2014-02-27 104 views
0

這是推動我現在瘋了,我相信我我失去了一些東西簡單,但我不能讓我的用戶認證與我公司STS工作。 我正在使用.net 4.5.1,使用WIF的asp.net MVC。我的應用程序被成功重定向到公司STS - web.config中,如下SAML2令牌不WIF /聯合/ STS工作SSO - 請幫助/建議

<system.identityModel> 
    <identityConfiguration> 
     <claimsAuthenticationManager type="ENT.Common.Security.ClaimsTransformationModule, ENT.Common.Security" /> 
     <claimsAuthorizationManager type="ENT.Common.Security.ENTClaimsAuthorizationManager,ENT.Common.Security" /> 
     <securityTokenHandlers>   
     <add type="ENT.Common.Security.eonToken, ENT.Common.Security" /> 
     </securityTokenHandlers> 
     <audienceUris>   
     <add value="userportal.ect-sys.net" />   
     </audienceUris> 
     <issuerNameRegistry type="System.IdentityModel.Tokens.ConfigurationBasedIssuerNameRegistry, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"> 
     <trustedIssuers> 
      <add thumbprint="385c9689ea602a849547786d531782ca0b6b6ac5" name="eon-apps.com" /> 
     </trustedIssuers> 
     </issuerNameRegistry>    
    </identityConfiguration> 
    </system.identityModel> 
    <system.identityModel.services> 
    <federationConfiguration> 
     <cookieHandler requireSsl="false" /> 
     <wsFederation passiveRedirectEnabled="true" issuer="https://q-www.eon-apps.com/GetAccess/Saml/IDP/SSO/Unsolicited?TARGET=http://userportal.ect-sys.net/" realm="http://userportal.ect-sys.net" requireHttps="false" />  
    </federationConfiguration> 
    </system.identityModel.services> 

我得到一個SAML響應回到我所使用招

SAMLResponse=PHNhbWxwOlJlc3BvbnNlIHhtbG5zOnNhbWxwPSJ1cm46b2FzaXM6bmFtZXM6dGM6%0D%0AU0FNTDoyLjA6cHJvdG9jb2wiIHhtbG5zOmRzPSJodHRwOi8vd3d3LnczLm9yZy8y%0D%0AMDAwLzA5L3htbGRzaWcjIiB4bWxuczpzYW1sPSJ1cm46b2FzaXM6bmFtZXM6dGM6%0D%0AU0FNTDoyLjA6YXNzZXJ0aW9uIiB4bWxuczp4cz0iaHR0cDovL3d3dy53My5vcmcv%0D%0AMjAwMS9YTUxTY2hlbWEiIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAw%0D%0AMS9YTUxTY2hlbWEtaW5zdGFuY2UiIERlc3RpbmF0aW9uPSJodHRwOi8vdXNlcnBv%0D%0AcnRhbC5lY3Qtc3lzLm5ldCIgSUQ9IkkxMTI1MkI1NEE0MjA0MDM4NzAwMThGQUM0%0D%0ARDlCQ0U5ODJFM0I0QUYxIiBJc3N1ZUluc3RhbnQ9IjIwMTQtMDItMjdUMTA6NDE6%0D%0ANDFaIiBWZXJzaW9uPSIyLjAiPjxzYW1sOklzc3Vlcj5lb24tYXBwcy5jb208L3Nh%0D%0AbWw6SXNzdWVyPjxkc2lnOlNpZ25hdHVyZSB4bWxuczpkc2lnPSJodHRwOi8vd3d3%0D%0ALnczLm9yZy8yMDAwLzA5L3htbGRzaWcjIj48ZHNpZzpTaWduZWRJbmZvPjxkc2ln%0D%0AOkNhbm9uaWNhbGl6YXRpb25NZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3Lncz%0D%0ALm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz48ZHNpZzpTaWduYXR1cmVNZXRo%0D%0Ab2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcj%0D%0AcnNhLXNoYTEiLz48ZHNpZzpSZWZlcmVuY2UgVVJJPSIjSTExMjUyQjU0QTQyMDQw%0D%0AMzg3MDAxOEZBQzREOUJDRTk4MkUzQjRBRjEiPjxkc2lnOlRyYW5zZm9ybXM%2BPGRz%0D%0AaWc6VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8w%0D%0AOS94bWxkc2lnI2VudmVsb3BlZC1zaWduYXR1cmUiLz48ZHNpZzpUcmFuc2Zvcm0g%0D%0AQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0%0D%0AbiMiPjxlYzE0bjpJbmNsdXNpdmVOYW1lc3BhY2VzIHhtbG5zOmVjMTRuPSJodHRw%0D%0AOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiIFByZWZpeExpc3Q9%0D%0AInhzIHhzaSIvPjwvZHNpZzpUcmFuc2Zvcm0%2BPC9kc2lnOlRyYW5zZm9ybXM%2BPGRz%0D%0AaWc6RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAw%0D%0AMC8wOS94bWxkc2lnI3NoYTEiLz48ZHNpZzpEaWdlc3RWYWx1ZT54aUFhTnJwVDAw%0D%0AMlF0WXRLUUVFekJDNFNGeTQ9PC9kc2lnOkRpZ2VzdFZhbHVlPjwvZHNpZzpSZWZl%0D%0AcmVuY2U%2BPC9kc2lnOlNpZ25lZEluZm8%2BPGRzaWc6U2lnbmF0dXJlVmFsdWU%2BWnJK%0D%0ATE9LWEVZdDhyZkMyeG9tTEtzU3lQUE5lbXQ1SGlnYUgydlFTczBjcjZIWDRMUHRl%0D%0ATWtEZXVjTkdSUURUOVpYV2VINkNDUi91MTZjSHIzalNpdUVwMGhVT1lvSVZGTExy%0D%0AVER2dVord2ZIMTk4SnczSjl5Z2t5Zjh0Y3p5bWprZ09xSC9FblZFTDk0aUlCQ1g4%0D%0AQkpyS2orSEwyNVM3YnV5MHA1RnBza1NxKzdUV3REZUVSY3NBYVpjRnJXSFV0NHJB%0D%0AZ2paTml4WEVJeE03NldqY1RwOHM4R2JhU2wzRWxvQlZRKzF2b1RyOXZhSks4cXUw%0D%0AbnUxeVJuVGgwbDQ1dktoNWduYXFGU0c1cDlta1piSHhJR0NITURFRytnL24rNTRP%0D%0AcEp6R0NFNmVmUE91Y2ppOWtuN3RWTDJiWkZJTGIxdW1oTWZZY3FseFNuemlBUTFQ%0D%0AK3ZRPT08L2RzaWc6U2lnbmF0dXJlVmFsdWU%2BPC9kc2lnOlNpZ25hdHVyZT48c2Ft%0D%0AbHA6U3RhdHVzPjxzYW1scDpTdGF0dXNDb2RlIFZhbHVlPSJ1cm46b2FzaXM6bmFt%0D%0AZXM6dGM6U0FNTDoyLjA6c3RhdHVzOlN1Y2Nlc3MiLz48L3NhbWxwOlN0YXR1cz48%0D%0Ac2FtbDpBc3NlcnRpb24geG1sbnM6eGVuYz0iaHR0cDovL3d3dy53My5vcmcvMjAw%0D%0AMS8wNC94bWxlbmMjIiBJRD0iQTNFNzc0MUU5RTAxNUU1MjY3MjRGRkZFQ0ZFMTk4%0D%0AQUVDOThDM0Q3QkEiIElzc3VlSW5zdGFudD0iMjAxNC0wMi0yN1QxMDo0MTo0MVoi%0D%0AIFZlcnNpb249IjIuMCIgeG1sbnM6ZHM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAv%0D%0AMDkveG1sZHNpZyMiIHhtbG5zOnNhbWw9InVybjpvYXNpczpuYW1lczp0YzpTQU1M%0D%0AOjIuMDphc3NlcnRpb24iIHhtbG5zOnhzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAx%0D%0AL1hNTFNjaGVtYSIgeG1sbnM6eHNpPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hN%0D%0ATFNjaGVtYS1pbnN0YW5jZSI%2BPHNhbWw6SXNzdWVyPmVvbi1hcHBzLmNvbTwvc2Ft%0D%0AbDpJc3N1ZXI%2BPGRzaWc6U2lnbmF0dXJlIHhtbG5zOmRzaWc9Imh0dHA6Ly93d3cu%0D%0AdzMub3JnLzIwMDAvMDkveG1sZHNpZyMiPjxkc2lnOlNpZ25lZEluZm8%2BPGRzaWc6%0D%0AQ2Fub25pY2FsaXphdGlvbk1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMu%0D%0Ab3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPjxkc2lnOlNpZ25hdHVyZU1ldGhv%0D%0AZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNy%0D%0Ac2Etc2hhMSIvPjxkc2lnOlJlZmVyZW5jZSBVUkk9IiNBM0U3NzQxRTlFMDE1RTUy%0D%0ANjcyNEZGRkVDRkUxOThBRUM5OEMzRDdCQSI%2BPGRzaWc6VHJhbnNmb3Jtcz48ZHNp%0D%0AZzpUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5%0D%0AL3htbGRzaWcjZW52ZWxvcGVkLXNpZ25hdHVyZSIvPjxkc2lnOlRyYW5zZm9ybSBB%0D%0AbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRu%0D%0AIyI%2BPGVjMTRuOkluY2x1c2l2ZU5hbWVzcGFjZXMgeG1sbnM6ZWMxNG49Imh0dHA6%0D%0ALy93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIgUHJlZml4TGlzdD0i%0D%0AeHMgeHNpIi8%2BPC9kc2lnOlRyYW5zZm9ybT48L2RzaWc6VHJhbnNmb3Jtcz48ZHNp%0D%0AZzpEaWdlc3RNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAw%0D%0ALzA5L3htbGRzaWcjc2hhMSIvPjxkc2lnOkRpZ2VzdFZhbHVlPm9rbVNjQ1VGdlU2%0D%0AcERIdGNtZ3lQQjNqMENLST08L2RzaWc6RGlnZXN0VmFsdWU%2BPC9kc2lnOlJlZmVy%0D%0AZW5jZT48L2RzaWc6U2lnbmVkSW5mbz48ZHNpZzpTaWduYXR1cmVWYWx1ZT51dlNP%0D%0AUDJBaVBTTmF6N2U1VnluUW9Qc0RuNVl2c1FzVXU4RzQ2UzJhMTB4MGtNbWxjdXNp%0D%0AbDJTZ0VhZVpHZVBKb3JMZHZYdytVK050cGtrbDg1RTViU1lqSW1KUDJ5bVhZMDha%0D%0AVC9pK1dpSlBnQm9SLzhscmpLdzNwTmNJUnhRNHRCaVh4OTZtNFZPcGJUc0plNGpH%0D%0AY1c3bHBSc1Z0cmVZRzRHNFpOTmlTVVpHazlRLzVHTUcyaGNNOXFLNjBQWHpQN1k5%0D%0AcTNLSkFtNENaRTRJNndseFlPY3RqdHE5VDVOamF2UHdNbVdWcGkyRkN0bWFtYjV5%0D%0Ad2huc1lnQzdvTHNicVYvdHBiUWdMQzNVdkpmTk1ZajFGZzBvVFZ0N0xNdWdTbUd4%0D%0AMUlNVXlpbVpDWTRBTDJ6K2hmcUIrWEhEdU1EY3k1Q1paaEFjSnRBekhnZStOM29P%0D%0AaXc9PTwvZHNpZzpTaWduYXR1cmVWYWx1ZT48L2RzaWc6U2lnbmF0dXJlPjxzYW1s%0D%0AOlN1YmplY3Q%2BPHNhbWw6TmFtZUlEIEZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRj%0D%0AOlNBTUw6Mi4wOm5hbWVpZC1mb3JtYXQ6dHJhbnNpZW50IiBOYW1lUXVhbGlmaWVy%0D%0APSJlb24tYXBwcy5jb20iIFNQTmFtZVF1YWxpZmllcj0idXNlcnBvcnRhbC5lY3Qt%0D%0Ac3lzLm5ldCI%2BNDJkMTk5OWNhMDc4YWZiOGIxNmJmM2JmMGY0OTg3NzVhNWZmYzRi%0D%0AMzwvc2FtbDpOYW1lSUQ%2BPHNhbWw6U3ViamVjdENvbmZpcm1hdGlvbiBNZXRob2Q9%0D%0AInVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpjbTpiZWFyZXIiPjxzYW1sOlN1%0D%0AYmplY3RDb25maXJtYXRpb25EYXRhIE5vdE9uT3JBZnRlcj0iMjAxNC0wMi0yN1Qx%0D%0AMDo0Mzo0MVoiIFJlY2lwaWVudD0iaHR0cDovL3VzZXJwb3J0YWwuZWN0LXN5cy5u%0D%0AZXQiLz48L3NhbWw6U3ViamVjdENvbmZpcm1hdGlvbj48L3NhbWw6U3ViamVjdD48%0D%0Ac2FtbDpDb25kaXRpb25zIE5vdEJlZm9yZT0iMjAxNC0wMi0yN1QxMDo0MDo0MVoi%0D%0AIE5vdE9uT3JBZnRlcj0iMjAxNC0wMi0yN1QxMDo0Mzo0MVoiPjxzYW1sOkF1ZGll%0D%0AbmNlUmVzdHJpY3Rpb24%2BPHNhbWw6QXVkaWVuY2U%2BdXNlcnBvcnRhbC5lY3Qtc3lz%0D%0ALm5ldDwvc2FtbDpBdWRpZW5jZT48L3NhbWw6QXVkaWVuY2VSZXN0cmljdGlvbj48%0D%0Ac2FtbDpPbmVUaW1lVXNlLz48L3NhbWw6Q29uZGl0aW9ucz48c2FtbDpBdXRoblN0%0D%0AYXRlbWVudCBBdXRobkluc3RhbnQ9IjIwMTQtMDItMjdUMTA6MTQ6NDlaIiBTZXNz%0D%0AaW9uSW5kZXg9IkEzRTc3NDFFOUUwMTVFNTI2NzI0RkZGRUNGRTE5OEFFQzk4QzNE%0D%0AN0JBIiBTZXNzaW9uTm90T25PckFmdGVyPSIyMDE0LTAyLTI3VDE4OjE1OjQ5WiI%2B%0D%0APHNhbWw6QXV0aG5Db250ZXh0PjxzYW1sOkF1dGhuQ29udGV4dENsYXNzUmVmPnVy%0D%0AbjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphYzpjbGFzc2VzOlBhc3N3b3JkPC9z%0D%0AYW1sOkF1dGhuQ29udGV4dENsYXNzUmVmPjwvc2FtbDpBdXRobkNvbnRleHQ%2BPC9z%0D%0AYW1sOkF1dGhuU3RhdGVtZW50PjxzYW1sOkF0dHJpYnV0ZVN0YXRlbWVudD48c2Ft%0D%0AbDpBdHRyaWJ1dGUgTmFtZT0iZW9ubGRhcGRuIiBOYW1lRm9ybWF0PSJ1cm46b2Fz%0D%0AaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXR0cm5hbWUtZm9ybWF0OmJhc2ljIj48c2Ft%0D%0AbDpBdHRyaWJ1dGVWYWx1ZSB4c2k6dHlwZT0ieHM6c3RyaW5nIj5jbj1CMTU4NDcs%0D%0Ab3U9dXNlcnMsb3U9ZWVhLG89ZW9uLGM9ZGU8L3NhbWw6QXR0cmlidXRlVmFsdWU%2B%0D%0APC9zYW1sOkF0dHJpYnV0ZT48c2FtbDpBdHRyaWJ1dGUgTmFtZT0idWlkIiBOYW1l%0D%0ARm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXR0cm5hbWUtZm9y%0D%0AbWF0OmJhc2ljIj48c2FtbDpBdHRyaWJ1dGVWYWx1ZSB4c2k6dHlwZT0ieHM6c3Ry%0D%0AaW5nIj5CMTU4NDc8L3NhbWw6QXR0cmlidXRlVmFsdWU%2BPC9zYW1sOkF0dHJpYnV0%0D%0AZT48L3NhbWw6QXR0cmlidXRlU3RhdGVtZW50Pjwvc2FtbDpBc3NlcnRpb24%2BPC9z%0D%0AYW1scDpSZXNwb25zZT4%3D&RelayState=http%3A%2F%2Fuserportal.ect-sys.net%2F%3Fwa%3Dwsignin1.0 

提取和使用https://rnd.feide.no/simplesaml/module.php/saml2debug/debug.php

解碼
<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" Destination="http://userportal.ect-sys.net" ID="I11252B54A420403870018FAC4D9BCE982E3B4AF1" IssueInstant="2014-02-27T10:41:41Z" Version="2.0"> 
    <saml:Issuer>eon-apps.com</saml:Issuer> 
    <dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"> 
    <dsig:SignedInfo> 
     <dsig:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> 
     <dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> 
     <dsig:Reference URI="#I11252B54A420403870018FAC4D9BCE982E3B4AF1"> 
     <dsig:Transforms> 
      <dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/> 
      <dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"> 
      <ec14n:InclusiveNamespaces xmlns:ec14n="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="xs xsi"/> 
      </dsig:Transform> 
     </dsig:Transforms> 
     <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> 
     <dsig:DigestValue>xiAaNrpT002QtYtKQEEzBC4SFy4=</dsig:DigestValue> 
     </dsig:Reference> 
    </dsig:SignedInfo> 
    <dsig:SignatureValue>ZrJLOKXEYt8rfC2xomLKsSyPPNemt5HigaH2vQSs0cr6HX4LPteMkDeucNGRQDT9ZXWeH6CCR/u16cHr3jSiuEp0hUOYoIVFLLrTDvuZ+wfH198Jw3J9ygkyf8tczymjkgOqH/EnVEL94iIBCX8BJrKj+HL25S7buy0p5FpskSq+7TWtDeERcsAaZcFrWHUt4rAgjZNixXEIxM76WjcTp8s8GbaSl3EloBVQ+1voTr9vaJK8qu0nu1yRnTh0l45vKh5gnaqFSG5p9mkZbHxIGCHMDEG+g/n+54OpJzGCE6efPOucji9kn7tVL2bZFILb1umhMfYcqlxSnziAQ1P+vQ==</dsig:SignatureValue> 
    </dsig:Signature> 
    <samlp:Status> 
    <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/> 
    </samlp:Status> 
    <saml:Assertion xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" ID="A3E7741E9E015E526724FFFECFE198AEC98C3D7BA" IssueInstant="2014-02-27T10:41:41Z" Version="2.0" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> 
    <saml:Issuer>eon-apps.com</saml:Issuer> 
    <dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"> 
     <dsig:SignedInfo> 
     <dsig:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> 
     <dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> 
     <dsig:Reference URI="#A3E7741E9E015E526724FFFECFE198AEC98C3D7BA"> 
      <dsig:Transforms> 
      <dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/> 
      <dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"> 
       <ec14n:InclusiveNamespaces xmlns:ec14n="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="xs xsi"/> 
      </dsig:Transform> 
      </dsig:Transforms> 
      <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> 
      <dsig:DigestValue>okmScCUFvU6pDHtcmgyPB3j0CKI=</dsig:DigestValue> 
     </dsig:Reference> 
     </dsig:SignedInfo> 
     <dsig:SignatureValue>uvSOP2AiPSNaz7e5VynQoPsDn5YvsQsUu8G46S2a10x0kMmlcusil2SgEaeZGePJorLdvXw+U+Ntpkkl85E5bSYjImJP2ymXY08ZT/i+WiJPgBoR/8lrjKw3pNcIRxQ4tBiXx96m4VOpbTsJe4jGcW7lpRsVtreYG4G4ZNNiSUZGk9Q/5GMG2hcM9qK60PXzP7Y9q3KJAm4CZE4I6wlxYOctjtq9T5NjavPwMmWVpi2FCtmamb5ywhnsYgC7oLsbqV/tpbQgLC3UvJfNMYj1Fg0oTVt7LMugSmGx1IMUyimZCY4AL2z+hfqB+XHDuMDcy5CZZhAcJtAzHge+N3oOiw==</dsig:SignatureValue> 
    </dsig:Signature> 
    <saml:Subject> 
     <saml:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient" NameQualifier="eon-apps.com" SPNameQualifier="userportal.ect-sys.net">42d1999ca078afb8b16bf3bf0f498775a5ffc4b3</saml:NameID> 
     <saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"> 
     <saml:SubjectConfirmationData NotOnOrAfter="2014-02-27T10:43:41Z" Recipient="http://userportal.ect-sys.net"/> 
     </saml:SubjectConfirmation> 
    </saml:Subject> 
    <saml:Conditions NotBefore="2014-02-27T10:40:41Z" NotOnOrAfter="2014-02-27T10:43:41Z"> 
     <saml:AudienceRestriction> 
     <saml:Audience>userportal.ect-sys.net</saml:Audience> 
     </saml:AudienceRestriction> 
     <saml:OneTimeUse/> 
    </saml:Conditions> 
    <saml:AuthnStatement AuthnInstant="2014-02-27T10:14:49Z" SessionIndex="A3E7741E9E015E526724FFFECFE198AEC98C3D7BA" SessionNotOnOrAfter="2014-02-27T18:15:49Z"> 
     <saml:AuthnContext> 
     <saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</saml:AuthnContextClassRef> 
     </saml:AuthnContext> 
    </saml:AuthnStatement> 
    <saml:AttributeStatement> 
     <saml:Attribute Name="eonldapdn" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"> 
     <saml:AttributeValue xsi:type="xs:string">cn=B15847,ou=users,ou=eea,o=eon,c=de</saml:AttributeValue> 
     </saml:Attribute> 
     <saml:Attribute Name="uid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"> 
     <saml:AttributeValue xsi:type="xs:string">B15847</saml:AttributeValue> 
     </saml:Attribute> 
    </saml:AttributeStatement> 
    </saml:Assertion> 
</samlp:Response> 

,但是這不是給我的身份,儘管該SAML reposnse擁有令牌的有效用戶的事實。

任何想法? SAML2與.net 4.5.1集成的Web上是否有任何示例項目? 我是否需要創建一個從Saml2SecurityTokenHandler繼承的自定義SAML2ToeknHandler?

回答

3

您正在使用SAML2協議(saml2p) - .NET/WIF不支持 - 只有SAML2令牌 - 這是一個很大的區別。

+0

確定感謝你,所以這就是我在那裏感到困惑。任何建議如何我可以合併使用我有的令牌。 Thinktecture體系結構中是否有任何東西可以讓我將此令牌用於客戶端並生成身份? – Ben

+0

正如我所說 - 令牌不是問題 - 您可以使用Saml2SecurityTokenHandler來解析和驗證它。但是周圍的協議消息有自己的語法和語義(簽名等) - 需要正確處理。有商業產品處理SAML2p在.NET中(如http://www.componentspace.com/Products.aspx) – leastprivilege

+0

我希望它是開箱即用的功能,我的客戶端應用程序和索賠框架最初使用不同STS所有的工作都很好。現在我們切換到了企業STS(SAML2),我希望它只是更改發行者憑證。我想我現在在重寫客戶端應用程序和框架方面有很多工作要做。感謝您的建議和答覆 – Ben