4

目前,我们的 Web 应用程序正在使用 Windows 身份验证。我们需要将此集成到使用 SAML 的现有单点登录中。我正在寻找Sustainsys / Saml2将我们的网络应用程序与 SAML 集成。

我们的网站主页网址是这样的: http://siteName/Home/Index

IdP 端点: https ://providerName.com:8080/idp/start/sso.ping?PartnerSpid=mySite

当我尝试导航到 saml 单点登录并输入我的凭据时,我被重定向到我们的网站:http://siteName/Home/Index 所以我认为 saml 环境设置工作正常

我现在的问题是,当我导航到我们的网站主页时,如果用户尚未通过身份验证,我希望它首先重定向到 Idp 端点以对用户进行身份验证:https ://providerName.com:8080/idp/start/sso .ping?PartnerSpid=mySite

这是我正在尝试的当前 web.config:

<configSections>
    <section name="system.identityModel" type="System.IdentityModel.Configuration.SystemIdentityModelSection, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
    <section name="system.identityModel.services" type="System.IdentityModel.Services.Configuration.SystemIdentityModelServicesSection, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
    <section name="sustainsys.saml2" type="Sustainsys.Saml2.Configuration.SustainsysSaml2Section, Sustainsys.Saml2" />
  </configSections>
  <appSettings>
    <add key="webpages:Version" value="3.0.0.0" />
    <add key="webpages:Enabled" value="false" />
    <add key="ClientValidationEnabled" value="true" />
    <add key="UnobtrusiveJavaScriptEnabled" value="true" />
  </appSettings>
  <system.web>
    <compilation targetFramework="4.5.2" />
    <httpRuntime targetFramework="4.5.2" />
    <authentication mode="Windows" />
    <authorization>
      <deny users="?" />
    </authorization>
    <customErrors mode="Off" />
  </system.web>
  <system.webServer>
    <modules>
        <add name="SessionAuthenticationModule" type="System.IdentityModel.Services.SessionAuthenticationModule, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
        <add name="Saml2AuthenticationModule" type="Sustainsys.Saml2.HttpModule.Saml2AuthenticationModule, Sustainsys.Saml2.HttpModule" />
    </modules>
    <security>
        <authentication>
            <windowsAuthentication enabled="true" />
        </authentication>
    </security>
  </system.webServer>
  <sustainsys.saml2 entityId="https://providerName.com:8080/idp/start/sso.ping?PartnerSpid=mySite" returnUrl="https://providerName.com:8080/idp/start/sso.ping?PartnerSpid=mySite">
    <identityProviders>
      <add entityId="https://providerName.com:8080/pf/federation_metadata.ping?PartnerSpId=mySite" signOnUrl="https://providerName.com:8080/idp/start/sso.ping?PartnerSpid=mySite" allowUnsolicitedAuthnResponse="true" binding="HttpRedirect">
        <signingCertificate fileName="~/App_Data/Saml2.cer" />
      </add>
    </identityProviders>
  </sustainsys.saml2>
  <system.identityModel.services>
    <federationConfiguration>
      <cookieHandler requireSsl="false" name="SampleMvcApplicationAuth" />
    </federationConfiguration>
  </system.identityModel.services>
4

1 回答 1

3

通过将身份验证模式设置为表单来处理重定向。

<authentication mode="Forms">
  <forms loginUrl="~/Saml2/SignIn" />
</authentication>
于 2018-05-10T07:28:36.533 回答