Kentor HTTPModule- ADFS登录SAMLResponse错误 [英] Kentor HTTPModule- ADFS Login SAMLResponse ERROR
问题描述
在我们的ASP.Net项目中,我使用的是 Kentor.AuthServices.HTTPModule
并配置了ADFS。
In our ASP.Net project, I am using Kentor.AuthServices.HTTPModule
and have configured ADFS.
已将SAML断言使用者绑定指定为重定向,将Trusted-URL指定为 ourSiteUrl。
Have given the SAML Assertion Consumer Binding as "redirect" and Trusted-URL as "ourSiteUrl".
ADFS登录成功后,它将重定向到 ourSiteURL / AuthServices / Acs?SAMLResponse = ...
并它会引发异常
After ADFS login is successful, it will redirect to ourSiteURL/AuthServices/Acs?SAMLResponse=...
and it throws an Exception
Kentor.AuthServices.Exceptions.InvalidSignatureException:无法
验证来自未知发件人
的邮件签名win-3obaenpbsol.dc10.inapp.com/adfs/services/trust。
Kentor.AuthServices.Exceptions.InvalidSignatureException: Cannot verify signature of message from unknown sender win-3obaenpbsol.dc10.inapp.com/adfs/services/trust.
此问题的原因是什么?
What could be the reason for this issue?
推荐答案
原因是AuthServices无法识别实体ID win-3obaenpbsol.dc10.inapp的IDp。 com / adfs / services / trust
。
The reason is that AuthServices does not recognize the Idp with entity id win-3obaenpbsol.dc10.inapp.com/adfs/services/trust
.
我还看到您在将响应发送到AuthServices时正在使用重定向绑定,支持的。这是需要在ADFS端进行更改的设置。
I also see that you are using the Redirect binding when sending the response to AuthServices, which is not supported. That is a setting you need to change on the ADFS side.
要使配置更容易,请使用元数据。 AuthServices支持导入ADFS元数据,并且AuthServices生成ADFS可以在 ourSiteURL / AuthServices /
使用的元数据。
To make configuration easier, please use metadata. AuthServices supports importing ADFS metadata and AuthServices generates metadata that ADFS can consume at ourSiteURL/AuthServices/
.
这篇关于Kentor HTTPModule- ADFS登录SAMLResponse错误的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!