当我们正在开发要针对Shibboleth IDP授权的Web应用程序时,在IDPP似乎成功登录之后,出现以下错误:
处理请求时发生未处理的异常。
UnexpectedInResponseToException:收到的消息包含意外的InResponseTo“ idd95739d3bc9e44efa1154b3e62a2e121”。未找到该请求的cookie保留状态,因此该邮件不应具有InResponseTo属性。如果执行SP发起的登录时设置的cookie丢失,通常会发生此错误。
Saml2Response.cs中的Sustainsys.Saml2.Saml2P.Saml2Response.ReadAndValidateInResponseTo(XmlElement xml,Saml2Id ExpectedInResponseTo,IOptions选项),第153行
我们的startup.cs看起来像这样:
services.AddAuthentication()
.AddSaml2(options =>
{
options.SPOptions.EntityId = new EntityId("https://adress.to.the.SP.net");
options.SPOptions.Compatibility.UnpackEntitiesDescriptorInIdentityProviderMetadata = true;
options.SPOptions.ReturnUrl = new Uri(@"https://adress.to.a.site.of.our.site.net.net/Saml/Session");
options.SPOptions.ServiceCertificates.Add(new X509Certificate2(@"wwwroot/mycert.pfx")); // "Sustainsys.Saml2.Tests.pfx"
options.IdentityProviders.Add(
new IdentityProvider(
new EntityId("adress.to.the.IDP.net"), options.SPOptions)
{
LoadMetadata = true,
MetadataLocation = ("https://adress.to.the.MetadataLocation.xml")
});
IdentityProvider idp;
var x = options.IdentityProviders.TryGetValue(new EntityId(Prov.Idp), out idp);
X509Certificate2 ssoTest = new X509Certificate2(@"wwwroot/sso-test.pem");
idp.SigningKeys.AddConfiguredKey(ssoTest);
});^^^
这是我在检查浏览器的dev-tools cokkies选项时看到的:
获得200个BIGipServer〜idm〜ipv4-shib-test:! Experimentation_subject_id:JSESSIONID:shib_idp_session:
后500个.AspNetCore.Antiforgery.w5W7x28NAIs:ARRAffinity:Saml2.t8NpWx0u6S6zBFc97nzgN_IL: