TokenEndpoint empty when referencing Microsoft.IdentityModel.Tokens.Saml nuget package

I have some strange behavior when using OpenIdConnect authentication. Everything works fine, but as soon as I reference the Microsoft.IdentityModel.Tokens.Saml 8.0.2 (i also tried older versions) I got the following exception. This exceptions happens on the "way back" from de identity provider (POST on signin-oidc).

```
InvalidOperationException: An invalid request URI was provided. Either the request URI must be an absolute URI or BaseAddress must be set.
System.Net.Http.HttpClient.PrepareRequestMessage(HttpRequestMessage request)

AuthenticationFailureException: An error was encountered while handling the remote login.
Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler<TOptions>.HandleRequestAsync()
```

And after investigating I saw that _configuration?.TokenEndpoint is null, at the below line of code, as soon as I run with a reference to Microsoft.IdentityModel.Tokens.Saml nuget package.

https://github.com/dotnet/aspnetcore/blob/258f8baa683db26ea46a00618a8b9b4d8db764b4/src/Security/Authentication/OpenIdConnect/src/OpenIdConnectHandler.cs#L991

The .csproj with packagerefences looks like this:

```
<Project Sdk="Microsoft.NET.Sdk.Web">

  <PropertyGroup>
    <TargetFramework>net8.0</TargetFramework>
    <Nullable>enable</Nullable>
    <ImplicitUsings>enable</ImplicitUsings>
    <UserSecretsId>7f837761-f406-4779-ac6c-3f1cbd16fb67</UserSecretsId>
  </PropertyGroup>

  <ItemGroup>
    <PackageReference Include="Azure.Identity" Version="1.12.0" />
    <PackageReference Include="Azure.Security.KeyVault.Certificates" Version="4.6.0" />
    <PackageReference Include="IdentityModel" Version="7.0.0" />
    <PackageReference Include="Microsoft.Data.SqlClient" Version="5.2.1" />
    <PackageReference Include="Microsoft.EntityFrameworkCore.SqlServer" Version="8.0.7" />
    <PackageReference Include="Microsoft.EntityFrameworkCore.Tools" Version="8.0.7">
      <PrivateAssets>all</PrivateAssets>
      <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
    </PackageReference>
    <PackageReference Include="Microsoft.IdentityModel.Tokens.Saml" Version="8.0.2" />
    <PackageReference Include="Scrutor" Version="4.2.2" />
    <PackageReference Include="System.Configuration.ConfigurationManager" Version="8.0.0" />
    <PackageReference Include="System.Text.RegularExpressions" Version="4.3.1" />
    <PackageReference Include="Yarp.ReverseProxy" Version="2.1.0" />
    <PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="8.0.8" />
    <PackageReference Include="Microsoft.AspNetCore.Authentication.OpenIdConnect" Version="8.0.8" />
    <PackageReference Include="Microsoft.AspNetCore.Authentication.WsFederation" Version="8.0.8" />
    <PackageReference Include="Microsoft.ApplicationInsights.AspNetCore" Version="2.22.0" />
  </ItemGroup>

</Project>
```

And I found that I need to reference Microsoft.IdentityModel.Tokens.Saml in order for WsFederation to work. So that's the reason that I have reference that package.

Is there something I should configure/override to make this work, or is this a bug?


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

TokenEndpoint empty when referencing Microsoft.IdentityModel.Tokens.Saml nuget package #57586

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development