Question

这是我的web.config文件

<configuration>
    <configSections>
        <section name="system.identityModel" type="System.IdentityModel.Configuration.SystemIdentityModelSection, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
        <section name="system.identityModel.services" type="System.IdentityModel.Services.Configuration.SystemIdentityModelServicesSection, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
        <section name="kentor.authServices" type="Kentor.AuthServices.Configuration.KentorAuthServicesSection, Kentor.AuthServices" />
    </configSections>
    <appSettings>
        <add key="webpages:Version" value="3.0.0.0" />
        <add key="webpages:Enabled" value="false" />
        <add key="ClientValidationEnabled" value="true" />
        <add key="UnobtrusiveJavaScriptEnabled" value="true" />
    </appSettings>
    <system.diagnostics>
        <trace>
            <listeners>
                <add type="Microsoft.WindowsAzure.Diagnostics.DiagnosticMonitorTraceListener, Microsoft.WindowsAzure.Diagnostics, Version=2.8.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" name="AzureDiagnostics">
                    <filter type="" />
                </add>
            </listeners>
        </trace>
    </system.diagnostics>
    <!--
    For a description of web.config changes see http://go.microsoft.com/fwlink/?LinkId=235367.

    The following attributes can be set on the <httpRuntime> tag.
      <system.Web>
        <httpRuntime targetFramework="4.6.1" />
      </system.Web>
  -->
    <system.web>
        <compilation debug="true" targetFramework="4.6.1" />
        <httpRuntime targetFramework="4.5.2" />

        <authentication mode="Forms">
            <forms loginUrl="~/AuthServices/SignIn" />
        </authentication>
    </system.web>
    <system.webServer>
        <modules>
            <add name="SessionAuthenticationModule" type="System.IdentityModel.Services.SessionAuthenticationModule, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" preCondition="managedHandler" />
        </modules>

    </system.webServer>

    <kentor.authServices entityId="http://myapp.ci.01/metadata" returnUrl="http://localhost:63238/AuthServices/Acs">
        <identityProviders>
            <add entityId="http://myapp.ci.01/metadata" 
                 signOnUrl="https://sso.myapp.com/issue/saml/?binding=redirect" 
                allowUnsolicitedAuthnResponse="true" binding="HttpRedirect">
                <signingCertificate fileName="~/App_Data/MyApp.AuthServices.StubIdp.cer" />
            </add>
        </identityProviders>
    </kentor.authServices>
    <system.identityModel.services>
        <federationConfiguration>
            <cookieHandler requireSsl="false" name="RMInform" />
        </federationConfiguration>
    </system.identityModel.services>


    <system.codedom>
        <compilers>
            <compiler language="c#;cs;csharp" extension=".cs" type="Microsoft.CodeDom.Providers.DotNetCompilerPlatform.CSharpCodeProvider, Microsoft.CodeDom.Providers.DotNetCompilerPlatform, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" warningLevel="4" compilerOptions="/langversion:6 /nowarn:1659;1699;1701" />
            <compiler language="vb;vbs;visualbasic;vbscript" extension=".vb" type="Microsoft.CodeDom.Providers.DotNetCompilerPlatform.VBCodeProvider, Microsoft.CodeDom.Providers.DotNetCompilerPlatform, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" warningLevel="4" compilerOptions="/langversion:14 /nowarn:41008 /define:_MYTYPE=\&quot;Web\&quot; /optionInfer+" />
        </compilers>
    </system.codedom>
    <runtime>
        <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
            <dependentAssembly>
                <assemblyIdentity name="WebGrease" publicKeyToken="31bf3856ad364e35" culture="neutral" />
                <bindingRedirect oldVersion="0.0.0.0-1.5.2.14234" newVersion="1.5.2.14234" />
            </dependentAssembly>
        </assemblyBinding>
    </runtime>
</configuration>

但在登录后重定向到我的localhost时，我收到错误

＆＃39; /＆＃39;中的服务器错误应用

包含InResponseTo的预期消息   ＆＃34; id0dda716c55fd41bd98d4899ca3e14036＆＃34;，但没有找到。

描述：执行期间发生了未处理的异常   当前的网络请求。请查看堆栈跟踪了解更多信息   有关错误的信息以及它在代码中的起源。

异常详细信息：   Kentor.AuthServices.Exceptions.Saml2ResponseFailedValidationException：   包含InResponseTo的预期消息   ＆＃34; id0dda716c55fd41bd98d4899ca3e14036＆＃34;，但没有找到。

来源错误：

执行期间生成了未处理的异常   当前的网络请求。有关的来源和位置的信息   可以使用下面的异常堆栈跟踪来识别异常。

堆栈追踪：

[Saml2ResponseFailedValidationException：要包含的预期消息   InResponseTo＆＃34; id0dda716c55fd41bd98d4899ca3e14036＆＃34;，但没有找到。]

  Kentor.AuthServices.Saml2P.Saml2Response.ReadAndValidateInResponseTo（XmlElement的   xml，Saml2Id expectedInResponseTo）+295
  Kentor.AuthServices.Saml2P.Saml2Response..ctor（XmlElement xml，Saml2Id   expectedInResponseTo）+317
  Kentor.AuthServices.WebSso.AcsCommand.Run（HttpRequestData请求，   IOptions选项）+869
  Kentor.AuthServices.Mvc.AuthServicesController.Acs（）+81
  lambda_method（Closure，ControllerBase，Object []）+87
  System.Web.Mvc.ReflectedActionDescriptor.Execute（ControllerContext   controllerContext，IDictionary 2 parameters) +280 System.Web.Mvc.ControllerActionInvoker.InvokeActionMethod(ControllerContext controllerContext, ActionDescriptor actionDescriptor, IDictionary 2   参数）+35
  System.Web.Mvc.Async＆LT;＆GT; c__DisplayClass42.b__41（）   +33 System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeActionMethod（IAsyncResult）   asyncResult）+42
  System.Web.Mvc.Async＆LT;＆GT; c__DisplayClass39.b__33（）   +80 System.Web.Mvc.Async。＆lt;＆gt; c__DisplayClass4f.b__49（）   +386 System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeActionMethodWithFilters（IAsyncResult）   asyncResult）+42
  System.Web.Mvc.Async＆LT;＆GT; c__DisplayClass2a.b__20（）   +32 System.Web.Mvc.Async。＆lt;＆gt; c__DisplayClass25.b__22（IAsyncResult   asyncResult）+185
  System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeAction（IAsyncResult的   asyncResult）+38
  System.Web.Mvc＆LT;＆GT; c__DisplayClass1d.b__18（IAsyncResult的   asyncResult）+27
  System.Web.Mvc.Async＆LT;＆GT; c__DisplayClass4.b__3（IAsyncResult的   ar）+22 System.Web.Mvc.Controller.EndExecuteCore（IAsyncResult   asyncResult）+53
  System.Web.Mvc.Async＆LT;＆GT; c__DisplayClass4.b__3（IAsyncResult的   ar）+22 System.Web.Mvc.Controller.EndExecute（IAsyncResult   asyncResult）+38
  System.Web.Mvc＆LT;＆GT; c__DisplayClass8.b__3（IAsyncResult的   asyncResult）+42
  System.Web.Mvc.Async＆LT;＆GT; c__DisplayClass4.b__3（IAsyncResult的   ar）+22 System.Web.Mvc.MvcHandler.EndProcessRequest（IAsyncResult）   asyncResult）+38
  System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute（）   +657 System.Web.HttpApplication.ExecuteStep（IExecutionStep step，Boolean＆amp; completedSynchronously）+146

这是我的SAML回复

<saml2p:AuthnRequest xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" ID="idcbb43fbc52b34e88b34e71fcb80c9ac8" Version="2.0" IssueInstant="2016-06-14T12:09:50Z" Destination="sso.myapp.com/issue/saml? binding=redirect" AssertionConsumerServiceURL="localhost:63238/AuthServices/Acs">; <saml2:Issuer>myapp.ci.01/metadata</saml2:Issuer>; </saml2p:AuthnRequest>

Answer 1

看起来您的Idp未在响应消息中正确包含inResponseTo属性。这违反了SAML规范。

使用SAML Tracer for Firefox或SAML DevTools for Chrome等工具在浏览器中查看SAML消息。检查回复的InResponseTo是否与SP发送的Id的{{1}}相匹配。如果不存在，则Idp不正确。

可以在AuthServices中添加兼容性设置以忽略此错误。如果您需要，请在AuthServices GitHub问题跟踪器上打开一个问题进行讨论。

获取错误预期消息包含InResponseTo＆＃34; id142e8231161a4246bf345d331a7b0ace＆＃34;，但未找到。在Kendor.AuthServices.MVC中

1 个答案: