大家好,
我使用 ComponentSpace 作为服务提供商为我的客户建立 SAML2 单点登录。客户端使用他们自己的身份提供者进行身份验证并获得对我的 MVC5 Web 应用程序的访问权限。我遇到的问题是,当客户想要更新他们的 X509 证书文件时,我会动态更新物理文件,但我必须重置 IIS 才能使用新的证书文件。如何避免在进行身份验证时必须进行 IIS 重置并让 ComponentSpace 使用新的 X509 证书文件。我的代码示例如下。
var samlConfiguration = new
ComponentSpace.SAML2.Configuration.SAMLConfiguration();
var ssoUrl = "https://www.ssoUrl/Consumer";
var ssoName ="https://www.ssoName";
var localServiceProviderConfiguration = new LocalServiceProviderConfiguration()
{
Name = ssoName,
AssertionConsumerServiceUrl = ssoUrl
};
samlConfiguration.LocalServiceProviderConfiguration = localServiceProviderConfiguration ;
var certNamePrimary = ConfigurationManager.AppSettings["Certificate_Path"] + "cert-A.cer";
var certNameSecondary = ConfigurationManager.AppSettings["Certificate_Path"] + "cert-B.cer";
var partnerIdentityProviderConfiguration = new
ComponentSpace.SAML2.Configuration.PartnerIdentityProviderConfiguration()
{
Name = clientConfig.PartnerIdPName,
SingleSignOnServiceUrl = clientConfig.IdPSingleSignOnServiceURL,
SignAuthnRequest = false,
WantSAMLResponseSigned = false,
WantAssertionEncrypted = false,
WantAssertionSigned = true,
PartnerCertificateFile = certNamePrimary ,
SecondaryPartnerCertificateFile = certNameSecondary
};
samlConfiguration.PartnerIdentityProviderConfigurations.AddPartnerIdentityProvider(partnerIdentityProviderConfiguration );
if (ComponentSpace.SAML2.SAMLController.Configurations.Keys.Contains(ssoUrl))
{
ComponentSpace.SAML2.SAMLController.Configurations.Remove(ssoUrl);
ComponentSpace.SAML2.SAMLController.Configurations.Add(ssoUrl, samlConfiguration);
}
else
ComponentSpace.SAML2.SAMLController.Configurations.Add(ssoUrl, samlConfiguration);
ComponentSpace.SAML2.SAMLController.ConfigurationID = ssoUrl;
SAMLServiceProvider.InitiateSSO(Response, null, "http://company.com/adfs/services/trust");