0

我们在 Sitecore 9.3 中有一个站点,我们正在尝试向其中添加 SAML SSO 功能。我们有一个联合的 SAML IDP。IDP 中的断言消费者服务 url 指向我们 SP 中的路由(自定义 Sitecore MVC 控制器中的控制器操作)。

成功登录后,我被重定向到该断言服务 url。但在相应的控制器中,两者HttpContext.User.Identity.IsAuthenticated都是Sitecore.Context.User.IsAuthenticated假的,并且Sitecore.Context.User.Identity.Name是外网\匿名的。此外,我不确定在登录过程中的哪个位置调用 AcsCommandResultCreated 以及如何将声明传递给控制器​​。

我正在遵循此博客文章中显示的示例https://blogs.perficient.com/2018/06/06/federated-authentication-in-sitecore-9-part-3-implementation-of-saml2p/

我不确定我的 Sitecore 配置端或 Sustainsys 端是否缺少某些东西。任何帮助,将不胜感激。

站点核心配置:

<?xml version="1.0" encoding="utf-8"?>
<configuration xmlns:patch="http://www.sitecore.net/xmlconfig/" xmlns:role="http://www.sitecore.net/xmlconfig/role/">
  <sitecore>
    <federatedAuthentication>
      <identityProviders>
        <identityProvider id="SamlIDP" type="Sitecore.Owin.Authentication.Configuration.DefaultIdentityProvider, Sitecore.Owin.Authentication">
          <param desc="name">$(id)</param>
          <param desc="domainManager" type="Sitecore.Abstractions.BaseDomainManager" resolve="true" />
          <caption>Log in with SamlIDP</caption>
          <domain>extranet</domain>
          <triggerExternalSignOut>false</triggerExternalSignOut>
        </identityProvider>
      </identityProviders>
      
      <identityProvidersPerSites>

        <mapEntry name="sites with SamlIDP authentication" type="Sitecore.Owin.Authentication.Collections.IdentityProvidersPerSitesMapEntry, Sitecore.Owin.Authentication" resolve="true">
          <identityProviders hint="list:AddIdentityProvider">
            <identityProvider ref="federatedAuthentication/identityProviders/identityProvider[@id='SamlIDP']" />
          </identityProviders>
          <sites hint="list">
            <site>website</site>
          </sites>
          <externalUserBuilder type="Sitecore.Foundation.Authentication.SamlIDP.SamlIDPExternalUserBuilder, Sitecore.Foundation.Authentication.SamlIDP" resolve="true">
            <IsPersistentUser>false</IsPersistentUser>
          </externalUserBuilder>
        </mapEntry>
      </identityProvidersPerSites>
            
      </federatedAuthentication>
    </sitecore>
</configuration>

注入 Sitecore OWIN 管道的 Sustainsys 设置

var options = new Saml2AuthenticationOptions(false)
{
    SPOptions = new SPOptions
    {
       EntityId = new EntityId(_spEntityId),
       ReturnUrl = new Uri(_spReturnUrl),
    },
    AuthenticationType = GetAuthenticationType()
};

options.IdentityProviders.Add(new Sustainsys.Saml2.IdentityProvider(new EntityId(_ipEntityId), options.SPOptions)
{
   MetadataLocation = _ipMetadataLocation,
   LoadMetadata = true,
   SingleSignOnServiceUrl = new Uri("https://myidp.com/saml20/login?RequestBinding=HTTPPost&PartnerId=https://mysp"),
                

});

options.Notifications = new Saml2Notifications
{
   AcsCommandResultCreated = (result, response) =>
   {
      var identityProvider = GetIdentityProvider();
      ((ClaimsIdentity)result.Principal.Identity).ApplyClaimsTransformations(new TransformationContext(FederatedAuthenticationConfiguration, identityProvider));
   },

};

args.App.UseSaml2Authentication(options);
4

0 回答 0