1

我们需要启用 SAML SSO 登录,我们正在使用 Kentor HttpModule 实现 SSO。当 Idp 调用我的应用程序时,我遇到了一个问题。kentor 服务抛出 The given key was not present in the dictionary。这里的 idp 是 ADFS。

我们尝试使用 stubidp,它工作正常。

下面是我的 Saml 配置

        private static IdentityProvider CreateAuthServicesOptions()
    {
        var spOptions = GetServiceProviderOptions();


        var idp = new IdentityProvider(new EntityId("http://IQTDEV01.domain.com/adfs/services/trust/"), spOptions)
        {
            AllowUnsolicitedAuthnResponse = true,
            Binding = Saml2BindingType.HttpPost,
            WantAuthnRequestsSigned=true,
            //LoadMetadata = true,
            SingleSignOnServiceUrl = new Uri("https://IQTDEV01.iqtrackdev.com/adfs/ls/")
        };

        idp.SigningKeys.AddConfiguredKey(
                new X509Certificate2(AppDomain.CurrentDomain.SetupInformation.ApplicationBase + "/ADFSService.cer"));

        return idp;
    }

    private static SPOptions GetServiceProviderOptions()
    {
        var cultureInfo = CultureInfo.GetCultureInfo("en-US");


        var spOptions = new SPOptions
        {
            EntityId = new EntityId("https://app.domain.com/AuthServices/"),
            ReturnUrl = new Uri("https://app.domain.com"),

            AuthenticateRequestSigningBehavior=SigningBehavior.Always

        };
        X509Store store = new X509Store(StoreName.My, StoreLocation.LocalMachine);
        store.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly);
        X509Certificate2Collection cers = store.Certificates.Find(X509FindType.FindByThumbprint, "‎FDDAF5EAA6E2B232E0012C0E77955C13246D2DF4", false);


        Kentor.AuthServices.ServiceCertificate ser = new Kentor.AuthServices.ServiceCertificate();
        ser.Certificate = cers[0];
        ser.Use = Kentor.AuthServices.CertificateUse.Signing;
        spOptions.ServiceCertificates.Add(ser);

        //spOptions.ServiceCertificates.Add(new X509Certificate2(
        //        AppDomain.CurrentDomain.SetupInformation.ApplicationBase + "/ADFSService.cer"));

        return spOptions;
    }

    protected void OnAuthenticateRequest(object sender, EventArgs e)
    {
        var application = (HttpApplication)sender;

        // Strip the leading ~ from the AppRelative path.
        var appRelativePath = application.Request.AppRelativeCurrentExecutionFilePath;
        appRelativePath = (!string.IsNullOrEmpty(appRelativePath))
            ? appRelativePath.Substring(1)
            : string.Empty;          

        if (application.Request != null)
      {


            Kentor.AuthServices.Configuration.Options op = new Options(GetServiceProviderOptions());



            op.IdentityProviders.Add(CreateAuthServicesOptions());
            Options = op;
        }

        var modulePath = Options.SPOptions.ModulePath;

        if (appRelativePath.StartsWith(modulePath, StringComparison.OrdinalIgnoreCase))
        {
            var commandName = appRelativePath.Substring(modulePath.Length);

            var command = CommandFactory.GetCommand(commandName);
            var commandResult = command.Run(
                new HttpRequestWrapper(application.Request).ToHttpRequestData(),
                Options);

            if (!commandResult.HandledResult)
            {
                commandResult.SignInOrOutSessionAuthenticationModule();
                commandResult.Apply(new HttpResponseWrapper(application.Response));
            }
        }
    }

例外

4

0 回答 0