Kentor HTTPModule- ADFS登录SAMLResponse错误 [英] Kentor HTTPModule- ADFS Login SAMLResponse ERROR

问题描述

在我们的ASP.Net项目中，我使用的是 Kentor.AuthServices.HTTPModule 并配置了ADFS。

In our ASP.Net project, I am using Kentor.AuthServices.HTTPModule and have configured ADFS.

已将SAML断言使用者绑定指定为重定向，将Trusted-URL指定为 ourSiteUrl。

Have given the SAML Assertion Consumer Binding as "redirect" and Trusted-URL as "ourSiteUrl".

ADFS登录成功后，它将重定向到 ourSiteURL / AuthServices / Acs？SAMLResponse = ... 并它会引发异常

After ADFS login is successful, it will redirect to ourSiteURL/AuthServices/Acs?SAMLResponse=... and it throws an Exception

Kentor.AuthServices.Exceptions.InvalidSignatureException：无法
验证来自未知发件人
的邮件签名win-3obaenpbsol.dc10.inapp.com/adfs/services/trust。

Kentor.AuthServices.Exceptions.InvalidSignatureException: Cannot verify signature of message from unknown sender win-3obaenpbsol.dc10.inapp.com/adfs/services/trust.

此问题的原因是什么？

What could be the reason for this issue?

推荐答案

原因是AuthServices无法识别实体ID win-3obaenpbsol.dc10.inapp的IDp。 com / adfs / services / trust 。

The reason is that AuthServices does not recognize the Idp with entity id win-3obaenpbsol.dc10.inapp.com/adfs/services/trust.

我还看到您在将响应发送到AuthServices时正在使用重定向绑定，支持的。这是需要在ADFS端进行更改的设置。

I also see that you are using the Redirect binding when sending the response to AuthServices, which is not supported. That is a setting you need to change on the ADFS side.

要使配置更容易，请使用元数据。 AuthServices支持导入ADFS元数据，并且AuthServices生成ADFS可以在 ourSiteURL / AuthServices / 使用的元数据。

To make configuration easier, please use metadata. AuthServices supports importing ADFS metadata and AuthServices generates metadata that ADFS can consume at ourSiteURL/AuthServices/.

这篇关于Kentor HTTPModule- ADFS登录SAMLResponse错误的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！