目前,我们的 Web 应用程序正在使用 Windows 身份验证。我们需要将此集成到使用 SAML 的现有单点登录中。我正在寻找Sustainsys / Saml2将我们的网络应用程序与 SAML 集成。
我们的网站主页网址是这样的: http://siteName/Home/Index
IdP 端点: https ://providerName.com:8080/idp/start/sso.ping?PartnerSpid=mySite
当我尝试导航到 saml 单点登录并输入我的凭据时,我被重定向到我们的网站:http://siteName/Home/Index 所以我认为 saml 环境设置工作正常
我现在的问题是,当我导航到我们的网站主页时,如果用户尚未通过身份验证,我希望它首先重定向到 Idp 端点以对用户进行身份验证:https ://providerName.com:8080/idp/start/sso .ping?PartnerSpid=mySite
这是我正在尝试的当前 web.config:
<configSections>
<section name="system.identityModel" type="System.IdentityModel.Configuration.SystemIdentityModelSection, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
<section name="system.identityModel.services" type="System.IdentityModel.Services.Configuration.SystemIdentityModelServicesSection, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
<section name="sustainsys.saml2" type="Sustainsys.Saml2.Configuration.SustainsysSaml2Section, Sustainsys.Saml2" />
</configSections>
<appSettings>
<add key="webpages:Version" value="3.0.0.0" />
<add key="webpages:Enabled" value="false" />
<add key="ClientValidationEnabled" value="true" />
<add key="UnobtrusiveJavaScriptEnabled" value="true" />
</appSettings>
<system.web>
<compilation targetFramework="4.5.2" />
<httpRuntime targetFramework="4.5.2" />
<authentication mode="Windows" />
<authorization>
<deny users="?" />
</authorization>
<customErrors mode="Off" />
</system.web>
<system.webServer>
<modules>
<add name="SessionAuthenticationModule" type="System.IdentityModel.Services.SessionAuthenticationModule, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
<add name="Saml2AuthenticationModule" type="Sustainsys.Saml2.HttpModule.Saml2AuthenticationModule, Sustainsys.Saml2.HttpModule" />
</modules>
<security>
<authentication>
<windowsAuthentication enabled="true" />
</authentication>
</security>
</system.webServer>
<sustainsys.saml2 entityId="https://providerName.com:8080/idp/start/sso.ping?PartnerSpid=mySite" returnUrl="https://providerName.com:8080/idp/start/sso.ping?PartnerSpid=mySite">
<identityProviders>
<add entityId="https://providerName.com:8080/pf/federation_metadata.ping?PartnerSpId=mySite" signOnUrl="https://providerName.com:8080/idp/start/sso.ping?PartnerSpid=mySite" allowUnsolicitedAuthnResponse="true" binding="HttpRedirect">
<signingCertificate fileName="~/App_Data/Saml2.cer" />
</add>
</identityProviders>
</sustainsys.saml2>
<system.identityModel.services>
<federationConfiguration>
<cookieHandler requireSsl="false" name="SampleMvcApplicationAuth" />
</federationConfiguration>
</system.identityModel.services>