服务提供商ComponenetSpace身份提供商ADFS 2.0为.Net应用程序启用SSO时出现问题

时间:2013-08-27 08:55:02

标签: single-sign-on claims-based-identity saml-2.0 adfs2.0 federated-identity

我正在为现有的.net应用程序启用SSO。我使用组件空间SAML 2.0组件作为服务提供者(SP)和ADFS 2.0作为身份提供者(IdP)我已经在不同的服务上配置了ADFS而SP在不同的服务器上。我正在启动SP InitiateSSO被调用并且浏览器被重定向到IdP url并基于中继方url将其返回给SP。

试图获得:

SAMLServiceProvider.ReceiveSSO(Request, out isInResponseTo, out partnerIdP, out userName, out attributes, out targetUrl); 

其说法“未配置合作伙伴身份提供商http://sp.com/adfs/services/trust”。

在小提琴手中我接到了电话。

  • /login.aspx?ReturnUrl=%2fDefault.aspx
  • / ADFS / LS /?SAMLRequest = 7b0HYBxJliUmL23Ke39K9UrX4HShCIBgEyTYkEAQ7MGIzeaS7B1pRyMpqyqBymVWZV1mFkDM7Z28995777333nvvvfe6O51OJ%2FFF%2Fz9cZmQBbPbOStrJniGAqsgfP358Hz8iHjfZolw9Ol638%2BWr%2FBet86ZNz55%2B9tHvf%2F5gOr032d3bPp%2Fszbb3Z5%2FubR9MHxxs7%2BUP9mezncn93cnso%2FQn87opquVnH%2B2Ndz5Kz5pmnZ8tmzZbtvTRzu697R1648GbnQeP9u892r0%2F3n9w8FMfpU%2Bpl2KZtfzmvG1Xj%2B7eLZZtnc2KfDGeVou72ey8uVs2dz9Kn1X1NGf0PvvoPCubHN28zJqmuMztJy%2Frqq2mVfmkWM6K5cVnH63r5aMqa4rm0TJb5M2jdvro9fEXzx8Rmo8m0qh59O03b15uv%2Fzy9ZuP0uOmyWvgc1Itm%2FUir1%2Fn9WUxzb969VwwbAjFWb6oxiGeAHp36OVx1qzefZS%2BW5TL5hHTeTNiKx3FR0c8K4 %2BYnLX3%2FubXM4PGR0fDGD%2B%2B64E%2B0tl%2FQbDOnr6symJ6DYIvsna4q93xLn9SzLbPuemj9bJZ5dPivMiJI47Lsro6qfOspelp6zXNzt0j6TVks6P%2FBw%3D%3D&安培; SigAlg = HTTP%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23rsa-SHA1&安培;签名= rXOfg3K3D87RobofnuU5xXfBbYYIlHOeNf3IkOrLVekTycKWW7foBAKeBuatyyaCZwnmZMWJiMOGU87P4NOy0YXGdO3F5VhvZ9ZGLxK74GWrTOvWmvY%2Fa4z%2FrGRv6TkNRRMdy6rZS5sBn %2B1aQx0bzlPwAMwaCVbIU%2FQxTJa4zok%3D
  • / ADFS / LS / AUTH /集成的/?SAMLRequest = 7b0HYBxJliUmL23Ke39K9UrX4HShCIBgEyTYkEAQ7MGIzeaS7B1pRyMpqyqBymVWZV1mFkDM7Z28995777333nvvvfe6O51OJ%2FFF%2Fz9cZmQBbPbOStrJniGAqsgfP358Hz8iHjfZolw9Ol638%2BWr%2FBet86ZNz55%2B9tHvf%2F5gOr032d3bPp%2Fszbb3Z5%2FubR9MHxxs7%2BUP9mezncn93cnso%2FQn87opquVnH%2B2Ndz5Kz5pmnZ8tmzZbtvTRzu697R1648GbnQeP9u892r0%2F3n9w8FMfpU%2Bpl2KZtfzmvG1Xj%2B7eLZZtnc2KfDGeVou72ey8uVs2dz9Kn1X1NGf0PvvoPCubHN28zJqmuMztJy%2Frqq2mVfmkWM6K5cVnH63r5aMqa4rm0TJb5M2jdvro9fEXzx8Rmo8m0qh59O03b15uv%2Fzy9ZuP0uOmyWvgc1Itm%2FUir1 %2Fn9WUxzb969VwwbAjFWb6oxiGeAHp36OVx1qzefZS%2BW5TL5hHTeTNiKx3FR0c8K4%2BYnLX3%2FubXM4PGR0fDGD%2B%2B64E%2B0tl%2FQbDOnr6symJ6DYIvsna4q93xLn9SzLbPuemj9bJZ5dPivMiJI47Lsro6qfOspelp6zXNzt0j6TVks6P%2FBw%3D%3D&安培; SigAlg = HTTP%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23rsa-SHA1&安培;签名= rXOfg3K3D87RobofnuU5xXfBbYYIlHOeNf3IkOrLVekTycKWW7foBAKeBuatyyaCZwnmZMWJiMOGU87P4NOy0YXGdO3F5VhvZ9ZGLxK74GWrTOvWmvY %2Fa4z%2FrGRv6TkNRRMdy6rZS5sBn%2B1aQx0bzlPwAMwaCVbIU%2FQxTJa4zok%3D
  • /SAML/AssertionConsumerService.aspx

堆栈跟踪

[SAMLException: The partner identity provider http:// sp.com/adfs/services/trust is not configured.]
  ComponentSpace.SAML2.Configuration.SAMLConfiguration.GetPartnerIdentityProvider(String name) in c:\Sandboxes\ComponentSpace\SAMLv20\Library\Configuration\SAMLConfiguration.cs:245
  ComponentSpace.SAML2.SAMLServiceProvider.ReceiveSSO(HttpRequest httpRequest, Boolean& isInResponseTo, String& partnerIdP, String& userName, SAMLAttribute[]& attributes, String& relayState) in c:\Sandboxes\ComponentSpace\SAMLv20\Library\SAMLServiceProvider.cs:664
  ComponentSpace.SAML2.SAMLServiceProvider.ReceiveSSO(HttpRequest httpRequest, Boolean& isInResponseTo, String& partnerIdP, String& userName, IDictionary`2& attributes, String& relayState) in c:\Sandboxes\ComponentSpace\SAMLv20\Library\SAMLServiceProvider.cs:637
  ExampleServiceProvider.SAML.AssertionConsumerService.Page_Load(Object sender, EventArgs e) in C:\Program Files (x86)\ComponentSpace SAML v2.0 for .NET\Examples\SSO\HighLevelAPI\WebForms\ExampleServiceProvider\SAML\AssertionConsumerService.aspx.cs:28
  System.Web.Util.CalliHelper.EventArgFunctionCaller(IntPtr fp, Object o, Object t, EventArgs e) +25
  System.Web.Util.CalliEventHandlerDelegateProxy.Callback(Object sender, EventArgs e) +42
  System.Web.UI.Control.OnLoad(EventArgs e) +132
  System.Web.UI.Control.LoadRecursive() +66
  System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +2428

ADFS配置是:

<PartnerIdentityProvider Name="https://sp.com/adfs/services/trust"
   SignAuthnRequest="true"
   WantSAMLResponseSigned="false"
   WantAssertionSigned="false"
   WantAssertionEncrypted="false"
   UseEmbeddedCertificate="true"
   SingleSignOnServiceUrl="http://sp.com/adfs/ls/"/ >

服务提供商配置如下:

<SAMLConfiguration xmlns="urn:componentspace:SAML:2.0:configuration">
<ServiceProvider Name="https://demo.sp.com"
   AssertionConsumerServiceUrl="~/SAML/AssertionConsumerService.aspx"
   CertificateFile="sp.pfx"
   CertificatePassword="password" />

我进入的错误:

Server Error in '/' Application.
The partner identity provider http:// sp.com/adfs/services/trust is not configured. Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code. 

Exception Details: ComponentSpace.SAML2.Exceptions.SAMLException: The partner identity provider http:// sp.com/adfs/services/trust is not configured.

2 个答案:

答案 0 :(得分:0)

我通过更改身份验证的顺序解决了这个问题。

http://social.technet.microsoft.com/wiki/contents/articles/1600.ad-fs-2-0-how-to-change-the-local-authentication-type.aspx

现在它的工作。 : - )

答案 1 :(得分:0)

ComponentSpace实际引发了以下错误:

  

合作伙伴身份提供商http://sp.com/adfs/services/trust是   未配置

这是因为PartnerSP中的<appSettings />键与Name中的<PartnerIdentityProvider />属性不匹配:

<强> saml.config

<PartnerIdentityProvider Name="https://sp.com/adfs/services/trust" ... />

<强>的Web.config

<appSettings>
    <add key="PartnerSP" value="http://sp.com/adfs/services/trust />
    ...
</appSettings>

PartnerIdentityProvider的名称应设置为:http://sp.com/adfs/services/trust