使用Sustainsys / Saml2使用SAML联合.NET MVC应用程序

时间:2018-05-08 16:12:33

标签: .net saml-2.0 sustainsys-saml2

目前,我们的网络应用正在使用Windows身份验证。我们需要将其与SAML的现有单点登录集成。我期待Sustainsys / Saml2将我们的网络应用程序与SAML集成。

我们的网站首页网址是这样的:     http://siteName/Home/Index

IdP端点:     https://providerName.com:8080/idp/start/sso.ping?PartnerSpid=mySite

当我尝试导航到saml单点登录并输入我的凭据时,我被重定向到我们的网站:http://siteName/Home/Index 所以我认为saml环境设置正常工作

我现在的问题是,当我导航到我们的网站主页时,如果用户尚未通过身份验证,我希望它首先重定向到Idp端点以对用户进行身份验证:https://providerName.com:8080/idp/start/sso.ping?PartnerSpid=mySite

这是我正在尝试的当前web.config:

<configSections>
    <section name="system.identityModel" type="System.IdentityModel.Configuration.SystemIdentityModelSection, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
    <section name="system.identityModel.services" type="System.IdentityModel.Services.Configuration.SystemIdentityModelServicesSection, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
    <section name="sustainsys.saml2" type="Sustainsys.Saml2.Configuration.SustainsysSaml2Section, Sustainsys.Saml2" />
  </configSections>
  <appSettings>
    <add key="webpages:Version" value="3.0.0.0" />
    <add key="webpages:Enabled" value="false" />
    <add key="ClientValidationEnabled" value="true" />
    <add key="UnobtrusiveJavaScriptEnabled" value="true" />
  </appSettings>
  <system.web>
    <compilation targetFramework="4.5.2" />
    <httpRuntime targetFramework="4.5.2" />
    <authentication mode="Windows" />
    <authorization>
      <deny users="?" />
    </authorization>
    <customErrors mode="Off" />
  </system.web>
  <system.webServer>
    <modules>
        <add name="SessionAuthenticationModule" type="System.IdentityModel.Services.SessionAuthenticationModule, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
        <add name="Saml2AuthenticationModule" type="Sustainsys.Saml2.HttpModule.Saml2AuthenticationModule, Sustainsys.Saml2.HttpModule" />
    </modules>
    <security>
        <authentication>
            <windowsAuthentication enabled="true" />
        </authentication>
    </security>
  </system.webServer>
  <sustainsys.saml2 entityId="https://providerName.com:8080/idp/start/sso.ping?PartnerSpid=mySite" returnUrl="https://providerName.com:8080/idp/start/sso.ping?PartnerSpid=mySite">
    <identityProviders>
      <add entityId="https://providerName.com:8080/pf/federation_metadata.ping?PartnerSpId=mySite" signOnUrl="https://providerName.com:8080/idp/start/sso.ping?PartnerSpid=mySite" allowUnsolicitedAuthnResponse="true" binding="HttpRedirect">
        <signingCertificate fileName="~/App_Data/Saml2.cer" />
      </add>
    </identityProviders>
  </sustainsys.saml2>
  <system.identityModel.services>
    <federationConfiguration>
      <cookieHandler requireSsl="false" name="SampleMvcApplicationAuth" />
    </federationConfiguration>
  </system.identityModel.services>

1 个答案:

答案 0 :(得分:2)

通过将身份验证模式设置为form来处理重定向。

<authentication mode="Forms">
  <forms loginUrl="~/Saml2/SignIn" />
</authentication>