使用'itfoxtec-identity-saml2'的SAML2.0访问令牌

时间:2019-07-19 06:07:31

标签: itfoxtec-identity-saml2

我正在尝试将您的Nuget软件包用于dotnet核心,但我也获得了一些成功,我也可以登录到OneLogin,Okta等SAML身份提供商,并且还获得了登录用户信息,但是在生成访问令牌(承载令牌)时我感到困惑调用SAML身份提供商的API)。我将如何获得该令牌?
我可以在saml2AuthnResponse中看到securitytoken对象,但是不知道如何使用该令牌,并且该对象中的安全密钥和singin密钥为空。

我对此很陌生,所以可能是我误会了一些东西。

请帮助我。

[Route("AssertionConsumerService")]
    public async Task<IActionResult> AssertionConsumerService()
    {       
        var binding = new Saml2PostBinding();
        var saml2AuthnResponse = new Saml2AuthnResponse(config); 

        binding.ReadSamlResponse(Request.ToGenericHttpRequest(), saml2AuthnResponse);
        if (saml2AuthnResponse.Status != Saml2StatusCodes.Success)
        {
            throw new AuthenticationException($"SAML Response status: {saml2AuthnResponse.Status}");
        }
        binding.Unbind(Request.ToGenericHttpRequest(), saml2AuthnResponse);
        await saml2AuthnResponse.CreateSession(HttpContext, claimsTransform: (claimsPrincipal) => ClaimsTransform.Transform(claimsPrincipal)); 
        var relayStateQuery = binding.GetRelayStateQuery();
        var returnUrl = relayStateQuery.ContainsKey(relayStateReturnUrl) ? relayStateQuery[relayStateReturnUrl] : Url.Content("~/");
        return Redirect(returnUrl);
    }

1 个答案:

答案 0 :(得分:0)

您可以通过在appsettings.json中设置Saml2Configuration.SaveBootstrapContext = true来以XML字符串的形式访问SAML 2.0令牌:

...
"Saml2": {
  "SaveBootstrapContext": true,
  "IdPMetadata": "https://localhost:44305/metadata",
  "Issuer": "itfoxtec-testwebappcore",
  ...
}

或者,您也可以在代码中设置配置:

config.SaveBootstrapContext = true;

然后,您可以在saml2AuthnResponse.ClaimsIdentity.BootstrapContext中以XML字符串的形式读取SAML 2.0令牌:

public async Task<IActionResult> AssertionConsumerService()
{       
    var binding = new Saml2PostBinding();
    var saml2AuthnResponse = new Saml2AuthnResponse(config);

    binding.ReadSamlResponse(Request.ToGenericHttpRequest(), saml2AuthnResponse);
    if (saml2AuthnResponse.Status != Saml2StatusCodes.Success)
    {
        throw new AuthenticationException($"SAML Response status: {saml2AuthnResponse.Status}");
    }
    binding.Unbind(Request.ToGenericHttpRequest(), saml2AuthnResponse);
    await saml2AuthnResponse.CreateSession(HttpContext, claimsTransform: (claimsPrincipal) => ClaimsTransform.Transform(claimsPrincipal));

    var samlTokenXml = saml2AuthnResponse.ClaimsIdentity.BootstrapContext as string;

    var relayStateQuery = binding.GetRelayStateQuery();
    var returnUrl = relayStateQuery.ContainsKey(relayStateReturnUrl) ? relayStateQuery[relayStateReturnUrl] : Url.Content("~/");
    return Redirect(returnUrl);
}
相关问题
最新问题