我正在構建連接到基於Shibboleth的SAML IdP的.net 4.5 MVC應用程序,以提供單點登錄功能。爲此,我正在使用Kentor.AuthServices.Owin中間件。無法通過MVC中的Kentor.AuthServices.Owin訪問聲明或saml屬性
有問題的IdP服務需要使用加密的斷言,而最新版本的Kentor.AuthServices不支持。相反,我不得不在這裏使用Raschmann-fork https://github.com/Raschmann/authservices/tree/78EncryptedAssertion(v0.8.1),然後嘗試..Raschmann/authservices/tree/Release(v0.10.1)。
(使用..Raschmann/authservices /樹/主(v0.12.1) - 或任何的KentorIT Kentor.AuthServices的建立 - 在LOGININFO被空內ExternalLoginCallback結果。)
使用上面讓我通過IdP登錄/註冊應用程序。但是,當調用ExternalLoginCallback時,loginInfo.ExternalIdentity中的ExternalClaims或Claims對象不包含任何聲明。
我已抓獲並解密從IDP SAML響應,並已證實,它正在發送的信息(如名字,姓氏,出生日期等)回我的應用程序,一旦我已經登錄。
如何我可以訪問正在返回的SAML數據嗎?內Startup.Auth.vb
ConfigureAuth:
Public Sub ConfigureAuth(app As IAppBuilder)
' Configure the db context, user manager and signin manager to use a single instance per request
app.CreatePerOwinContext(AddressOf ApplicationDbContext.Create)
app.CreatePerOwinContext(Of ApplicationUserManager)(AddressOf ApplicationUserManager.Create)
app.CreatePerOwinContext(Of ApplicationSignInManager)(AddressOf ApplicationSignInManager.Create)
app.UseCookieAuthentication(New CookieAuthenticationOptions() With {
.AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
.Provider = New CookieAuthenticationProvider() With {
.OnValidateIdentity = SecurityStampValidator.OnValidateIdentity(Of ApplicationUserManager, ApplicationUser)(
validateInterval:=TimeSpan.FromMinutes(30),
regenerateIdentity:=Function(manager, user) user.GenerateUserIdentityAsync(manager))},
.LoginPath = New PathString("/Account/Login")})
app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie)
app.UseTwoFactorSignInCookie(DefaultAuthenticationTypes.TwoFactorCookie, TimeSpan.FromMinutes(5))
app.UseTwoFactorRememberBrowserCookie(DefaultAuthenticationTypes.TwoFactorRememberBrowserCookie)
app.UseKentorAuthServicesAuthentication(New KentorAuthServicesAuthenticationOptions(True))
AntiForgeryConfig.UniqueClaimTypeIdentifier = Global.System.IdentityModel.Claims.ClaimTypes.NameIdentifier
End Sub
ExternalLoginCallback內AccountController.vb:
<AllowAnonymous>
Public Async Function ExternalLoginCallback(returnUrl As String) As Task(Of ActionResult)
Dim loginInfo = Await AuthenticationManager.GetExternalLoginInfoAsync()
If loginInfo Is Nothing Then
Return RedirectToAction("Login")
End If
Dim externalIdentity = Await AuthenticationManager.GetExternalIdentityAsync(DefaultAuthenticationTypes.ExternalCookie)
' Sign in the user with this external login provider if the user already has a login
Dim result = Await SignInManager.ExternalSignInAsync(loginInfo, isPersistent:=False)
Select Case result
Case SignInStatus.Success
Dim user = Await UserManager.FindAsync(loginInfo.Login)
If user IsNot Nothing Then
'user.FirstName = loginInfo.ExternalIdentity.FindFirst(ClaimTypes.Name).Value
'user.Email = loginInfo.ExternalIdentity.FindFirst(ClaimTypes.Email).Value
Await UserManager.UpdateAsync(user)
End If
Return RedirectToLocal(returnUrl)
Case SignInStatus.LockedOut
Return View("Lockout")
Case SignInStatus.RequiresVerification
Return RedirectToAction("SendCode", New With {
.ReturnUrl = returnUrl,
.RememberMe = False
})
Case Else
' If the user does not have an account, then prompt the user to create an account
ViewBag.ReturnUrl = returnUrl
ViewBag.LoginProvider = loginInfo.Login.LoginProvider
Return View("ExternalLoginConfirmation", New ExternalLoginConfirmationViewModel() With {
.Email = loginInfo.Email
})
End Select
End Function
你好@andersabel,我已經將它轉換爲 'app.Use(異步功能(上下文,[明]) 等待[下一頁] .Invoke() 端功能)' 但得到 _Parameter計數調用時出現不匹配。 –
斷點中間件調用後收到的錯誤是: 堆棧跟蹤: [TargetParameterCountException:參數計數不匹配。] System.Reflection.RuntimeMethodInfo。InvokeArgumentsCheck(Object obj,BindingFlags invokeAttr,Binder binder,Object []參數,CultureInfo culture)+11101830 System.Reflection.RuntimeMethodInfo.UnsafeInvoke(Object obj,BindingFlags invokeAttr,Binder binder,Object []參數,CultureInfo culture)+33 System.Delegate.DynamicInvokeImpl(Object [] args)+104 System.Delegate.DynamicInvoke(Object [] args)+ 10' [next] .invoke'問題? –
我嘗試使用Kentor.OwinCookieSaver(在app.UseCookieAuthentication之前聲明它),但是這對代碼的行爲沒有任何影響。 –