Kentor:[KeyNotFoundException:找不到实体ID为“http://adfs.domain.com/adfs/services/trust”的Idp。]

时间:2016-11-08 01:58:02

标签: kentor-authservices

我们要求启用SAML SSO登录,我们正在使用Kentor HttpModule实现SSO。  当Idp调用我的应用程序时,我遇到了一个问题。 kentor服务抛出给定的密钥在字典中不存在。这里的idp是ADFS。

我们尝试使用stubidp并且工作正常。

以下是我的Saml配置

        private static IdentityProvider CreateAuthServicesOptions()
    {
        var spOptions = GetServiceProviderOptions();


        var idp = new IdentityProvider(new EntityId("http://IQTDEV01.domain.com/adfs/services/trust/"), spOptions)
        {
            AllowUnsolicitedAuthnResponse = true,
            Binding = Saml2BindingType.HttpPost,
            WantAuthnRequestsSigned=true,
            //LoadMetadata = true,
            SingleSignOnServiceUrl = new Uri("https://IQTDEV01.iqtrackdev.com/adfs/ls/")
        };

        idp.SigningKeys.AddConfiguredKey(
                new X509Certificate2(AppDomain.CurrentDomain.SetupInformation.ApplicationBase + "/ADFSService.cer"));

        return idp;
    }

    private static SPOptions GetServiceProviderOptions()
    {
        var cultureInfo = CultureInfo.GetCultureInfo("en-US");


        var spOptions = new SPOptions
        {
            EntityId = new EntityId("https://app.domain.com/AuthServices/"),
            ReturnUrl = new Uri("https://app.domain.com"),

            AuthenticateRequestSigningBehavior=SigningBehavior.Always

        };
        X509Store store = new X509Store(StoreName.My, StoreLocation.LocalMachine);
        store.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly);
        X509Certificate2Collection cers = store.Certificates.Find(X509FindType.FindByThumbprint, "‎FDDAF5EAA6E2B232E0012C0E77955C13246D2DF4", false);


        Kentor.AuthServices.ServiceCertificate ser = new Kentor.AuthServices.ServiceCertificate();
        ser.Certificate = cers[0];
        ser.Use = Kentor.AuthServices.CertificateUse.Signing;
        spOptions.ServiceCertificates.Add(ser);

        //spOptions.ServiceCertificates.Add(new X509Certificate2(
        //        AppDomain.CurrentDomain.SetupInformation.ApplicationBase + "/ADFSService.cer"));

        return spOptions;
    }

    protected void OnAuthenticateRequest(object sender, EventArgs e)
    {
        var application = (HttpApplication)sender;

        // Strip the leading ~ from the AppRelative path.
        var appRelativePath = application.Request.AppRelativeCurrentExecutionFilePath;
        appRelativePath = (!string.IsNullOrEmpty(appRelativePath))
            ? appRelativePath.Substring(1)
            : string.Empty;          

        if (application.Request != null)
      {


            Kentor.AuthServices.Configuration.Options op = new Options(GetServiceProviderOptions());



            op.IdentityProviders.Add(CreateAuthServicesOptions());
            Options = op;
        }

        var modulePath = Options.SPOptions.ModulePath;

        if (appRelativePath.StartsWith(modulePath, StringComparison.OrdinalIgnoreCase))
        {
            var commandName = appRelativePath.Substring(modulePath.Length);

            var command = CommandFactory.GetCommand(commandName);
            var commandResult = command.Run(
                new HttpRequestWrapper(application.Request).ToHttpRequestData(),
                Options);

            if (!commandResult.HandledResult)
            {
                commandResult.SignInOrOutSessionAuthenticationModule();
                commandResult.Apply(new HttpResponseWrapper(application.Response));
            }
        }
    }

Exception

0 个答案:

没有答案