thinktecture identityserver 2 - 在app和IdP之间弹跳

时间:2014-04-19 23:10:09

标签: saml-2.0 thinktecture-ident-server

我们在同一台服务器上部署了3个应用程序。其中1个应用程序按预期工作,允许我们识别thinktecture身份服务器2,没有问题。其他2个应用程序具有以下模式:

  1. 转到应用程序URl
  2. 由于您未登录,因此会按预期重定向到IdP
  3. 您登录IdP并获得IdP cookie
  4. 您将被带回应用程序
  5. 该应用程序确定您尚未登录,并将您发送回IdP
  6. IdP决定您已登录并将您发送回应用程序
  7. 无限重复步骤5和6

    8. 我们正在使用SAML 2.0。

    工作应用的web.config片段:

    <system.serviceModel>
<bindings>
  <wsHttpBinding>
    <binding name="WSHttpBinding_IArmDAL" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00" bypassProxyOnLocal="false" transactionFlow="false" hostNameComparisonMode="StrongWildcard" maxBufferPoolSize="524288" maxReceivedMessageSize="1262144" messageEncoding="Text" textEncoding="utf-8" useDefaultWebProxy="true" allowCookies="false">
      <readerQuotas maxDepth="32" maxStringContentLength="65536" maxArrayLength="16384" maxBytesPerRead="4096" maxNameTableCharCount="16384" />
      <reliableSession ordered="true" inactivityTimeout="00:10:00" enabled="false" />
      <security mode="Message">
        <transport clientCredentialType="Windows" proxyCredentialType="None" realm="" />
        <message clientCredentialType="Windows" negotiateServiceCredential="true" algorithmSuite="Default" establishSecurityContext="true" />
      </security>
    </binding>
  </wsHttpBinding>
</bindings>
<client>
  <endpoint address="http://localhost:81/ArmDAL.svc" binding="wsHttpBinding" bindingConfiguration="WSHttpBinding_IArmDAL" contract="ArmDALService.IArmDAL" name="WSHttpBinding_IArmDAL">
    <identity>
      <dns value="localhost" />
    </identity>
  </endpoint>
</client>
</system.serviceModel>
<system.identityModel>
<identityConfiguration>
  <tokenReplayDetection enabled="true" />
  <audienceUris>
    <add value="https://Z.com/" />

  </audienceUris>
  <issuerNameRegistry type="System.IdentityModel.Tokens.ValidatingIssuerNameRegistry, System.IdentityModel.Tokens.ValidatingIssuerNameRegistry">
    <authority name="http://idp.com/IdentityServer">
      <keys>
        <add thumbprint="FD2BA696B57FD24D597034D4EC308D010D506C9A" />
      </keys>
      <validIssuers>
        <add name="http://idp.com/IdentityServer" />
      </validIssuers>
    </authority>
  </issuerNameRegistry>
  <!--certificationValidationMode set to "None" by the the Identity and Access Tool for Visual Studio. For development purposes.-->
  <securityTokenHandlers>
    <remove type="System.IdentityModel.Tokens.SessionSecurityTokenHandler, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
    <add type="System.IdentityModel.Services.Tokens.MachineKeySessionSecurityTokenHandler, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
  </securityTokenHandlers>
  <certificateValidation certificateValidationMode="None" />
</identityConfiguration>
</system.identityModel>
<system.identityModel.services>
<federationConfiguration>
  <cookieHandler requireSsl="false" />
  <wsFederation passiveRedirectEnabled="true" issuer="https://idp-alpha.com/issue/wsfed" realm="https://z.com/" requireHttps="false" />
</federationConfiguration>
</system.identityModel.services>

    无效应用的web.config片段

    <system.identityModel>
 <identityConfiguration>
  <tokenReplayDetection enabled="true" />
  <audienceUris>
    <add value="https://X.com/" />

  </audienceUris>
  <issuerNameRegistry type="System.IdentityModel.Tokens.ValidatingIssuerNameRegistry, System.IdentityModel.Tokens.ValidatingIssuerNameRegistry">
    <authority name="http://IdP.com/IdentityServer">
      <keys>
        <add thumbprint="FD2BA696B57FD24D597034D4EC308D010D506C9A" />
      </keys>
      <validIssuers>
        <add name="http://IdP.com/IdentityServer" />
      </validIssuers>
    </authority>
  </issuerNameRegistry>
  <!--certificationValidationMode set to "None" by the the Identity and Access Tool for Visual Studio. For development purposes.-->
  <securityTokenHandlers>
    <remove type="System.IdentityModel.Tokens.SessionSecurityTokenHandler, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
    <add type="System.IdentityModel.Services.Tokens.MachineKeySessionSecurityTokenHandler, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
  </securityTokenHandlers>
  <certificateValidation certificateValidationMode="None" />
</identityConfiguration>
</system.identityModel>
<system.identityModel.services>
<federationConfiguration>
  <cookieHandler requireSsl="false" />
  <wsFederation passiveRedirectEnabled="true" issuer="https://idp-alphacom/issue/wsfed" realm="https://X.com/" requireHttps="false" />
</federationConfiguration>
</system.identityModel.services>

1 个答案:

答案 0 :(得分:0)

您是否在依赖方中捕获错误? 如果您正在获取令牌重放检测,您可以将其关闭

<tokenReplayDetection enabled="false" />
相关问题
最新问题