1.38 GET /logins/saml.aspx - 443 - 10.45.2.103 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/66.0.3359.139+Safari/537.36 - 302 0 0 109
2018-05-01 17:56:11 10.45.1.38 POST /logins/saml/default.aspx - 443 - 10.45.2.103 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/66.0.3359.139+Safari/537.36 https://login.redacted.com/adfs/ls/wia?loginToRp=https://pwd.redacted.com&SAMLRequest=lZDBasMwEER%2fxeguW3Ii*redacted*XDAFpsugMlsYvXfWkZnz1%2b7LhBw%3d%3d&client-request-id=b33b82ca-d6da-416c-c316-0080000000ba 302 0 0 187
2018-05-01 17:56:11 10.45.1.38 GET /favicon.ico - 443 - 10.45.2.103 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/66.0.3359.139+Safari/537.36 https://pwd.redacted.com/error/generalerror.aspx?aspxerrorpath=/logins/saml/default.aspx 200 0 0 140

Any idea on what might be causing this?

Link to comment
Share on other sites

Hi Daniel,

 

Sorry, we're not sure why this would be happening for just the one user - we've never seen that behaviour before.

 

Do you know if there is something different about the users browser environment, compared to other users i.e. browser extensions, AV software, browser type, etc?

 

If you have a look at the following article, you can make a change which will hopefully provide us more error details - https://www.clickstudios.com.au/community/index.php?/topic/2257-turning-off-custom-errors/egards

 

 

Regards

Click Studios

Link to comment
Share on other sites

The user has a hyphen in their last name - that's the only difference that I can think of.

 

I turned off the custom errors - here is the error including the stack trace:

Server Error in '/' Application.
Object reference not set to an instance of an object.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code. 

Exception Details: System.NullReferenceException: Object reference not set to an instance of an object.

Source Error: 

An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

Stack Trace: 


[NullReferenceException: Object reference not set to an instance of an object.]
   Passwordstate.Saml.Response.GetNameID() +259
   logins_saml_default.Page_Load(Object sender, EventArgs e) +402
   System.Web.UI.Control.OnLoad(EventArgs e) +102
   System.Web.UI.Control.LoadRecursive() +11927921
   System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +1384

Version Information: Microsoft .NET Framework Version:4.0.30319; ASP.NET Version:4.7.2623.0

 

Link to comment
Share on other sites

Hi Daniel,

 

Does this user have an email address associate with their account in ADFS? It is the email address which is passed back to Passwordstate, to try and find a match in the UserAccounts table based on the same email address - so in the two environments, they must match?

Regards

Click Studios

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...