我们处于.Net Core 2.2环境中,该环境使用基于WS-Federation的SSO。 转到https://localhost:5001/api/app/Method时-我们将被重定向到SSO站点以登录,但会收到500错误。
ocelot.json:
{
"ReRoutes": [
{
"DownstreamPathTemplate": "/api/app/{catchAll}",
"DownstreamScheme": "http",
"DownstreamHostAndPorts": [
{
"Host": "localhost",
"Port": 5002
}
],
"UpstreamPathTemplate": "/api/app/{catchAll}",
"UpstreamHttpMethod": [ "GET", "POST"],
"AuthenticationOptions": {
"AuthenticationProviderKey": "TestKey"
}
},
],
"GlobalConfiguration": {
"BaseUrl": "https://localhost:5001"
}
}
Program.cs:
public static void Main(string[] args)
{
new WebHostBuilder()
.UseKestrel()
.UseContentRoot(Directory.GetCurrentDirectory())
.ConfigureAppConfiguration((hostingContext, config) =>
{
config
.SetBasePath(hostingContext.HostingEnvironment.ContentRootPath)
.AddJsonFile("appsettings.json", true, true)
.AddJsonFile($"appsettings.{hostingContext.HostingEnvironment.EnvironmentName}.json", true, true)
.AddJsonFile($"{hostingContext.HostingEnvironment.ApplicationName}/ocelot.json")
.AddEnvironmentVariables();
})
.ConfigureServices(s => {
s.AddAuthentication().AddWsFederation("TestKey", options => {
options.MetadataAddress = "https://sso-site/FederationMetadata/2007-06/FederationMetadata.xml";
options.Wtrealm = "https://localhost:5001/";
options.Events.OnMessageReceived = ctx => {
return Task.CompletedTask;
};
});
s.AddOcelot();
})
.ConfigureLogging((hostingContext, logging) =>
{
Console.WriteLine("logging happened");
//add your logging
})
.UseIISIntegration()
.Configure(app =>
{
app.UseOcelot().Wait();
})
.Build()
.Run();
}
关于我们可能做错了什么的任何建议? 有一些想法认为Ocelot不支持WS-Fed进行身份验证的方式。我们遵循了示例配置。