0

我正在为现有的 .net 应用程序启用 SSO。我使用组件空间 SAML 2.0 组件作为服务提供者 (SP) 和 ADFS 2.0 作为身份提供者 (IdP) 我在不同的服务上配置了 ADFS,并且 SP 在不同的服务器上。我正在启动 SP InitiateSSO 被调用并且浏览器被重定向到 IdP url并根据中继方 url 返回给 SP。

尝试获取时:

SAMLServiceProvider.ReceiveSSO(Request, out isInResponseTo, out partnerIdP, out userName, out attributes, out targetUrl);

它说“未配置合作伙伴身份提供者http://sp.com/adfs/services/trust ”。

在提琴手中,我收到了以下电话。

  • /login.aspx?ReturnUrl=%2fDefault.aspx
  • /adfs/ls/?SAMLRequest=7b0HYBxJliUmL23Ke39K9UrX4HShCIBgEyTYkEAQ7MGIzeaS7B1pRyMpqyqBymVWZV1mFkDM7Z28995777333nvvvfe6O51OJ%2Fff%2Fz9cZmQBbPbOStrJniGAqsgfP358Hz8iHjfZolw9Ol638%2BWr%2FBet86ZNz55%2B9tHvf%2F5gOr032d3bPp%2Fszbb3Z5%2FubR9MHxxs7%2BUP9mezncn93cnso%2FQn87opquVnH%2B2Ndz5Kz5pmnZ8tmzZbtvTRzu697R1648GbnQeP9u892r0%2F3n9w8FMfpU%2Bpl2KZtfzmvG1Xj%2B7eLZZtnc2KfDGeVou72ey8uVs2dz9Kn1X1NGf0PvvoPCubHN28zJqmuMztJy%2Frqq2mVfmkWM6K5cVnH63r5aMqa4rm0TJb5M2jdvro9fEXzx8Rmo8m0qh59O03b15uv%2Fzy9ZuP0uOmyWvgc1Itm%2FUir1%2Fn9WUxzb969VwwbAjFWb6oxiGeAHp36OVx1qzefZS%2BW5TL5hHTeTNiKx3FR0c8K4%2BYnLX3% 2FubXM4PGR0fDGD%2B%2B64E%2B0tl%2FQbDOnr6symJ6DYIvsna4q93xLn9SzLbPuemj9bJZ5dPivMiJI47Lsro6qfOspelp6zXNzt0j6TVks6P%2FBw%3D%3D&SigAlg=http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23rsa-sha1&Signature=rXOfg3K3D87RobofnuU5xXfBbYYIlHOeNf3IkOrLVekTycKWW7foBAKeBuatyyaCZwnmZMWJiMOGU87P4NOy0YXGdO3F5VhvZ9ZGLxK74GWrTOvWmvY%2Fa4z%2FrGRv6TkNRRMdy6rZS5sBn%2B1aQx0bzlPwAMwaCVbIU%2FQxTJa4zok%3D
  • /adfs/ls/auth/integrated/?SAMLRequest=7b0HYBxJliUmL23Ke39K9UrX4HShCIBgEyTYkEAQ7MGIzeaS7B1pRyMpqyqBymVWZV1mFkDM7Z28995777333nvvvfe6O51OJ%2Fff%2Fz9cZmQBbPbOStrJniGAqsgfP358Hz8iHjfZolw9Ol638%2BWr%2FBet86ZNz55%2B9tHvf%2F5gOr032d3bPp%2Fszbb3Z5%2FubR9MHxxs7%2BUP9mezncn93cnso%2FQn87opquVnH%2B2Ndz5Kz5pmnZ8tmzZbtvTRzu697R1648GbnQeP9u892r0%2F3n9w8FMfpU%2Bpl2KZtfzmvG1Xj%2B7eLZZtnc2KfDGeVou72ey8uVs2dz9Kn1X1NGf0PvvoPCubHN28zJqmuMztJy%2Frqq2mVfmkWM6K5cVnH63r5aMqa4rm0TJb5M2jdvro9fEXzx8Rmo8m0qh59O03b15uv%2Fzy9ZuP0uOmyWvgc1Itm%2FUir1%2Fn9WUxzb969VwwbAjFWb6oxiGeAHp36OVx1qzefZS% 2BW5TL5hHTeTNiKx3FR0c8K4%2BYnLX3%2FubXM4PGR0fDGD%2B%2B64E%2B0tl%2FQbDOnr6symJ6DYIvsna4q93xLn9SzLbPuemj9bJZ5dPivMiJI47Lsro6qfOspelp6zXNzt0j6TVks6P%2FBw%3D%3D&SigAlg=http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23rsa-sha1&Signature=rXOfg3K3D87RobofnuU5xXfBbYYIlHOeNf3IkOrLVekTycKWW7foBAKeBuatyyaCZwnmZMWJiMOGU87P4NOy0YXGdO3F5VhvZ9ZGLxK74GWrTOvWmvY%2Fa4z%2FrGRv6TkNRRMdy6rZS5sBn%2B1aQx0bzlPwAMwaCVbIU%2FQxTJa4zok%3D
  • /SAML/AssertionConsumerService.aspx

堆栈轨道

[SAMLException: The partner identity provider http:// sp.com/adfs/services/trust is not configured.]
  ComponentSpace.SAML2.Configuration.SAMLConfiguration.GetPartnerIdentityProvider(String name) in c:\Sandboxes\ComponentSpace\SAMLv20\Library\Configuration\SAMLConfiguration.cs:245
  ComponentSpace.SAML2.SAMLServiceProvider.ReceiveSSO(HttpRequest httpRequest, Boolean& isInResponseTo, String& partnerIdP, String& userName, SAMLAttribute[]& attributes, String& relayState) in c:\Sandboxes\ComponentSpace\SAMLv20\Library\SAMLServiceProvider.cs:664
  ComponentSpace.SAML2.SAMLServiceProvider.ReceiveSSO(HttpRequest httpRequest, Boolean& isInResponseTo, String& partnerIdP, String& userName, IDictionary`2& attributes, String& relayState) in c:\Sandboxes\ComponentSpace\SAMLv20\Library\SAMLServiceProvider.cs:637
  ExampleServiceProvider.SAML.AssertionConsumerService.Page_Load(Object sender, EventArgs e) in C:\Program Files (x86)\ComponentSpace SAML v2.0 for .NET\Examples\SSO\HighLevelAPI\WebForms\ExampleServiceProvider\SAML\AssertionConsumerService.aspx.cs:28
  System.Web.Util.CalliHelper.EventArgFunctionCaller(IntPtr fp, Object o, Object t, EventArgs e) +25
  System.Web.Util.CalliEventHandlerDelegateProxy.Callback(Object sender, EventArgs e) +42
  System.Web.UI.Control.OnLoad(EventArgs e) +132
  System.Web.UI.Control.LoadRecursive() +66
  System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +2428

ADFS 配置为:

<PartnerIdentityProvider Name="https://sp.com/adfs/services/trust"
   SignAuthnRequest="true"
   WantSAMLResponseSigned="false"
   WantAssertionSigned="false"
   WantAssertionEncrypted="false"
   UseEmbeddedCertificate="true"
   SingleSignOnServiceUrl="http://sp.com/adfs/ls/"/ >

服务提供者配置如下:

<SAMLConfiguration xmlns="urn:componentspace:SAML:2.0:configuration">
<ServiceProvider Name="https://demo.sp.com"
   AssertionConsumerServiceUrl="~/SAML/AssertionConsumerService.aspx"
   CertificateFile="sp.pfx"
   CertificatePassword="password" />

我进入的错误:

Server Error in '/' Application.
The partner identity provider http:// sp.com/adfs/services/trust is not configured. Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code. 

Exception Details: ComponentSpace.SAML2.Exceptions.SAMLException: The partner identity provider http:// sp.com/adfs/services/trust is not configured.
4

2 回答 2

0

我通过更改身份验证顺序解决了这个问题。

http://social.technet.microsoft.com/wiki/contents/articles/1600.ad-fs-2-0-how-to-change-the-local-authentication-type.aspx

现在它的工作。:-)

于 2013-08-27T17:35:32.197 回答
0

ComponentSpace 实际抛出以下错误:

未配置合作伙伴身份提供者http://sp.com/adfs/services/trust

这是因为您输入的PartnerSP<appSettings />和输入的Name属性<PartnerIdentityProvider />不匹配:

saml.config

<PartnerIdentityProvider Name="https://sp.com/adfs/services/trust" ... />

网络配置

<appSettings>
    <add key="PartnerSP" value="http://sp.com/adfs/services/trust />
    ...
</appSettings>

PartnerIdentityProvider 的名称应设置为:http://sp.com/adfs/services/trust

于 2016-08-09T21:45:51.597 回答