在Kentor Auth Services中找不到实体ID为“http://stubidp.kentor.se/Metadata”的IDp错误 - c#

我们需要启用SAML SSO登录到我的应用程序。我的应用程序是Angular JS + Asp.Net Web API解决方案。我的应用程序已经使用Owin Bearer身份验证作为授权模型。

要启用Saml SSO,我将试用Kentor Auth Services。但是当Idp调用我的webapi时,我遇到了一个问题。 kentor服务将引发字典中不存在给定的键。错误。我正在使用http://stubidp.kentor.se/来测试实现。以下是我在入门课程中的Saml配置

public class Startup
    {
        public void Configuration(IAppBuilder app)
        {
            app.UseCors(CorsOptions.AllowAll);
            ConfigureOAuth(app);

            var config = new HttpConfiguration();
            WebApiConfig.Register(config);
            app.UseWebApi(config);

            AreaRegistration.RegisterAllAreas();
            GlobalConfiguration.Configure(WebApiConfig.Register);
            RouteConfig.RegisterRoutes(RouteTable.Routes);
            GlobalConfiguration.Configuration.MessageHandlers.Add(new CachingHandler(GlobalConfiguration.Configuration));
        }
        public void ConfigureOAuth(IAppBuilder app)
        {
            app.CreatePerOwinContext(ApplicationDbContext.Create);
            app.CreatePerOwinContext<ApplicationRoleManager>(ApplicationRoleManager.Create);
            app.CreatePerOwinContext<ApplicationUserManager>(ApplicationUserManager.Create);
            var oAuthServerOptions = new OAuthAuthorizationServerOptions
            {
                AllowInsecureHttp = true,
                TokenEndpointPath = new PathString("/Auth/token"),
                AccessTokenExpireTimeSpan = TimeSpan.FromDays(1),
                Provider = new JobPulseAuthorizationServerProvider()
            };
            app.UseCookieAuthentication(new CookieAuthenticationOptions
            {
                AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
                LoginPath = new PathString("/Account/Login"),
                Provider = new CookieAuthenticationProvider
                {
                    // Enables the application to validate the security stamp when the user logs in.
                    // This is a security feature which is used when you change a password or add an external login to your account.  
                    OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>(
                            validateInterval: TimeSpan.FromMinutes(30),
                            regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager, DefaultAuthenticationTypes.ExternalCookie))
                }
            });
            app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);

            // Token Generation
            //app.UseOAuthAuthorizationServer(oAuthServerOptions);
            //app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions());
            app.UseKentorAuthServicesAuthentication(CreateAuthServicesOptions());
        }

        private static KentorAuthServicesAuthenticationOptions CreateAuthServicesOptions()
        {
            var spOptions = GetServiceProviderOptions();
            var authServicesOptions = new KentorAuthServicesAuthenticationOptions(false)
            {
                SPOptions = spOptions
            };

            var idp = new IdentityProvider(new EntityId("~/App_Data/KentorIDPMetadata.xml"), spOptions)
            {
                AllowUnsolicitedAuthnResponse = true,
                Binding = Saml2BindingType.HttpRedirect,
                SingleSignOnServiceUrl = new Uri("http://stubidp.kentor.se/")
            };

            idp.SigningKeys.AddConfiguredKey(
                    new X509Certificate2(fileName: HostingEnvironment.MapPath(
                                    "~/App_Data/Kentor.AuthServices.StubIdp.cer")));

            authServicesOptions.IdentityProviders.Add(idp);

            return authServicesOptions;
        }

        private static SPOptions GetServiceProviderOptions()
        {
            var cultureInfo = CultureInfo.GetCultureInfo("en-US");
            var organization = new Organization
            {
                Names = { new LocalizedName("Kentor", cultureInfo) },
                DisplayNames = { new LocalizedName("Kentor IT AB", cultureInfo) },
                Urls = { new LocalizedUri(new Uri("http://www.kentor.se"), cultureInfo) }
            };
            var spOptions = new SPOptions
            {
                EntityId = new EntityId("http://localhost:53390/AuthServices/acs"),
                ReturnUrl = new Uri("http://localhost:53390/Account/ExternalLoginCallback"),
                Organization = organization
            };
            spOptions.Contacts.Add(new ContactPerson
            {
                Type = ContactType.Technical,
                EmailAddresses = { "[email protected]" }
            });

            spOptions.Contacts.Add(new ContactPerson
            {
                Type = ContactType.Support,
                EmailAddresses = { "[email protected]" }
            });
            var attributeConsumingService = new AttributeConsumingService("AuthServices")
            {
                IsDefault = true,
                RequestedAttributes =
                {
                    new RequestedAttribute("urn:someName")
                    {
                        FriendlyName = "Some Name",
                        IsRequired = true,
                        NameFormat = RequestedAttribute.AttributeNameFormatUri
                    },
                    new RequestedAttribute("Minimal")
                }
            };
            spOptions.AttributeConsumingServices.Add(attributeConsumingService);

            spOptions.ServiceCertificates.Add(new X509Certificate2(
                    AppDomain.CurrentDomain.SetupInformation.ApplicationBase + "/App_Data/Kentor.AuthServices.Tests.pfx"));

            return spOptions;
        }

    }

错误的堆栈跟踪

[KeyNotFoundException: The given key was not present in the dictionary.]
   System.Collections.Generic.Dictionary`2.get_Item(TKey key) +11759657
   Kentor.AuthServices.Configuration.IdentityProviderDictionary.get_Item(EntityId entityId) +155

[KeyNotFoundException: No Idp with entity id "http://stubidp.kentor.se/Metadata" found.]
   Kentor.AuthServices.Configuration.IdentityProviderDictionary.get_Item(EntityId entityId) +291
   Kentor.AuthServices.Saml2P.Saml2Response.CheckIfUnsolicitedIsAllowed(IOptions options) +108
   Kentor.AuthServices.Saml2P.Saml2Response.Validate(IOptions options) +37
   Kentor.AuthServices.Saml2P.<CreateClaims>d__53.MoveNext() +170
   System.Collections.Generic.List`1..ctor(IEnumerable`1 collection) +381

您能否让我知道为什么Kentor无法获取元数据?

参考方案

您正在将实体ID与元数据的路径混淆。元数据在实体ID的地址处公开,但是如果将元数据放在本地,则需要将它们分开。

var idp = new IdentityProvider(new EntityId("http://stubidp.kentor.se/Metadata"), spOptions)
{
  MetadataLocation = ""~/App_Data/KentorIDPMetadata.xml"
  AllowUnsolicitedAuthnResponse = true,
  // No need to add these if metadata is read.
  // Binding = Saml2BindingType.HttpRedirect,
  // SingleSignOnServiceUrl = new Uri("http://stubidp.kentor.se/")
};

另一种更简单的方法是直接从idp加载元数据:

var idp = new IdentityProvider(new EntityId("http://stubidp.kentor.se/Metadata"), spOptions)
{
  LoadMetadata = true,
  AllowUnsolicitedAuthnResponse = true,
};

Java SE 7:执行顺序 - java

我正在为Java SE 7考试而学习,并且正在研究示例问题。我似乎无法弄清楚为什么以下程序以x y c g的顺序返回。我理解为什么首先运行x,因为它是一个静态初始化块,但是有人可以解释为什么y在c和g之前运行吗?public class Triangle { Triangle() { System.out.print("c "); } {…

如何在Mac上的Netbeans中查看Java SE 6源代码? - java

This question already has answers here: Closed 8 years ago. Possible Duplicate: Source code for Mac OS X java version 1.6.0_22我一直在使用Java EE 6开发Web应用程序。在工作中,我在Windows 7上使用Netbeans。我…

Laravel 5.4 Auth::User()与关系不起作用 - php

我有Table Vendors(用于测试Auth关系)和Table Vendor_users,但是我用Auth::user()不是关系和这个数据库在供应商模型中 protected $table = 'vendor_users'; public function Vendor_test(){ return $this->belong…

gradle java9无法使用工具链:“ JDK 8(1.8)”来定位平台:“ Java SE 9” - java

我想在月食氧气内的gradle项目中使用java9。当我 跑:Run as> Gradle Test on GreeterTest.java 使用以下代码:package hello.test; import static org.junit.jupiter.api.Assertions.*; import org.junit.jupiter.api.…

使用Gunicorn和Nginx部署Django时出现500个内部服务器错误 - python

我创建了一个简单的django应用程序用于用户身份验证,然后我想使用gunicorn在nginx上进行部署。我用2个字段创建我的自定义用户模型:用户名,密码。python manange.py runserver 0.0.0.0:8000 运行良好!但是,当我尝试使用gunicorn在nginx上进行部署时,出现500个内部服务器错误。我用gunicorn测…