3

简单的单点登录问题

我有两个 MVC4 应用程序:

  **1**- http://localhost/BikeShop    

   ACS Relying Party:

 - Name: **BikeShop**
 - Return Url: **http://localhost/BikeShop**
 - Token Format: **SAML 2.0**


**2**- http://localhost/BikePartsShop

   ACS Relying Party:

 - Name: **BikePartsShop**
 - Return Url: **http://localhost/BikePartsShop**
 - Token Format: **SAML 2.0**

我的场景

我访问BikeShop并显示 ACS 登录页面并选择我的身份。

我现在可以在BikeShop上做事了。

然后我访问BikePartsShop并显示 ACS 登录页面,我可以选择我的身份。

我必须有的场景

我访问BikeShop并显示 ACS 登录页面并选择我的身份。

我现在可以在BikeShop上做事了。

然后我访问BikePartsShop并且 ACS 授权在BikeShop中使用的相同身份,而无需进一步的用户干预。

有没有人实现过这个场景?

最好的问候,谢谢!

4

2 回答 2

1

You can use the ACS management service to configure multiple reply addresses for the same relying party. See this link for details on how to add an RP. From the linked code sample, register more addresses as follows:

RelyingParty relyingParty = new RelyingParty()
{
     Name = "BikeShop",
     AsymmetricTokenEncryptionRequired = false,
     TokenType = "SAML_2_0",
     TokenLifetime = 3600
};

svc.AddToRelyingParties(relyingParty);

RelyingPartyAddress realm = new RelyingPartyAddress()
{
    Address = "http://localhost/",
    EndpointType = "Realm"
};

RelyingPartyAddress replyAddress1 = new RelyingPartyAddress()
{
    Address = "http://localhost/BikeShop",
    EndpointType = "Reply"
};

RelyingPartyAddress replyAddress2 = new RelyingPartyAddress()
{
    Address = "http://localhost/BikePartsShop",
    EndpointType = "Reply"
};

svc.AddRelatedObject(relyingParty, "RelyingPartyAddresses", realmAddress);
svc.AddRelatedObject(relyingParty, "RelyingPartyAddresses", replyAddress1);
svc.AddRelatedObject(relyingParty, "RelyingPartyAddresses", replyAddress2);

svc.SaveChanges(SaveChangesOptions.Batch);
于 2013-03-15T18:36:03.427 回答
0

如果您能弄清楚如何记住他们上次使用的身份提供者,请尝试使用此代码来帮助您转发到特定的身份提供者。应存储最后一次登录,以便您将自动 302 返回您的应用程序。

public IdentityProvider GetIdentityProvider(string identityProviderName, string realm , string audienceUri )
        {
            // acs config parameters
            string acsNamespace = ConfigurationManager.AppSettings["ida:Namespace"];
            realm = realm ?? Uri.EscapeDataString(ConfigurationManager.AppSettings["ida:Realm"]);
            audienceUri = audienceUri ?? ConfigurationManager.AppSettings["ida:AudienceUri"];

            string returnPath = Uri.EscapeDataString("/home/index");
            var newReplyTo =
                Uri.EscapeDataString(audienceUri.Replace(new Uri(audienceUri).Authority,
                    HttpContext.Current.Request.Url.Authority));
            // retrieve current identity providers
            string idpDiscoveryUrl = string.Format("{0}v2/metadata/IdentityProviders.js?protocol=wsfederation&realm={1}&reply_to={2}&context=rm%3d0%26id%3dpassive%26ru%3d{3}&request_id=&version=1.0", acsNamespace, realm, newReplyTo, returnPath);
            string response = null;
            using (var client = new WebClient()) {
            response = client.DownloadString(idpDiscoveryUrl);    
            }

            List<IdentityProvider> identityProviders = JsonConvert.DeserializeObject<List<IdentityProvider>>(response);
            // lookup provider for tenant
            var identityProvider = identityProviders.Where(i => i.Name == identityProviderName).FirstOrDefault() ?? new IdentityProvider();

            return identityProvider;
        }
于 2014-04-04T14:16:56.910 回答