SAML2令牌不适用于SSO的WIF / Federated / STS - 请提供帮助/建议

时间:2014-02-27 11:08:38

标签: c# asp.net-mvc single-sign-on wif

这让我很生气,我确信我错过了一些简单的东西,但我不能让我的用户身份验证与我的公司STS一起工作。 我正在使用.net 4.5.1,带有WIF的asp.net MVC。我的应用程序已成功重定向到公司STS - web.config,如下所示

<system.identityModel>
    <identityConfiguration>
      <claimsAuthenticationManager type="ENT.Common.Security.ClaimsTransformationModule, ENT.Common.Security" />
      <claimsAuthorizationManager  type="ENT.Common.Security.ENTClaimsAuthorizationManager,ENT.Common.Security" />
      <securityTokenHandlers>        
        <add type="ENT.Common.Security.eonToken, ENT.Common.Security" />
      </securityTokenHandlers>
      <audienceUris>        
      <add value="userportal.ect-sys.net" />        
      </audienceUris>
      <issuerNameRegistry type="System.IdentityModel.Tokens.ConfigurationBasedIssuerNameRegistry, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
        <trustedIssuers>
          <add thumbprint="385c9689ea602a849547786d531782ca0b6b6ac5" name="eon-apps.com" />
        </trustedIssuers>
      </issuerNameRegistry>            
    </identityConfiguration>
  </system.identityModel>
  <system.identityModel.services>
    <federationConfiguration>
      <cookieHandler requireSsl="false" />
      <wsFederation passiveRedirectEnabled="true" issuer="https://q-www.eon-apps.com/GetAccess/Saml/IDP/SSO/Unsolicited?TARGET=http://userportal.ect-sys.net/" realm="http://userportal.ect-sys.net" requireHttps="false" />      
    </federationConfiguration>
  </system.identityModel.services>

我收到了SAML回复,我使用Fiddler提取了

SAMLResponse=PHNhbWxwOlJlc3BvbnNlIHhtbG5zOnNhbWxwPSJ1cm46b2FzaXM6bmFtZXM6dGM6%0D%0AU0FNTDoyLjA6cHJvdG9jb2wiIHhtbG5zOmRzPSJodHRwOi8vd3d3LnczLm9yZy8y%0D%0AMDAwLzA5L3htbGRzaWcjIiB4bWxuczpzYW1sPSJ1cm46b2FzaXM6bmFtZXM6dGM6%0D%0AU0FNTDoyLjA6YXNzZXJ0aW9uIiB4bWxuczp4cz0iaHR0cDovL3d3dy53My5vcmcv%0D%0AMjAwMS9YTUxTY2hlbWEiIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAw%0D%0AMS9YTUxTY2hlbWEtaW5zdGFuY2UiIERlc3RpbmF0aW9uPSJodHRwOi8vdXNlcnBv%0D%0AcnRhbC5lY3Qtc3lzLm5ldCIgSUQ9IkkxMTI1MkI1NEE0MjA0MDM4NzAwMThGQUM0%0D%0ARDlCQ0U5ODJFM0I0QUYxIiBJc3N1ZUluc3RhbnQ9IjIwMTQtMDItMjdUMTA6NDE6%0D%0ANDFaIiBWZXJzaW9uPSIyLjAiPjxzYW1sOklzc3Vlcj5lb24tYXBwcy5jb208L3Nh%0D%0AbWw6SXNzdWVyPjxkc2lnOlNpZ25hdHVyZSB4bWxuczpkc2lnPSJodHRwOi8vd3d3%0D%0ALnczLm9yZy8yMDAwLzA5L3htbGRzaWcjIj48ZHNpZzpTaWduZWRJbmZvPjxkc2ln%0D%0AOkNhbm9uaWNhbGl6YXRpb25NZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3Lncz%0D%0ALm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz48ZHNpZzpTaWduYXR1cmVNZXRo%0D%0Ab2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcj%0D%0AcnNhLXNoYTEiLz48ZHNpZzpSZWZlcmVuY2UgVVJJPSIjSTExMjUyQjU0QTQyMDQw%0D%0AMzg3MDAxOEZBQzREOUJDRTk4MkUzQjRBRjEiPjxkc2lnOlRyYW5zZm9ybXM%2BPGRz%0D%0AaWc6VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8w%0D%0AOS94bWxkc2lnI2VudmVsb3BlZC1zaWduYXR1cmUiLz48ZHNpZzpUcmFuc2Zvcm0g%0D%0AQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0%0D%0AbiMiPjxlYzE0bjpJbmNsdXNpdmVOYW1lc3BhY2VzIHhtbG5zOmVjMTRuPSJodHRw%0D%0AOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiIFByZWZpeExpc3Q9%0D%0AInhzIHhzaSIvPjwvZHNpZzpUcmFuc2Zvcm0%2BPC9kc2lnOlRyYW5zZm9ybXM%2BPGRz%0D%0AaWc6RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAw%0D%0AMC8wOS94bWxkc2lnI3NoYTEiLz48ZHNpZzpEaWdlc3RWYWx1ZT54aUFhTnJwVDAw%0D%0AMlF0WXRLUUVFekJDNFNGeTQ9PC9kc2lnOkRpZ2VzdFZhbHVlPjwvZHNpZzpSZWZl%0D%0AcmVuY2U%2BPC9kc2lnOlNpZ25lZEluZm8%2BPGRzaWc6U2lnbmF0dXJlVmFsdWU%2BWnJK%0D%0ATE9LWEVZdDhyZkMyeG9tTEtzU3lQUE5lbXQ1SGlnYUgydlFTczBjcjZIWDRMUHRl%0D%0ATWtEZXVjTkdSUURUOVpYV2VINkNDUi91MTZjSHIzalNpdUVwMGhVT1lvSVZGTExy%0D%0AVER2dVord2ZIMTk4SnczSjl5Z2t5Zjh0Y3p5bWprZ09xSC9FblZFTDk0aUlCQ1g4%0D%0AQkpyS2orSEwyNVM3YnV5MHA1RnBza1NxKzdUV3REZUVSY3NBYVpjRnJXSFV0NHJB%0D%0AZ2paTml4WEVJeE03NldqY1RwOHM4R2JhU2wzRWxvQlZRKzF2b1RyOXZhSks4cXUw%0D%0AbnUxeVJuVGgwbDQ1dktoNWduYXFGU0c1cDlta1piSHhJR0NITURFRytnL24rNTRP%0D%0AcEp6R0NFNmVmUE91Y2ppOWtuN3RWTDJiWkZJTGIxdW1oTWZZY3FseFNuemlBUTFQ%0D%0AK3ZRPT08L2RzaWc6U2lnbmF0dXJlVmFsdWU%2BPC9kc2lnOlNpZ25hdHVyZT48c2Ft%0D%0AbHA6U3RhdHVzPjxzYW1scDpTdGF0dXNDb2RlIFZhbHVlPSJ1cm46b2FzaXM6bmFt%0D%0AZXM6dGM6U0FNTDoyLjA6c3RhdHVzOlN1Y2Nlc3MiLz48L3NhbWxwOlN0YXR1cz48%0D%0Ac2FtbDpBc3NlcnRpb24geG1sbnM6eGVuYz0iaHR0cDovL3d3dy53My5vcmcvMjAw%0D%0AMS8wNC94bWxlbmMjIiBJRD0iQTNFNzc0MUU5RTAxNUU1MjY3MjRGRkZFQ0ZFMTk4%0D%0AQUVDOThDM0Q3QkEiIElzc3VlSW5zdGFudD0iMjAxNC0wMi0yN1QxMDo0MTo0MVoi%0D%0AIFZlcnNpb249IjIuMCIgeG1sbnM6ZHM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAv%0D%0AMDkveG1sZHNpZyMiIHhtbG5zOnNhbWw9InVybjpvYXNpczpuYW1lczp0YzpTQU1M%0D%0AOjIuMDphc3NlcnRpb24iIHhtbG5zOnhzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAx%0D%0AL1hNTFNjaGVtYSIgeG1sbnM6eHNpPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hN%0D%0ATFNjaGVtYS1pbnN0YW5jZSI%2BPHNhbWw6SXNzdWVyPmVvbi1hcHBzLmNvbTwvc2Ft%0D%0AbDpJc3N1ZXI%2BPGRzaWc6U2lnbmF0dXJlIHhtbG5zOmRzaWc9Imh0dHA6Ly93d3cu%0D%0AdzMub3JnLzIwMDAvMDkveG1sZHNpZyMiPjxkc2lnOlNpZ25lZEluZm8%2BPGRzaWc6%0D%0AQ2Fub25pY2FsaXphdGlvbk1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMu%0D%0Ab3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPjxkc2lnOlNpZ25hdHVyZU1ldGhv%0D%0AZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNy%0D%0Ac2Etc2hhMSIvPjxkc2lnOlJlZmVyZW5jZSBVUkk9IiNBM0U3NzQxRTlFMDE1RTUy%0D%0ANjcyNEZGRkVDRkUxOThBRUM5OEMzRDdCQSI%2BPGRzaWc6VHJhbnNmb3Jtcz48ZHNp%0D%0AZzpUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5%0D%0AL3htbGRzaWcjZW52ZWxvcGVkLXNpZ25hdHVyZSIvPjxkc2lnOlRyYW5zZm9ybSBB%0D%0AbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRu%0D%0AIyI%2BPGVjMTRuOkluY2x1c2l2ZU5hbWVzcGFjZXMgeG1sbnM6ZWMxNG49Imh0dHA6%0D%0ALy93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIgUHJlZml4TGlzdD0i%0D%0AeHMgeHNpIi8%2BPC9kc2lnOlRyYW5zZm9ybT48L2RzaWc6VHJhbnNmb3Jtcz48ZHNp%0D%0AZzpEaWdlc3RNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAw%0D%0ALzA5L3htbGRzaWcjc2hhMSIvPjxkc2lnOkRpZ2VzdFZhbHVlPm9rbVNjQ1VGdlU2%0D%0AcERIdGNtZ3lQQjNqMENLST08L2RzaWc6RGlnZXN0VmFsdWU%2BPC9kc2lnOlJlZmVy%0D%0AZW5jZT48L2RzaWc6U2lnbmVkSW5mbz48ZHNpZzpTaWduYXR1cmVWYWx1ZT51dlNP%0D%0AUDJBaVBTTmF6N2U1VnluUW9Qc0RuNVl2c1FzVXU4RzQ2UzJhMTB4MGtNbWxjdXNp%0D%0AbDJTZ0VhZVpHZVBKb3JMZHZYdytVK050cGtrbDg1RTViU1lqSW1KUDJ5bVhZMDha%0D%0AVC9pK1dpSlBnQm9SLzhscmpLdzNwTmNJUnhRNHRCaVh4OTZtNFZPcGJUc0plNGpH%0D%0AY1c3bHBSc1Z0cmVZRzRHNFpOTmlTVVpHazlRLzVHTUcyaGNNOXFLNjBQWHpQN1k5%0D%0AcTNLSkFtNENaRTRJNndseFlPY3RqdHE5VDVOamF2UHdNbVdWcGkyRkN0bWFtYjV5%0D%0Ad2huc1lnQzdvTHNicVYvdHBiUWdMQzNVdkpmTk1ZajFGZzBvVFZ0N0xNdWdTbUd4%0D%0AMUlNVXlpbVpDWTRBTDJ6K2hmcUIrWEhEdU1EY3k1Q1paaEFjSnRBekhnZStOM29P%0D%0AaXc9PTwvZHNpZzpTaWduYXR1cmVWYWx1ZT48L2RzaWc6U2lnbmF0dXJlPjxzYW1s%0D%0AOlN1YmplY3Q%2BPHNhbWw6TmFtZUlEIEZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRj%0D%0AOlNBTUw6Mi4wOm5hbWVpZC1mb3JtYXQ6dHJhbnNpZW50IiBOYW1lUXVhbGlmaWVy%0D%0APSJlb24tYXBwcy5jb20iIFNQTmFtZVF1YWxpZmllcj0idXNlcnBvcnRhbC5lY3Qt%0D%0Ac3lzLm5ldCI%2BNDJkMTk5OWNhMDc4YWZiOGIxNmJmM2JmMGY0OTg3NzVhNWZmYzRi%0D%0AMzwvc2FtbDpOYW1lSUQ%2BPHNhbWw6U3ViamVjdENvbmZpcm1hdGlvbiBNZXRob2Q9%0D%0AInVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpjbTpiZWFyZXIiPjxzYW1sOlN1%0D%0AYmplY3RDb25maXJtYXRpb25EYXRhIE5vdE9uT3JBZnRlcj0iMjAxNC0wMi0yN1Qx%0D%0AMDo0Mzo0MVoiIFJlY2lwaWVudD0iaHR0cDovL3VzZXJwb3J0YWwuZWN0LXN5cy5u%0D%0AZXQiLz48L3NhbWw6U3ViamVjdENvbmZpcm1hdGlvbj48L3NhbWw6U3ViamVjdD48%0D%0Ac2FtbDpDb25kaXRpb25zIE5vdEJlZm9yZT0iMjAxNC0wMi0yN1QxMDo0MDo0MVoi%0D%0AIE5vdE9uT3JBZnRlcj0iMjAxNC0wMi0yN1QxMDo0Mzo0MVoiPjxzYW1sOkF1ZGll%0D%0AbmNlUmVzdHJpY3Rpb24%2BPHNhbWw6QXVkaWVuY2U%2BdXNlcnBvcnRhbC5lY3Qtc3lz%0D%0ALm5ldDwvc2FtbDpBdWRpZW5jZT48L3NhbWw6QXVkaWVuY2VSZXN0cmljdGlvbj48%0D%0Ac2FtbDpPbmVUaW1lVXNlLz48L3NhbWw6Q29uZGl0aW9ucz48c2FtbDpBdXRoblN0%0D%0AYXRlbWVudCBBdXRobkluc3RhbnQ9IjIwMTQtMDItMjdUMTA6MTQ6NDlaIiBTZXNz%0D%0AaW9uSW5kZXg9IkEzRTc3NDFFOUUwMTVFNTI2NzI0RkZGRUNGRTE5OEFFQzk4QzNE%0D%0AN0JBIiBTZXNzaW9uTm90T25PckFmdGVyPSIyMDE0LTAyLTI3VDE4OjE1OjQ5WiI%2B%0D%0APHNhbWw6QXV0aG5Db250ZXh0PjxzYW1sOkF1dGhuQ29udGV4dENsYXNzUmVmPnVy%0D%0AbjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphYzpjbGFzc2VzOlBhc3N3b3JkPC9z%0D%0AYW1sOkF1dGhuQ29udGV4dENsYXNzUmVmPjwvc2FtbDpBdXRobkNvbnRleHQ%2BPC9z%0D%0AYW1sOkF1dGhuU3RhdGVtZW50PjxzYW1sOkF0dHJpYnV0ZVN0YXRlbWVudD48c2Ft%0D%0AbDpBdHRyaWJ1dGUgTmFtZT0iZW9ubGRhcGRuIiBOYW1lRm9ybWF0PSJ1cm46b2Fz%0D%0AaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXR0cm5hbWUtZm9ybWF0OmJhc2ljIj48c2Ft%0D%0AbDpBdHRyaWJ1dGVWYWx1ZSB4c2k6dHlwZT0ieHM6c3RyaW5nIj5jbj1CMTU4NDcs%0D%0Ab3U9dXNlcnMsb3U9ZWVhLG89ZW9uLGM9ZGU8L3NhbWw6QXR0cmlidXRlVmFsdWU%2B%0D%0APC9zYW1sOkF0dHJpYnV0ZT48c2FtbDpBdHRyaWJ1dGUgTmFtZT0idWlkIiBOYW1l%0D%0ARm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXR0cm5hbWUtZm9y%0D%0AbWF0OmJhc2ljIj48c2FtbDpBdHRyaWJ1dGVWYWx1ZSB4c2k6dHlwZT0ieHM6c3Ry%0D%0AaW5nIj5CMTU4NDc8L3NhbWw6QXR0cmlidXRlVmFsdWU%2BPC9zYW1sOkF0dHJpYnV0%0D%0AZT48L3NhbWw6QXR0cmlidXRlU3RhdGVtZW50Pjwvc2FtbDpBc3NlcnRpb24%2BPC9z%0D%0AYW1scDpSZXNwb25zZT4%3D&RelayState=http%3A%2F%2Fuserportal.ect-sys.net%2F%3Fwa%3Dwsignin1.0

并使用https://rnd.feide.no/simplesaml/module.php/saml2debug/debug.php

进行解码
<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" Destination="http://userportal.ect-sys.net" ID="I11252B54A420403870018FAC4D9BCE982E3B4AF1" IssueInstant="2014-02-27T10:41:41Z" Version="2.0">
  <saml:Issuer>eon-apps.com</saml:Issuer>
  <dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
    <dsig:SignedInfo>
      <dsig:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
      <dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
      <dsig:Reference URI="#I11252B54A420403870018FAC4D9BCE982E3B4AF1">
        <dsig:Transforms>
          <dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
          <dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
            <ec14n:InclusiveNamespaces xmlns:ec14n="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="xs xsi"/>
          </dsig:Transform>
        </dsig:Transforms>
        <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
        <dsig:DigestValue>xiAaNrpT002QtYtKQEEzBC4SFy4=</dsig:DigestValue>
      </dsig:Reference>
    </dsig:SignedInfo>
    <dsig:SignatureValue>ZrJLOKXEYt8rfC2xomLKsSyPPNemt5HigaH2vQSs0cr6HX4LPteMkDeucNGRQDT9ZXWeH6CCR/u16cHr3jSiuEp0hUOYoIVFLLrTDvuZ+wfH198Jw3J9ygkyf8tczymjkgOqH/EnVEL94iIBCX8BJrKj+HL25S7buy0p5FpskSq+7TWtDeERcsAaZcFrWHUt4rAgjZNixXEIxM76WjcTp8s8GbaSl3EloBVQ+1voTr9vaJK8qu0nu1yRnTh0l45vKh5gnaqFSG5p9mkZbHxIGCHMDEG+g/n+54OpJzGCE6efPOucji9kn7tVL2bZFILb1umhMfYcqlxSnziAQ1P+vQ==</dsig:SignatureValue>
  </dsig:Signature>
  <samlp:Status>
    <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
  </samlp:Status>
  <saml:Assertion xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" ID="A3E7741E9E015E526724FFFECFE198AEC98C3D7BA" IssueInstant="2014-02-27T10:41:41Z" Version="2.0" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
    <saml:Issuer>eon-apps.com</saml:Issuer>
    <dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
      <dsig:SignedInfo>
        <dsig:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
        <dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
        <dsig:Reference URI="#A3E7741E9E015E526724FFFECFE198AEC98C3D7BA">
          <dsig:Transforms>
            <dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
            <dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
              <ec14n:InclusiveNamespaces xmlns:ec14n="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="xs xsi"/>
            </dsig:Transform>
          </dsig:Transforms>
          <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
          <dsig:DigestValue>okmScCUFvU6pDHtcmgyPB3j0CKI=</dsig:DigestValue>
        </dsig:Reference>
      </dsig:SignedInfo>
      <dsig:SignatureValue>uvSOP2AiPSNaz7e5VynQoPsDn5YvsQsUu8G46S2a10x0kMmlcusil2SgEaeZGePJorLdvXw+U+Ntpkkl85E5bSYjImJP2ymXY08ZT/i+WiJPgBoR/8lrjKw3pNcIRxQ4tBiXx96m4VOpbTsJe4jGcW7lpRsVtreYG4G4ZNNiSUZGk9Q/5GMG2hcM9qK60PXzP7Y9q3KJAm4CZE4I6wlxYOctjtq9T5NjavPwMmWVpi2FCtmamb5ywhnsYgC7oLsbqV/tpbQgLC3UvJfNMYj1Fg0oTVt7LMugSmGx1IMUyimZCY4AL2z+hfqB+XHDuMDcy5CZZhAcJtAzHge+N3oOiw==</dsig:SignatureValue>
    </dsig:Signature>
    <saml:Subject>
      <saml:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient" NameQualifier="eon-apps.com" SPNameQualifier="userportal.ect-sys.net">42d1999ca078afb8b16bf3bf0f498775a5ffc4b3</saml:NameID>
      <saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
        <saml:SubjectConfirmationData NotOnOrAfter="2014-02-27T10:43:41Z" Recipient="http://userportal.ect-sys.net"/>
      </saml:SubjectConfirmation>
    </saml:Subject>
    <saml:Conditions NotBefore="2014-02-27T10:40:41Z" NotOnOrAfter="2014-02-27T10:43:41Z">
      <saml:AudienceRestriction>
        <saml:Audience>userportal.ect-sys.net</saml:Audience>
      </saml:AudienceRestriction>
      <saml:OneTimeUse/>
    </saml:Conditions>
    <saml:AuthnStatement AuthnInstant="2014-02-27T10:14:49Z" SessionIndex="A3E7741E9E015E526724FFFECFE198AEC98C3D7BA" SessionNotOnOrAfter="2014-02-27T18:15:49Z">
      <saml:AuthnContext>
        <saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</saml:AuthnContextClassRef>
      </saml:AuthnContext>
    </saml:AuthnStatement>
    <saml:AttributeStatement>
      <saml:Attribute Name="eonldapdn" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
        <saml:AttributeValue xsi:type="xs:string">cn=B15847,ou=users,ou=eea,o=eon,c=de</saml:AttributeValue>
      </saml:Attribute>
      <saml:Attribute Name="uid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
        <saml:AttributeValue xsi:type="xs:string">B15847</saml:AttributeValue>
      </saml:Attribute>
    </saml:AttributeStatement>
  </saml:Assertion>
</samlp:Response>

但是这并没有给我一个身份,尽管SAML reposnse在令牌中有一个有效的用户。

有什么想法吗? 网络上是否有SAML2与.net 4.5.1集成的示例项目? 我是否需要创建继承自Saml2SecurityTokenHandler的自定义SAML2ToeknHandler?

1 个答案:

答案 0 :(得分:3)

您正在使用SAML2协议(saml2p) - .NET / WIF不支持 - 只有SAML2令牌 - 这是一个很大的区别。