将我们的应用程序设置为服务提供者[SalesForce是IdP,我们使用的是AspNetSaml]

时间:2018-03-01 20:11:49

标签: salesforce single-sign-on saml-2.0

我认为我很接近,但我只缺少一些东西:

下式给出:

我们只是希望能够打开我们的应用程序,从salesforce获取UserID(与我们的应用程序中的UserID相匹配),并将我们登录......似乎很容易。

我们正在尝试使用开源C#组件AspNetSaml https://github.com/jitbit/AspNetSaml

我有一个托管我们应用的云实例,用于测试:

访问我们的应用程序的URL将类似于:http://1.2.3.4/OurCompanyApp/app.wgx

SALESFORCE:

我没有启动此流程,但我确实看到在Salesforce中我们将其设置为身份提供商。所以我在Identity Provider下看到了这些信息:

Issuer: https://our-company-stuff.my.salesforce.com
Label: SelfSignedCert_04Nov2016_195856
Unique Name: SelfSignedCert_04Nov2017_195856
Key Size: 2048
Salesforce Identity: https://our-company-stuff.my.salesforce.com/.well-known/samlidp.xml

我确实通过互联应用程序设置了服务提供商:

Connected App Name: AppTest
API Name: AppTest
Description: AppTest
Start URL: http://1.2.3.4/OurCompanyApp/app.wgx
Enable SAML: true
Entity ID: http://1.2.3.4/OurCompanyApp/app.wgx
ACS URL: http://1.2.3.4/OurCompanyApp/samlconsume.wgx
Enable Single Logout: false
Subject Type: User ID
Name ID Format: urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
IdP Certificate: Default IdP Certificate

实际代码:

//var samlEndpoint = "https://csi1-dev-ed.my.salesforce.com/";
//var samlEndpoint = "https://csi1-dev-ed.my.salesforce.com/.well-known/samlidp.xml";            
(one of these would be un-commented)

var request = new AuthRequest(
    "http://1.2.3.4/OurCompanyApp/app.wgx", //put your app's "unique ID" here
    "http://1.2.3.4/OurCompanyApp/samlconsume.wgx" //assertion Consumer Url - the URL where provider will redirect authenticated users BACK
);
string url = request.GetRedirectUrl(samlEndpoint);
Response.Redirect(url);

GetRedirectUrl加密xml的这一位:

xw.WriteStartElement("samlp", "AuthnRequest", "urn:oasis:names:tc:SAML:2.0:protocol");
xw.WriteAttributeString("ID", _id);
xw.WriteAttributeString("Version", "2.0");
xw.WriteAttributeString("IssueInstant", _issue_instant);
xw.WriteAttributeString("ProtocolBinding", "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST");
xw.WriteAttributeString("AssertionConsumerServiceURL", _assertionConsumerServiceUrl);

xw.WriteStartElement("saml", "Issuer", "urn:oasis:names:tc:SAML:2.0:assertion");
xw.WriteString(_issuer);
xw.WriteEndElement();

xw.WriteStartElement("samlp", "NameIDPolicy", "urn:oasis:names:tc:SAML:2.0:protocol");
xw.WriteAttributeString("Format", "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified");
xw.WriteAttributeString("AllowCreate", "true");
xw.WriteEndElement();

我重定向到的返回的URL将是一些东西(取决于我尝试过的端点,我用两者测试过):

https://our-company-stuff.my.salesforce.com/?SAMLRequest=jZJdT8IwGIX%2fStP77oMx2Bq2BCHGJagLTC%2b8Md1WpEnXzn5M%2ffeWgQleSLxr3pxznvO%2b6UKTjvd4ac1BbOm7pdqAYp3B11kwn8SzZI%2bSuG3RdEZSVLfzGjVJTAL3COuogeCZKs2kyODECyAotLa0ENoQYdwoCBMURCgIqzDF0wiH0QsEpZJGNpLfMNEy8ZZBqwSWRDONBemoxqbBu%2bX9BrtEXJ9EGt9VVYnKx10FwVJrqoyDrqTQtqNqR9XAGvq03WTwYEyPfT%2beemnghXHohak%2fMGUs4bJ2voEqv5TaeEfEOcAbZMch%2bOy40Hg8x%2fVS%2fXkDmC%2bOajxurS781%2b3kpz%2fM%2f9N2kGO%2fhX%2fBOoF7%2fODCi3UpOWu%2bwK1UHTF%2fs136OGEt2o9SbIXuacP2jLburJzLj5WixNAMGmUpBH5%2bov7%2bHvk3

结果:

我已经调整了身份ID,端点的配置,但Salesforce永远不会访问我们的samlconsume.wgx,所有重定向都会将我带到我的主页:https://our-company-app.salesforce.com/home/home.jsp

我现在不知所措。任何帮助将不胜感激。

0 个答案:

没有答案
相关问题
最新问题