0

这是我的 web.config 文件

<configuration>
    <configSections>
        <section name="system.identityModel" type="System.IdentityModel.Configuration.SystemIdentityModelSection, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
        <section name="system.identityModel.services" type="System.IdentityModel.Services.Configuration.SystemIdentityModelServicesSection, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
        <section name="kentor.authServices" type="Kentor.AuthServices.Configuration.KentorAuthServicesSection, Kentor.AuthServices" />
    </configSections>
    <appSettings>
        <add key="webpages:Version" value="3.0.0.0" />
        <add key="webpages:Enabled" value="false" />
        <add key="ClientValidationEnabled" value="true" />
        <add key="UnobtrusiveJavaScriptEnabled" value="true" />
    </appSettings>
    <system.diagnostics>
        <trace>
            <listeners>
                <add type="Microsoft.WindowsAzure.Diagnostics.DiagnosticMonitorTraceListener, Microsoft.WindowsAzure.Diagnostics, Version=2.8.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" name="AzureDiagnostics">
                    <filter type="" />
                </add>
            </listeners>
        </trace>
    </system.diagnostics>
    <!--
    For a description of web.config changes see http://go.microsoft.com/fwlink/?LinkId=235367.

    The following attributes can be set on the <httpRuntime> tag.
      <system.Web>
        <httpRuntime targetFramework="4.6.1" />
      </system.Web>
  -->
    <system.web>
        <compilation debug="true" targetFramework="4.6.1" />
        <httpRuntime targetFramework="4.5.2" />

        <authentication mode="Forms">
            <forms loginUrl="~/AuthServices/SignIn" />
        </authentication>
    </system.web>
    <system.webServer>
        <modules>
            <add name="SessionAuthenticationModule" type="System.IdentityModel.Services.SessionAuthenticationModule, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" preCondition="managedHandler" />
        </modules>

    </system.webServer>

    <kentor.authServices entityId="http://myapp.ci.01/metadata" returnUrl="http://localhost:63238/AuthServices/Acs">
        <identityProviders>
            <add entityId="http://myapp.ci.01/metadata" 
                 signOnUrl="https://sso.myapp.com/issue/saml/?binding=redirect" 
                allowUnsolicitedAuthnResponse="true" binding="HttpRedirect">
                <signingCertificate fileName="~/App_Data/MyApp.AuthServices.StubIdp.cer" />
            </add>
        </identityProviders>
    </kentor.authServices>
    <system.identityModel.services>
        <federationConfiguration>
            <cookieHandler requireSsl="false" name="RMInform" />
        </federationConfiguration>
    </system.identityModel.services>


    <system.codedom>
        <compilers>
            <compiler language="c#;cs;csharp" extension=".cs" type="Microsoft.CodeDom.Providers.DotNetCompilerPlatform.CSharpCodeProvider, Microsoft.CodeDom.Providers.DotNetCompilerPlatform, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" warningLevel="4" compilerOptions="/langversion:6 /nowarn:1659;1699;1701" />
            <compiler language="vb;vbs;visualbasic;vbscript" extension=".vb" type="Microsoft.CodeDom.Providers.DotNetCompilerPlatform.VBCodeProvider, Microsoft.CodeDom.Providers.DotNetCompilerPlatform, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" warningLevel="4" compilerOptions="/langversion:14 /nowarn:41008 /define:_MYTYPE=\&quot;Web\&quot; /optionInfer+" />
        </compilers>
    </system.codedom>
    <runtime>
        <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
            <dependentAssembly>
                <assemblyIdentity name="WebGrease" publicKeyToken="31bf3856ad364e35" culture="neutral" />
                <bindingRedirect oldVersion="0.0.0.0-1.5.2.14234" newVersion="1.5.2.14234" />
            </dependentAssembly>
        </assemblyBinding>
    </runtime>
</configuration>

但是在登录后重定向到我的本地主机时出现错误

“/”应用程序中的服务器错误。

预期的消息包含 InResponseTo“id0dda716c55fd41bd98d4899ca3e14036”,但没有找到。

说明:执行当前 Web 请求期间发生未处理的异常。请查看堆栈跟踪以获取有关错误及其源自代码的位置的更多信息。

异常详细信息:Kentor.AuthServices.Exceptions.Saml2ResponseFailedValidationException:预期消息包含 InResponseTo“id0dda716c55fd41bd98d4899ca3e14036”,但没有找到。

源错误:

在执行当前 Web 请求期间生成了未处理的异常。可以使用下面的异常堆栈跟踪来识别有关异常起源和位置的信息。

堆栈跟踪:

[Saml2ResponseFailedValidationException:预期消息包含 InResponseTo“id0dda716c55fd41bd98d4899ca3e14036”,但没有找到。]
Kentor.AuthServices.Saml2P.Saml2Response.ReadAndValidateInResponseTo(XmlElement xml, Saml2Id expectedInResponseTo) +295
Kentor.AuthServices.Saml2P.Saml2Response..ctor(XmlElement xml expectedInResponseTo) +317
Kentor.AuthServices.WebSso.AcsCommand.Run(HttpRequestData 请求,IOptions 选项) +869
Kentor.AuthServices.Mvc.AuthServicesController.Acs() +81
lambda_method(Closure, ControllerBase, Object[]) +87
System.Web .Mvc.ReflectedActionDescriptor.Execute(ControllerContext controllerContext, IDictionary 2参数) +352 parameters) +280
System.Web.Mvc.ControllerActionInvoker.InvokeActionMethod(ControllerContext controllerContext, ActionDescriptor actionDescriptor, IDictionary
System.Web.Mvc.Async.<>c__DisplayClass42.b__41() +33 System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeActionMethod(IAsyncResult asyncResult) +42
System.Web.Mvc.Async.<>c__DisplayClass39.b__33() + 80 System.Web.Mvc.Async.<>c__DisplayClass4f.b__49() +386 System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeActionMethodWithFilters(IAsyncResult asyncResult) +42
System.Web.Mvc.Async.<>c__DisplayClass2a.b__20() +32 System.Web.Mvc.Async.<>c__DisplayClass25.b__22(IAsyncResult asyncResult) +185
System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeAction(IAsyncResult asyncResult) +38
System.Web.Mvc.<>c__DisplayClass1d.b__18( IAsyncResult asyncResult) +27
System.Web.Mvc.Async.<>c__DisplayClass4.b__3(IAsyncResult ar) +22 System.Web.Mvc.Controller.EndExecuteCore(IAsyncResult asyncResult) +53
System.Web.Mvc.Async.<>c__DisplayClass4.b__3(IAsyncResult ar ) +22 System.Web.Mvc.Controller.EndExecute(IAsyncResult asyncResult) +38
System.Web.Mvc.<>c__DisplayClass8.b__3(IAsyncResult asyncResult) +42
System.Web.Mvc.Async.<>c__DisplayClass4.b__3(IAsyncResult ar) +22 System.Web.Mvc.MvcHandler.EndProcessRequest(IAsyncResult asyncResult) +38
System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +657 System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean&同步完成)+146

这是我的 SAML 回复

<saml2p:AuthnRequest xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" ID="idcbb43fbc52b34e88b34e71fcb80c9ac8" Version="2.0" IssueInstant="2016-06-14T12:09:50Z" Destination="sso.myapp.com/issue/saml? binding=redirect" AssertionConsumerServiceURL="localhost:63238/AuthServices/Acs">; <saml2:Issuer>myapp.ci.01/metadata</saml2:Issuer>; </saml2p:AuthnRequest>
4

1 回答 1

2

看起来您的 Idp 未inResponseTo在响应消息中正确包含属性。这违反了 SAML 规范。

使用 SAML Tracer for Firefox 或 SAML DevTools for Chrome 等工具在浏览器中查看 SAML 消息。检查响应是否与 SP 发送的InResponseTo匹配。如果不存在,则 Idp 不正确。IdAuthnRequest

可以在 AuthServices 中添加兼容性设置以忽略此错误。如果您需要,请在 AuthServices GitHub 问题跟踪器上打开一个问题进行讨论。

于 2016-06-14T11:59:26.220 回答