发送SAML 2.0 AuthnRequest时ADFS返回错误

时间:2014-12-22 07:47:17

标签: c# asp.net-mvc-4 saml-2.0 adfs2.0 codeplex

我有一个签名的AuthnRequest,当我将saml请求发送到ADFS时发生以下错误:

  

Microsoft.IdentityServer.Protocols.Saml.HttpSamlMessageException:   MSIS7015:此请求不包含预期的协议消息   根据HTTP SAML找到了不正确的协议参数   协议绑定。在   Microsoft.IdentityServer.Web.HttpSamlMessageFactory.CreateMessage(HttpContext的   httpContext)   Microsoft.IdentityServer.Web.FederationPassiveContext.EnsureCurrent(HttpContext的   上下文中)

这是我签署的AuthnRequest:

<?xml version="1.0"?>
<samlp:AuthnRequest xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" Version="2.0" Destination="https://xadfs.xxx.com/adfs/ls/" ID="idde801c3623e24a46ac1b8249dadc6d49" IssueInstant="2014-12-22T07:05:33.7751472Z" AssertionConsumerServiceURL="http://sp.com/" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" IsPassive="false">
<saml:Issuer>https:/sp.com</saml:Issuer>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
  <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
  <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
  <Reference URI="#idde801c3623e24a46ac1b8249dadc6d49">
    <Transforms>
      <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
      <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
    </Transforms>
    <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
    <DigestValue>exOnraFOscgGqGJ730P1o7e0hsc=</DigestValue>
  </Reference>
</SignedInfo>
<SignatureValue>...Signature...</SignatureValue>
<KeyInfo>
  <X509Data>
    <X509Certificate>...Cert...</X509Certificate>
  </X509Data>
</KeyInfo>
</Signature>
<samlp:NameIDPolicy AllowCreate="True" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"/>
<samlp:RequestedAuthnContext Comparison="exact">
<saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef>
</samlp:RequestedAuthnContext>
</samlp:AuthnRequest>

这是我的POST请求:

POST https://xadfs.xxx.com/adfs/ls/ HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Referer: https://sp.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip, deflate
Host: xadfs.xxx.com
Content-Length: 3924
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: MSISIPSelectionPersistent=aHR0...

SAMLRequest=request&RelayState=token

请告诉我我的saml请求有什么问题?

我有一个MVC SP并使用SAML2 Nuget Package。

1 个答案:

答案 0 :(得分:0)

我发现了问题:

AllowCreate值应为“true”而不是“True”

相关问题
最新问题