我们要求启用SAML SSO登录,我们正在使用Kentor HttpModule实现SSO。 当Idp调用我的应用程序时,我遇到了一个问题。 kentor服务抛出给定的密钥在字典中不存在。这里的idp是ADFS。
我们尝试使用stubidp并且工作正常。
以下是我的Saml配置
private static IdentityProvider CreateAuthServicesOptions()
{
var spOptions = GetServiceProviderOptions();
var idp = new IdentityProvider(new EntityId("http://IQTDEV01.domain.com/adfs/services/trust/"), spOptions)
{
AllowUnsolicitedAuthnResponse = true,
Binding = Saml2BindingType.HttpPost,
WantAuthnRequestsSigned=true,
//LoadMetadata = true,
SingleSignOnServiceUrl = new Uri("https://IQTDEV01.iqtrackdev.com/adfs/ls/")
};
idp.SigningKeys.AddConfiguredKey(
new X509Certificate2(AppDomain.CurrentDomain.SetupInformation.ApplicationBase + "/ADFSService.cer"));
return idp;
}
private static SPOptions GetServiceProviderOptions()
{
var cultureInfo = CultureInfo.GetCultureInfo("en-US");
var spOptions = new SPOptions
{
EntityId = new EntityId("https://app.domain.com/AuthServices/"),
ReturnUrl = new Uri("https://app.domain.com"),
AuthenticateRequestSigningBehavior=SigningBehavior.Always
};
X509Store store = new X509Store(StoreName.My, StoreLocation.LocalMachine);
store.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly);
X509Certificate2Collection cers = store.Certificates.Find(X509FindType.FindByThumbprint, "FDDAF5EAA6E2B232E0012C0E77955C13246D2DF4", false);
Kentor.AuthServices.ServiceCertificate ser = new Kentor.AuthServices.ServiceCertificate();
ser.Certificate = cers[0];
ser.Use = Kentor.AuthServices.CertificateUse.Signing;
spOptions.ServiceCertificates.Add(ser);
//spOptions.ServiceCertificates.Add(new X509Certificate2(
// AppDomain.CurrentDomain.SetupInformation.ApplicationBase + "/ADFSService.cer"));
return spOptions;
}
protected void OnAuthenticateRequest(object sender, EventArgs e)
{
var application = (HttpApplication)sender;
// Strip the leading ~ from the AppRelative path.
var appRelativePath = application.Request.AppRelativeCurrentExecutionFilePath;
appRelativePath = (!string.IsNullOrEmpty(appRelativePath))
? appRelativePath.Substring(1)
: string.Empty;
if (application.Request != null)
{
Kentor.AuthServices.Configuration.Options op = new Options(GetServiceProviderOptions());
op.IdentityProviders.Add(CreateAuthServicesOptions());
Options = op;
}
var modulePath = Options.SPOptions.ModulePath;
if (appRelativePath.StartsWith(modulePath, StringComparison.OrdinalIgnoreCase))
{
var commandName = appRelativePath.Substring(modulePath.Length);
var command = CommandFactory.GetCommand(commandName);
var commandResult = command.Run(
new HttpRequestWrapper(application.Request).ToHttpRequestData(),
Options);
if (!commandResult.HandledResult)
{
commandResult.SignInOrOutSessionAuthenticationModule();
commandResult.Apply(new HttpResponseWrapper(application.Response));
}
}
}