Skip to content
This repository has been archived by the owner on Nov 9, 2017. It is now read-only.

FedAuth Cookie Issue #869

Open
asanjeevak opened this issue Dec 1, 2015 · 1 comment
Open

FedAuth Cookie Issue #869

asanjeevak opened this issue Dec 1, 2015 · 1 comment
Labels
question

Comments

@asanjeevak
Copy link

We are facing an issue with decoding fedauth cookie.

When a user logs into Relyingparty, WS Federation creates a FedAuth cookie and based on the size of the claims the FedAuth cookie is chunked into multiple cookies.

The issue we are seeing is sporadic, and manifests with a FedAuth combined cookie value (after concatenating all the chunked cookie values) that ends in “Pg==Pg==”

Both FedAuth1 and FedAuth2 ends in “Pg==”.

Please find the error log below
ERROR | The input is not a valid Base-64 string as it contains a non-base 64 character, more than two padding characters, or an illegal character among the padding characters.
System.FormatException: The input is not a valid Base-64 string as it contains a non-base 64 character, more than two padding characters, or an illegal character among the padding characters.
at System.Convert.FromBase64_ComputeResultLength(Char* inputPtr, Int32 inputLength)
at System.Convert.FromBase64CharPtr(Char* inputPtr, Int32 inputLength)
at System.Convert.FromBase64String(String s)
at System.IdentityModel.Services.ChunkedCookieHandler.ReadInternal(String name, HttpCookieCollection requestCookies)
at System.IdentityModel.Services.ChunkedCookieHandler.ReadCore(String name, HttpContext context)
at System.IdentityModel.Services.CookieHandler.Read(String name, HttpContext context)
at System.IdentityModel.Services.SessionAuthenticationModule.TryReadSessionTokenFromCookie(SessionSecurityToken& sessionToken)
at System.IdentityModel.Services.SessionAuthenticationModule.OnAuthenticateRequest(Object sender, EventArgs eventArgs)
at System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)

Can you please help us in knowing the root cause that is raising this issue. I am also attaching the cookie payload with this.
cookie.txt
@brockallen
Copy link
Member

This is not our code -- it's probably the code in Microsoft's SAM (session authentication module),. That's where the cookie is created, chunked, and read.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@brockallen @asanjeevak