1

所以我有两个演示应用程序要测试。一个在 .net 4.7 中,另一个在 .net core 3.1 中。运行应用程序时,我会得到不同的结果,具体取决于所使用的应用程序。

在他们两个中,我都将 CertificationValidationMode 设置为 None。

在 .Net 核心中,我收到此错误:

ITfoxtec.Identity.Saml2.Cryptography.InvalidSignatureException: Signature is invalid.
   at ITfoxtec.Identity.Saml2.Saml2Request.ValidateXmlSignature(SignatureValidation documentValidationResult)
   at ITfoxtec.Identity.Saml2.Saml2Request.Read(String xml, Boolean validateXmlSignature)
   at ITfoxtec.Identity.Saml2.Saml2Response.Read(String xml, Boolean validateXmlSignature)
   at ITfoxtec.Identity.Saml2.Saml2AuthnResponse.Read(String xml, Boolean validateXmlSignature)
   at ITfoxtec.Identity.Saml2.Saml2PostBinding.Read(HttpRequest request, Saml2Request saml2RequestResponse, String messageName, Boolean validateXmlSignature)
   at ITfoxtec.Identity.Saml2.Saml2PostBinding.UnbindInternal(HttpRequest request, Saml2Request saml2RequestResponse, String messageName)
   at ITfoxtec.Identity.Saml2.Saml2Binding`1.Unbind(HttpRequest request, Saml2Response saml2Response)

这很好,因为我修改了断言以延长测试时间,此时我假设验证被绕过并且由于不匹配而失败。

在 .Net Framework 中,出现此错误:

ID4037: The key needed to verify the signature could not be resolved from the following security key
        identifier
        'SecurityKeyIdentifier(
          IsReadOnly = False,
          Count = 1,
          Clause[0] = System.IdentityModel.Tokens.Saml2SecurityKeyIdentifierClause
         )
        '. Ensure that the SecurityTokenResolver is populated with the required key.
   at System.IdentityModel.EnvelopedSignatureReader.ResolveSigningCredentials()
   at System.IdentityModel.EnvelopedSignatureReader.OnEndOfRootElement()
   at System.IdentityModel.EnvelopedSignatureReader.Read()
   at System.Xml.XmlReader.ReadEndElement()
   at System.IdentityModel.Tokens.Saml2SecurityTokenHandler.ReadAssertion(XmlReader reader)
   at System.IdentityModel.Tokens.Saml2SecurityTokenHandler.ReadToken(XmlReader reader)
   at ITfoxtec.Identity.Saml2.Saml2AuthnResponse.ReadSecurityToken(XmlNode assertionElement)
   at ITfoxtec.Identity.Saml2.Saml2AuthnResponse.Read(String xml, Boolean validateXmlSignature)
   at ITfoxtec.Identity.Saml2.Saml2PostBinding.Read(HttpRequest request, Saml2Request saml2RequestResponse, String messageName, Boolean validateXmlSignature)
   at ITfoxtec.Identity.Saml2.Saml2Binding`1.ReadSamlResponse(HttpRequest request, Saml2Response saml2Response)

在这里,我认为验证正在发生,它没有被绕过,并且失败了。基本上忽略验证模式。

我想错了吗?谢谢

4

1 回答 1

0

正如您所说,关于 .NET 核心的结果看起来是正确的。

看起来 .Net Framework 找不到与 SAML 中使用的证书匹配的证书。2.0 认证响应。也许 .Net Framework 应用程序没有配置正确的证书?我认为这与验证模式无关。

于 2021-05-24T11:47:06.677 回答