0

在默认情况下配置 AWS SSO SAML 2.0 应用程序时,它不包括,NameIdFormat如果我们为我们的服务提供商使用此默认元数据,Sustainsys/Saml2 会给出如下错误。我们可以使用哪种配置使其在没有任何定义的情况下工作NameIdFormat

身份提供者提供的元数据

请注意元数据中的 <md:NameIDFormat />

<?xml version="1.0" encoding="UTF-8"?>
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" entityID="https://portal.sso.us-east-2.amazonaws.com/saml/assertion/REMOVED_FOR_BREVITY">
   <md:IDPSSODescriptor WantAuthnRequestsSigned="false" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
      <md:KeyDescriptor use="signing">
         <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:X509Data>
               <ds:X509Certificate>REMOVED_FOR_BREVITY</ds:X509Certificate>
            </ds:X509Data>
         </ds:KeyInfo>
      </md:KeyDescriptor>
      <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://portal.sso.us-east-2.amazonaws.com/saml/logout/REMOVED_FOR_BREVITY" />
      <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://portal.sso.us-east-2.amazonaws.com/saml/logout/REMOVED_FOR_BREVITY" />
      <md:NameIDFormat />
      <md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://portal.sso.us-east-2.amazonaws.com/saml/assertion/REMOVED_FOR_BREVITY" />
      <md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://portal.sso.us-east-2.amazonaws.com/saml/assertion/REMOVED_FOR_BREVITY" />
   </md:IDPSSODescriptor>
</md:EntityDescriptor>

Sustainsys/Saml2 返回错误

Sustainsys.Saml2.Metadata.MetadataSerializationException: NameIDFormat element with no uri
   at Sustainsys.Saml2.Metadata.MetadataSerializer.ReadNameIDFormat(XmlReader reader)
   at Sustainsys.Saml2.Metadata.MetadataSerializer.ReadSsoDescriptorElement(XmlReader reader, SsoDescriptor descriptor)
   at Sustainsys.Saml2.Metadata.MetadataSerializer.<>c__DisplayClass119_0.<ReadIdpSsoDescriptor>b__0()
   at Sustainsys.Saml2.Metadata.MetadataSerializer.ReadChildren(XmlReader reader, Func`1 childAction)
   at Sustainsys.Saml2.Metadata.MetadataSerializer.ReadIdpSsoDescriptor(XmlReader reader)
   at Sustainsys.Saml2.Metadata.MetadataSerializer.<>c__DisplayClass118_0.<ReadEntityDescriptor>b__0()
   at Sustainsys.Saml2.Metadata.MetadataSerializer.ReadChildren(XmlReader reader, Func`1 childAction)
   at Sustainsys.Saml2.Metadata.MetadataSerializer.ReadEntityDescriptor(XmlReader reader, SecurityTokenResolver tokenResolver)
   at Sustainsys.Saml2.Metadata.MetadataLoader.Load(XmlDictionaryReader reader)
   at Sustainsys.Saml2.Metadata.MetadataLoader.Load(String metadataLocation, IEnumerable`1 signingKeys, Boolean validateCertificate, String minIncomingSigningAlgorithm)
   at Sustainsys.Saml2.Metadata.MetadataLoader.LoadIdp(String metadataLocation, Boolean unpackEntitiesDescriptor)
   at Sustainsys.Saml2.IdentityProvider.DoLoadMetadata()
   at Sustainsys.Saml2.IdentityProvider.set_LoadMetadata(Boolean value)......
4

0 回答 0