1. ID4 + rsk saml gives response as https://localhost:44313/Home/Login?error=access_denied 2. what rsk himself is doing

[saurabh12231978]

Its not Id4 or rsk saml plugin issue (most probably Owin monster issue as per Anders or Chellengeresult AuthenticationProperties or SignInManager.ConfigureExternalAuthenticationProperties or AspNetIdentity cookie issue), but since it is reproducible with id4+rsk github sample, hence I am mentioning here.

1. Launch VS2017 community; build; delete chrome browser cache(everything), Multiple Startup(test client & rsk), breakpoints on home ctrl-> hit F5
2. click login ->Fill userid(email) in account.google.com form->pwd->it comes back to Home Login & User.Identity.IsAuthenticated=false->again SAML signin request generated through kentor by registering idp & loading metadata in AuthServices; and again google login choose account form ->back to Home/Login....(attached the screen shot);
   pls note that in Google setup(GSuite SAML config page) I have specified only SP EntityId, SP ACS; no return/redirect/callback/start url & the G+ API is enabled on my SAML app;
   ques: 1. why not improvement in handling(access_denied) better? fyi: same behaviour is noted when using kentor with id3;
3. if saml req/resp can be done using kentor then what rsk plugin is doing ? upstreaming ? downstreaming ?
   

[scottbrady91]

Hi, this sample solution uses the Kentor SAML2P library as an example Service Provider against the IdentityServer 4 SAML2P (Identity Provider) component.

The SAML2P IdP component for IdentityServer 4 has no affiliation with the Kentor SAML2P library.

For support with your issue, check out the Kentor/Sustainsys repository or issue a support request directly with your Google SAML provider.