Jump to content

Recommended Posts

When trying to enable Azure AD SAML2 authentication I get the following error message:

 

Server Error in '/' Application.

The argument to SetTimeout must be greater than 0.

Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code. 
Exception Details: System.ArgumentException: The argument to SetTimeout must be greater than 0.
Source Error: 

 

An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

Stack Trace: 
 


 

Version Information: Microsoft .NET Framework Version:4.0.30319; ASP.NET Version:4.6.1087.0

Link to post
Share on other sites

Hi floatingbyte,

I've searched through all code for SetTimeout, and the only references I see are for the JavaScript method of SetTimeout(). What's interesting is that on both of the 2 pages we use for SAML authentication, there is no Javascript at all, so I'm not sure why you would be seeing this. What's even more odd is your error is a .NET error, not a JavaScript one - these only show in the console window in your browser.

The only timeout feature we have in Passwordstate is on the screen Administration -> System Settings -> Miscellaneous tab -> Inactivity Time Out, but I don't believe this is related.

Is it taking a while for this error to be thrown, or does it show immediately? If it takes a while, then possibly it's a configuration/Firewall issue and cannot talk to your Azure AD. Does it show any other information on the screen?

Regards

Click Studios

Link to post
Share on other sites

Hi! the error message is almost immediate. Maybe there is something wrong with the SAML2 config for Azure AD. but I can't find a location the check the config.

the passwordstate server has no outbound restrictions for the Azure AD.

 

[/edit]

I tried to fix it, and I now have a workaround. When I use the access panel of Azure AD, and try to open Password State I first het: AADSTS75005: The request is not a valid Saml2 protocol message.

But when i try the second time, I'm logged in. so I expect there is some form of authentication but it doesn't compy fully to the Microsoft SAML2 implementation. I'm not (developer) technical to find the issue. But if somebody has a clue, would be nice!

Link to post
Share on other sites

Hi floatingbyte,

As far as we believe our code is fully SAML2 compliant. We have tested with www.okta.com, www.onelogin.com, and we have a few customers also using it with Active Directory Federations Services (ADFS). It's interesting that the second attempt lets you try - if our code wasn't SAML2 compliant, I wouldn't think it would work at all.

Out of interest, how is Azure AD any different to having local domain controllers? I guess I'm asking why are using trying to use SAML for the authentication, and not just direct AD authentication with our software?

It would take us some time to setup and test an Azure AD environment, so hopefully there are some other customers who could offer some insight as well.

Regards
Click Studios

Link to post
Share on other sites

I'm not sure what the real reason is. I read a post on an other forum regarding the SAML2 implementation of Google. They have some applications that also won't work. But when using the Application Portal from Azure AD there is some kind of workaround.

 

If I try to log in directly form the passwordstate url I get an Azure AD message "the request is not a valid SAML2 protocol message". Microsoft stated that when using the Application Portal (https://account.activedirectory.windowsazure.com) there is some kind of workaround.

 

If you need logs, let me know!

 

Link to post
Share on other sites

Hi floatingbyte,

What is the workaround that Microsoft is referring to?

Also, if you have the time, can you let us know how Azure AD any different to having local domain controllers - is there a reason why you cannot use our standard AD authentication options in the software?

Regards
Click Studios

Link to post
Share on other sites
  • 8 months later...

Hi Guys,


As of Build 8165, we now fully support SAML and Azure AD Authentication. Please refer to the Security Administrators manual in the Help menu for how Azure AD needs to be configured to work. Go to the section System Settings -> Authentication Options tab -> SAML2 Provider Examples.

 

Regards

Click Studios

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
×
  • Create New...