我是 SAML2 身份验证的新手,并尝试过使用 ITfoxtec。运行我的应用程序时出现此错误
AuthenticationException:根据验证程序,远程证书无效。System.Net.Security.SslStream.StartSendAuthResetSignal(ProtocolToken 消息,AsyncProtocolRequest asyncRequest,ExceptionDispatchInfo 异常)
HttpRequestException:无法建立 SSL 连接,请参阅内部异常。System.Net.Http.ConnectHelper.EstablishSslConnectionAsyncCore(流流,SslClientAuthenticationOptions sslOptions,CancellationToken cancelToken)
WebException:无法建立 SSL 连接,请参阅内部异常。根据验证程序,远程证书无效。System.Net.HttpWebRequest.GetResponse()
我正在使用使用 OpenSSL 生成的证书,并将 pfx 证书安装在 MMC 的受信任的根 CA 存储中。我不确定为什么它仍然会导致我出错。我还已经在我的 ADFS 中将该应用程序添加为依赖信任方。## 标题 ##
这是我的 StartUp.cs 的片段
services.Configure<Saml2Configuration>(Configuration.GetSection("Saml2"));
services.Configure<Saml2Configuration>(saml2Configuration =>
{
//saml2Configuration.SignAuthnRequest = true;
saml2Configuration.SigningCertificate = CertificateUtil.Load(Configuration["Saml2:SigningCertificateFile"], Configuration["Saml2:SigningCertificatePassword"]);
//saml2Configuration.SigningCertificate = CertificateUtil.Load(AppEnvironment.MapToPhysicalFilePath(Configuration["Saml2:SigningCertificateFile"]), Configuration["Saml2:SigningCertificatePassword"]);
var entityDescriptor = new EntityDescriptor();
entityDescriptor.ReadIdPSsoDescriptorFromUrl(new Uri(Configuration["Saml2:IdPMetadata"]));
if (entityDescriptor.IdPSsoDescriptor != null)
{
saml2Configuration.AllowedIssuer = entityDescriptor.EntityId;
saml2Configuration.SingleSignOnDestination = entityDescriptor.IdPSsoDescriptor.SingleSignOnServices.First().Location;
saml2Configuration.SingleLogoutDestination = entityDescriptor.IdPSsoDescriptor.SingleLogoutServices.First().Location;
saml2Configuration.SignatureValidationCertificates.AddRange(entityDescriptor.IdPSsoDescriptor.SigningCertificates);
if (entityDescriptor.IdPSsoDescriptor.WantAuthnRequestsSigned.HasValue)
{
saml2Configuration.SignAuthnRequest = entityDescriptor.IdPSsoDescriptor.WantAuthnRequestsSigned.Value;
}
}
else
{
throw new Exception("IdPSsoDescriptor not loaded from metadata.");
}
});
services.AddSaml2();
这是我的appsettings.json
"Saml2": {
"IdPMetadata": "adfs url/FederationMetadata/2007-06/FederationMetadata.xml",
"Issuer": "saml_Example",
"SingleSignOnDestination": "http://adfs url/adfs/ls/",
"SignatureAlgorithm": "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256",
"SigningCertificateFile": "cert.pfx",
"SigningCertificatePassword": "pw",
"CertificateValidationMode": "None",
"RevocationMode": "NoCheck"
},