我为我的 WebForms 项目转换了 IdPInitiatedController 示例代码。尽管我没有收到编译器或运行时错误,但在设置声明标识后,我似乎仍然无法将手动创建的声明添加到 Saml2AuthnResponse 对象中。是否有另一种方法可以向 SAML 响应添加属性?该应用程序使用表单身份验证;并且凭据位于 SQL 数据库中。这就是我没有 Windows 身份的原因。
' SSO CODE BEHIND
...
Dim binding = New Saml2PostBinding With {
.RelayState = String.Format("RPID={0}", Uri.EscapeDataString(serviceProviderRealm))
}
Dim config = New Saml2Configuration With {
.Issuer = "company.stage.app",
.SingleSignOnDestination = New Uri(ConfigurationManager.AppSettings.Get("appValue")),
.SigningCertificate = CertificateUtil.Load(X509Certificates.StoreName.TrustedPeople, X509Certificates.StoreLocation.LocalMachine, X509Certificates.X509FindType.FindByThumbprint, ConfigurationManager.AppSettings.Get("ThatKey")),
.SignatureAlgorithm = Saml2SecurityAlgorithms.RsaSha256Signature
}
Dim samlResponse = New Saml2AuthnResponse(config) With {
.Status = Saml2StatusCodes.Success
}
_ssoService.AddAttributes(samlResponse, currentUser)
binding.Bind(samlResponse) ' NO ATTRIBUTES WERE ADDED
Me.SAMLResponse.Value = binding.XmlDocument.InnerXml
Me.RelayState.Value = binding.RelayState
frmSSO.Action = config.SingleSignOnDestination.AbsoluteUri()
frmSSO.Method = "POST"
Public Sub AddAttributes(ByRef samlResponse As Saml2AuthnResponse, ByVal currentUser As CurrentUser)
Dim acctContact As CoveredInsuredDto = _coveragesService.GetAccountPointOfContact(currentUser.getControlNo())
If Not IsNothing(acctContact) Then
' Adding Attributes as claims
Dim claimIdentity = New ClaimsIdentity(Me.BuildClaims(currentUser, acctContact))
samlResponse.NameId = New IdentityModel.Tokens.Saml2NameIdentifier(acctContact.Name)
samlResponse.ClaimsIdentity = claimIdentity
End If
End Sub
Private Function BuildClaims(ByVal currentUser As CurrentUser, ByVal acctContact As CoveredInsuredDto) As IEnumerable(Of Claim)
Dim claims = New List(Of Claim)
If Not IsNothing(acctContact) Then
claims.Add(New Claim("FIRST_NAME", acctContact.FirstName))
claims.Add(New Claim("LAST_NAME", acctContact.LastName))
End If
Return claims.ToList()
End Function