我们需要启用SAML SSO登录到我的应用程序。我的应用程序是Angular JS + Asp.Net Web API解决方案。我的应用程序已经使用Owin Bearer身份验证作为授权模型。
要启用Saml SSO,我将试用Kentor Auth Services。但是当Idp调用我的webapi时,我遇到了一个问题。 kentor服务将引发字典中不存在给定的键。错误。我正在使用http://stubidp.kentor.se/来测试实现。以下是我在入门课程中的Saml配置
public class Startup
{
public void Configuration(IAppBuilder app)
{
app.UseCors(CorsOptions.AllowAll);
ConfigureOAuth(app);
var config = new HttpConfiguration();
WebApiConfig.Register(config);
app.UseWebApi(config);
AreaRegistration.RegisterAllAreas();
GlobalConfiguration.Configure(WebApiConfig.Register);
RouteConfig.RegisterRoutes(RouteTable.Routes);
GlobalConfiguration.Configuration.MessageHandlers.Add(new CachingHandler(GlobalConfiguration.Configuration));
}
public void ConfigureOAuth(IAppBuilder app)
{
app.CreatePerOwinContext(ApplicationDbContext.Create);
app.CreatePerOwinContext<ApplicationRoleManager>(ApplicationRoleManager.Create);
app.CreatePerOwinContext<ApplicationUserManager>(ApplicationUserManager.Create);
var oAuthServerOptions = new OAuthAuthorizationServerOptions
{
AllowInsecureHttp = true,
TokenEndpointPath = new PathString("/Auth/token"),
AccessTokenExpireTimeSpan = TimeSpan.FromDays(1),
Provider = new JobPulseAuthorizationServerProvider()
};
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/Account/Login"),
Provider = new CookieAuthenticationProvider
{
// Enables the application to validate the security stamp when the user logs in.
// This is a security feature which is used when you change a password or add an external login to your account.
OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>(
validateInterval: TimeSpan.FromMinutes(30),
regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager, DefaultAuthenticationTypes.ExternalCookie))
}
});
app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);
// Token Generation
//app.UseOAuthAuthorizationServer(oAuthServerOptions);
//app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions());
app.UseKentorAuthServicesAuthentication(CreateAuthServicesOptions());
}
private static KentorAuthServicesAuthenticationOptions CreateAuthServicesOptions()
{
var spOptions = GetServiceProviderOptions();
var authServicesOptions = new KentorAuthServicesAuthenticationOptions(false)
{
SPOptions = spOptions
};
var idp = new IdentityProvider(new EntityId("~/App_Data/KentorIDPMetadata.xml"), spOptions)
{
AllowUnsolicitedAuthnResponse = true,
Binding = Saml2BindingType.HttpRedirect,
SingleSignOnServiceUrl = new Uri("http://stubidp.kentor.se/")
};
idp.SigningKeys.AddConfiguredKey(
new X509Certificate2(fileName: HostingEnvironment.MapPath(
"~/App_Data/Kentor.AuthServices.StubIdp.cer")));
authServicesOptions.IdentityProviders.Add(idp);
return authServicesOptions;
}
private static SPOptions GetServiceProviderOptions()
{
var cultureInfo = CultureInfo.GetCultureInfo("en-US");
var organization = new Organization
{
Names = { new LocalizedName("Kentor", cultureInfo) },
DisplayNames = { new LocalizedName("Kentor IT AB", cultureInfo) },
Urls = { new LocalizedUri(new Uri("http://www.kentor.se"), cultureInfo) }
};
var spOptions = new SPOptions
{
EntityId = new EntityId("http://localhost:53390/AuthServices/acs"),
ReturnUrl = new Uri("http://localhost:53390/Account/ExternalLoginCallback"),
Organization = organization
};
spOptions.Contacts.Add(new ContactPerson
{
Type = ContactType.Technical,
EmailAddresses = { "[email protected]" }
});
spOptions.Contacts.Add(new ContactPerson
{
Type = ContactType.Support,
EmailAddresses = { "[email protected]" }
});
var attributeConsumingService = new AttributeConsumingService("AuthServices")
{
IsDefault = true,
RequestedAttributes =
{
new RequestedAttribute("urn:someName")
{
FriendlyName = "Some Name",
IsRequired = true,
NameFormat = RequestedAttribute.AttributeNameFormatUri
},
new RequestedAttribute("Minimal")
}
};
spOptions.AttributeConsumingServices.Add(attributeConsumingService);
spOptions.ServiceCertificates.Add(new X509Certificate2(
AppDomain.CurrentDomain.SetupInformation.ApplicationBase + "/App_Data/Kentor.AuthServices.Tests.pfx"));
return spOptions;
}
}
错误的堆栈跟踪
[KeyNotFoundException: The given key was not present in the dictionary.]
System.Collections.Generic.Dictionary`2.get_Item(TKey key) +11759657
Kentor.AuthServices.Configuration.IdentityProviderDictionary.get_Item(EntityId entityId) +155
[KeyNotFoundException: No Idp with entity id "http://stubidp.kentor.se/Metadata" found.]
Kentor.AuthServices.Configuration.IdentityProviderDictionary.get_Item(EntityId entityId) +291
Kentor.AuthServices.Saml2P.Saml2Response.CheckIfUnsolicitedIsAllowed(IOptions options) +108
Kentor.AuthServices.Saml2P.Saml2Response.Validate(IOptions options) +37
Kentor.AuthServices.Saml2P.<CreateClaims>d__53.MoveNext() +170
System.Collections.Generic.List`1..ctor(IEnumerable`1 collection) +381
您能否让我知道为什么Kentor无法获取元数据?
参考方案
您正在将实体ID与元数据的路径混淆。元数据在实体ID的地址处公开,但是如果将元数据放在本地,则需要将它们分开。
var idp = new IdentityProvider(new EntityId("http://stubidp.kentor.se/Metadata"), spOptions)
{
MetadataLocation = ""~/App_Data/KentorIDPMetadata.xml"
AllowUnsolicitedAuthnResponse = true,
// No need to add these if metadata is read.
// Binding = Saml2BindingType.HttpRedirect,
// SingleSignOnServiceUrl = new Uri("http://stubidp.kentor.se/")
};
另一种更简单的方法是直接从idp加载元数据:
var idp = new IdentityProvider(new EntityId("http://stubidp.kentor.se/Metadata"), spOptions)
{
LoadMetadata = true,
AllowUnsolicitedAuthnResponse = true,
};
Java SE 7:执行顺序 - java我正在为Java SE 7考试而学习,并且正在研究示例问题。我似乎无法弄清楚为什么以下程序以x y c g的顺序返回。我理解为什么首先运行x,因为它是一个静态初始化块,但是有人可以解释为什么y在c和g之前运行吗?public class Triangle { Triangle() { System.out.print("c "); } {…
如何在Mac上的Netbeans中查看Java SE 6源代码? - javaThis question already has answers here: Closed 8 years ago. Possible Duplicate: Source code for Mac OS X java version 1.6.0_22我一直在使用Java EE 6开发Web应用程序。在工作中,我在Windows 7上使用Netbeans。我…
Laravel 5.4 Auth::User()与关系不起作用 - php我有Table Vendors(用于测试Auth关系)和Table Vendor_users,但是我用Auth::user()不是关系和这个数据库在供应商模型中 protected $table = 'vendor_users'; public function Vendor_test(){ return $this->belong…
gradle java9无法使用工具链:“ JDK 8(1.8)”来定位平台:“ Java SE 9” - java我想在月食氧气内的gradle项目中使用java9。当我 跑:Run as> Gradle Test on GreeterTest.java 使用以下代码:package hello.test; import static org.junit.jupiter.api.Assertions.*; import org.junit.jupiter.api.…
使用Gunicorn和Nginx部署Django时出现500个内部服务器错误 - python我创建了一个简单的django应用程序用于用户身份验证,然后我想使用gunicorn在nginx上进行部署。我用2个字段创建我的自定义用户模型:用户名,密码。python manange.py runserver 0.0.0.0:8000 运行良好!但是,当我尝试使用gunicorn在nginx上进行部署时,出现500个内部服务器错误。我用gunicorn测…