0

首先,我必须设置IsSessionMode = true以减小 cookie 大小

我需要平衡 2 个 RP 实例我在 2 台具有 RP 实例的不同机器上执行了以下步骤:

1) 订阅ServiceConfigurationCreated 事件

private void WSFederationAuthenticationModule_ServiceConfigurationCreated(object sender, ServiceConfigurationCreatedEventArgs e)
    {
        X509Certificate2 certificate = CertificateUtil.GetCertificate(StoreName.My, StoreLocation.LocalMachine, ConfigHelper.FrontendCertificate);

        var sessionTransforms = new List<CookieTransform>(new CookieTransform[] 
        { 
            new DeflateCookieTransform(), 
            new RsaEncryptionCookieTransform(certificate),
            new RsaSignatureCookieTransform(certificate)
        });

        SessionSecurityTokenHandler sessionHandler = new SessionSecurityTokenHandler(sessionTransforms.AsReadOnly());
        e.ServiceConfiguration.SecurityTokenHandlers.AddOrReplace(sessionHandler);
    }

2) 带走会话到asp.net 状态服务

问题:

当我尝试登录 STS 时,我得到从 RP 到 STS 的无限重定向

我不明白为什么。令牌存储在 session(IsSessionMode = true) 中。会话由 asp.net 状态服务在 2 个不同的主机之间共享。

问题是什么?我错过了什么?

我想我不明白一些重要的事情。

4

1 回答 1

0

My best guess is WIF is simply failing to establish a session at the RP side, and the user is landing on an unauthorized page (a custom error page maybe?), which prompts WIF to redirect back to the STS for authentication, and now you're looping.

Some experiments you might try:

  1. Turn off IsSessionMode = false, and see if the problem still occurs. If it doesn't then you know WIF is choking on session creation, and you can check to make sure your RP is successfully contacting the ASP.NET state service for example.

  2. Install Fiddler (http://fiddler2.com/fiddler2/) which is an invaluable tool for debugging such infinite redirects. Collect some traces, see what's going on. You might also consider posting your RP web.config.

于 2012-06-05T15:25:42.287 回答