我有一个 Web 应用程序在使用“UseOpenIdConnectAuthentication”进行 SSO 身份验证验证时出现问题,当他们尝试验证 IdToken 时该应用程序失败。它发生在每 24 小时/发生翻转时。然后站点需要更改配置或重新启动 Azure 堆栈服务器,它可以帮助我们仅在接下来的 24 小时/翻转中解决问题。但有趣的是,它只发生在除阶段、测试和开发之外的生产服务器中。比较这 4 台服务器时,生产使用的是 ELR 服务器,而其他服务器使用的是 Azure Stack 公共云中的 CTC。除此之外,服务器之间没有其他重大变化。除非我们仍然无法指出问题发生在哪里,它是否与 SSO 配置(每个服务器中的配置值不同)和/或 .
DotNet - 框架 4.7.1
错误描述 - IDX10501:签名验证失败。无法匹配键:孩子:'[PII 已隐藏]',令牌:'[PII 已隐藏]'。
你能帮助我们摆脱这个问题吗?
public static void Configuration(IAppBuilder app)
{
var configurationManager = new ConfigurationManager<OpenIdConnectConfiguration>(
$"{OidcOptions.Authority}/.well-known/openid-configuration",
new OpenIdConnectConfigurationRetriever(),
new HttpDocumentRetriever());
var discoveryDocument = configurationManager.GetConfigurationAsync().Result;
var signingKeys = GetSecurityKeyAsync(discoveryDocument.JwksUri).Result;
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
CookieManager = new SystemWebCookieManager()
});
app.UseOpenIdConnectAuthentication(
new OpenIdConnectAuthenticationOptions
{
ClientId = OidcOptions.ClientId,
ClientSecret = OidcOptions.ClientSecret,
Authority = OidcOptions.Authority,
RedirectUri = OidcOptions.RedirectUri,
PostLogoutRedirectUri = OidcOptions.PostLogoutRedirectUri,
Scope = OidcOptions.Scope,
ResponseType = OidcOptions.ResponseType,
UseTokenLifetime = false,
TokenValidationParameters = new TokenValidationParameters()
{
IssuerSigningKeys = signingKeys,
RequireSignedTokens = true,
RequireExpirationTime = true,
ValidateLifetime = true,
ValidateAudience = true,
ValidAudience = OidcOptions.Audience,
ValidateIssuer = true,
ValidIssuer = OidcOptions.Issuer
},
Notifications = new OpenIdConnectAuthenticationNotifications
{
AuthenticationFailed = OnAuthenticationFailed,
MessageReceived = OnMessageReceived,
RedirectToIdentityProvider = OnRedirectToIdentityProvider,
SecurityTokenValidated = OnSecurityTokenValidated
}
}
);
}