Question

我使用的是IdentityServer3，我尝试通过UseWsFederationAuthentication将其与ADFS集成，但似乎无法正常工作。它在没有IdentityServer的情况下工作，它重定向到登录页面，它完成没有任何问题。但是，当我通过IdentityServer执行此操作时，没有任何响应。当我检查fiddler日志时，我可以看到它下载了元数据，但之后没有动作。可能是什么原因？

Fiddler Trace：

IdentityServer3登录

IdentityServer OWIN启动

public class Startup
{
    public void Configuration(IAppBuilder app)
    {
        var idsrvManager = new IdentityServerManager();
        var tenants = idsrvManager.GetTenants();
        foreach (var tenant in tenants)
        {
            app.Map(string.Format("/identity/{0}", tenant.ShortName), ids =>
             {
                 ids.UseIdentityServer(new IdentityServerOptions
                 {
                     SiteName = string.Format("Identity Server for {0}", tenant.Name),
                     IssuerUri = string.Format(Templates.Issuer, tenant.ShortName),
                     SigningCertificate = LoadCertificate(),
                     Factory = new IdentityServer3.Core.Configuration.IdentityServerServiceFactory
                     {
                         UserService = new Registration<IUserService>(new InMemoryUserService(Users.Get())),
                         ClientStore = new Registration<IClientStore>(new InMemoryClientStore(Clients.Get(tenant.ShortName))),
                         ScopeStore = new Registration<IScopeStore>(new InMemoryScopeStore(Scopes.Get()))
                     },
                     AuthenticationOptions = new IdentityServer3.Core.Configuration.AuthenticationOptions
                     {
                         EnableSignOutPrompt = false,

                         IdentityProviders = delegate (IAppBuilder appBuilder, string sAsType)
                         {
                             var hasDefaultIdp = false;
                             var authType = string.Empty;
                             foreach (var idp in tenant.IdentityProviders)
                             {
                                 authType = !hasDefaultIdp && idp.IsDefault ? Defaults.Idp : idp.IdentityProviderType.Name;
                                 hasDefaultIdp = !hasDefaultIdp && idp.IsDefault;
                                 if (idp.IdentityProviderType.Name == IdPConstants.ActiveDirectory)
                                 {
                                     appBuilder.UseWsFederationAuthentication(new WsFederationAuthenticationOptions
                                     {
                                         Wtrealm = idp.Wtrealm,
                                         MetadataAddress = idp.MetadataAddress,
                                         AuthenticationType = authType,
                                         Caption = string.Format(Templates.Caption, IdPConstants.ActiveDirectory),
                                         SignInAsAuthenticationType = sAsType,
                                         BackchannelCertificateValidator = null,
                                         Notifications = new WsFederationAuthenticationNotifications
                                         {
                                             RedirectToIdentityProvider = (n) =>
                                             {
                                                 return Task.FromResult(0);
                                             }
                                         }
                                     });
                                 }

MVC应用程序OWIN启动

public void ConfigureAuth(IAppBuilder app)
    {
        app.UseCookieAuthentication(new CookieAuthenticationOptions
        {
            AuthenticationType = "Cookies"
        });

        app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
        {
            ClientId = Defaults.MVCAppName,
            SignInAsAuthenticationType = "Cookies",
            ResponseType = "code id_token",
            Scope = "openid",
            BackchannelCertificateValidator = null,
            ConfigurationManager = new TenantOpenIdConfigurationManager(new List<string>() { "Contoso" }),
            Notifications = new OpenIdConnectAuthenticationNotifications()
            {
                RedirectToIdentityProvider = (n) =>
                {
                    n.ProtocolMessage.RedirectUri = string.Format(Templates.WebApp, "Contoso"); // This is a hardcoded value should be taken at runtime.
                    n.ProtocolMessage.AcrValues = string.Format(Templates.ArcValues, Defaults.Idp); ;
                    return Task.FromResult(0);
                }
            }
        });
    }

日志：

2017-09-21 17:51:45.177 +05:30请求[信息]身份提供者，重定向到：＆＃34;默认＆＃34; 2017-09-21 17:51:45.181 +05:30 [信息]请求提供商的外部登录：＆＃34;默认＆＃34; 2017-09-21 17：51：45.186 +05：30 [信息]触发外部身份提供商的挑战 2017-09-21 17：51：45.187 +05：30 [Debug] [2017-09-21T12：21：45.1867241Z] Level = Info，Kind = End，Category =＆＃39; System.Web.Http.Action＆＃39;，Id = 80000077-0000-f000-b63f-84710c7967bb，消息=＆＃39;操作返回＆＃39; System.Web.Http.Results.UnauthorizedResult＆＃39;＆＃39;，Operation = ReflectedHttpActionDescriptor.ExecuteAsync 2017-09-21 17：51：45.189 +05：30 [Debug] [2017-09-21T12：21：45.1887241Z] Level = Info，Kind = End，Category =＆＃39; System.Web.Http.Action＆＃39;，Id = 80000077-0000-f000-b63f-84710c7967bb，Operation = ApiControllerActionInvoker.InvokeActionAsync，Status = 401（Unauthorized） 2017-09-21 17：51：45.190 +05：30 [Debug] [2017-09-21T12：21：45.1897241Z] Level = Info，Kind = Begin，Category =＆＃39; System.Web.Http.Filters＆＃39;，Id = 80000077-0000-f000-b63f-84710c7967bb，消息=＆＃39;操作过滤器＆＃39;登录（字符串登录）＆＃39;＆＃39;，操作= NoCacheAttribute.OnActionExecutedAsync，状态= 401（未经授权） 2017-09-21 17：51：45.191 +05：30 [Debug] [2017-09-21T12：21：45.1907241Z] Level = Info，Kind = End，Category =＆＃39; System.Web.Http.Filters＆＃39;，Id = 80000077-0000-f000-b63f-84710c7967bb，Operation = NoCacheAttribute.OnActionExecutedAsync，Status = 401（Unauthorized） 2017-09-21 17：51：45.193 +05：30 [Debug] [2017-09-21T12：21：45.1917241Z] Level = Info，Kind = Begin，Category =＆＃39; System.Web.Http.Filters＆＃39;，Id = 80000077-0000-f000-b63f-84710c7967bb，消息=＆＃39;操作过滤器＆＃39;登录（字符串登录）＆＃39;＆＃39;，操作= SecurityHeadersAttribute.OnActionExecutedAsync，状态= 401（未经授权） 2017-09-21 17：51：45.194 +05：30 [Debug] [2017-09-21T12：21：45.1937241Z] Level = Info，Kind = End，Category =＆＃39; System.Web.Http.Filters＆＃39;，Id = 80000077-0000-f000-b63f-84710c7967bb，Operation = SecurityHeadersAttribute.OnActionExecutedAsync，Status = 401（Unauthorized） 2017-09-21 17：51：45.196 +05：30 [Debug] [2017-09-21T12：21：45.1947241Z] Level = Info，Kind = End，Category =＆＃39; System.Web.Http.Controllers＆＃39;，Id = 80000077-0000-f000-b63f-84710c7967bb，Operation = AuthenticationController.ExecuteAsync，Status = 401（Unauthorized） 2017-09-21 17：51：45.197 +05：30 [Debug] [2017-09-21T12：21：45.1967241Z] Level = Info，Kind = End，Category =＆＃39; System.Web.Http.MessageHandlers＆＃39;，Id = 80000077-0000-f000-b63f-84710c7967bb，Operation = PassiveAuthenticationMessageHandler.SendAsync，Status = 401（Unauthorized） 2017-09-21 17：51：45.198 +05：30 [Debug] [2017-09-21T12：21：45.1977241Z] Level = Info，Kind = End，Category =＆＃39; System.Web.Http.MessageHandlers＆＃39;，Id = 80000077-0000-f000-b63f-84710c7967bb，Operation = DependencyScopeHandler.SendAsync，Status = 401（Unauthorized） 2017-09-21 17:51:45.199 +05:30 [Debug] [2017-09-21T12：21：45.1987241Z]发送响应，Status = 401（Unauthorized），Method = GET，Url =＆lt;＆gt;？ signin = 5c391119163f5581602559efabbb3443，Id = 80000077-0000-f000-b63f-84710c7967bb，Message =＆＃39; Content-type =＆＃39; none＆＃39;，content-length = unknown＆＃39; 2017-09-21 17：51：45.200 +05：30 [Debug] [2017-09-21T12：21：45.1997241Z] Level = Info，Kind = Begin，Category =＆＃39; System.Web.Http.Controllers＆＃39;，Id = 80000077-0000-f000-b63f-84710c7967bb，Operation = AuthenticationController.Dispose 2017-09-21 17:51:45.201 +05:30 [Debug] [2017-09-21T12：21：45.2007241Z] Level = Info，Kind = End，Category =＆＃39; System.Web.Http.Controllers＆＃39;，Id = 80000077-0000-f000-b63f-84710c7967bb，Operation = AuthenticationController.Dispose

IdentityServer3未通过UseWsFederationAuthentication

0 个答案: