从SamlResponse读取中继状态 [英] Reading relaystate from a SamlResponse
问题描述
我们将SustainSys.Saml2与IdentityServer4一起使用.
We are using SustainSys.Saml2 with IdentityServer4.
我们在此问题中概述了以下流程工作收到OneLogin的SAML响应后如何维护returnurl
We have the following flow working outlined in this question How to maintain returnurl after receiving SAML response from OneLogin
当我们在重定向到OneLogin验证用户并发送SamlResponse之前发出 ChallengeAsync 时,我们看到AuthenticationProperties传递给SustatinSys库代码,并且它具有relayData和returnPath设置,但是当OneLogin发回给我们时,中继状态不是我们指定的returnurl/relayData.我们认为这是从此处 https://github生成的值.com/Sustainsys/Saml2/blob/master/Sustainsys.Saml2/RelayStateGenerator.cs 作为SamlAuthenticationRequest创建的一部分.
When we issue a ChallengeAsync just before we are redirected to OneLogin to verify our user and send a SamlResponse back we see our AuthenticationProperties get passed to SustatinSys library code and it has relayData and a returnPath set but when OneLogin posts back to us the relaystate is not the returnurl/relayData we specified. We believe it is a value generated from here https://github.com/Sustainsys/Saml2/blob/master/Sustainsys.Saml2/RelayStateGenerator.cs as part of the SamlAuthenticationRequest creation.
应该将我们创建的中继数据传递给SamlAuthenticationRequest,以便一旦作为SamlResponse的一部分成功登录后就可以读取它,或者我们做错了什么,需要在其他位置设置一些选项才能读取中继状态?/p>
Should that be passing the relaydata that we created to SamlAuthenticationRequest so that we can read it once successfully logged in as part of the SamlResponse or are we doing something wrong and need to set some options elsewhere so we can read the relaystate?
推荐答案
您传递给AuthenticationProperty的relayData和returnPath将在对Idp的调用期间保留在加密的cookie中.实际的Saml2交换中的RelayState是一个随机字符串,也就是cookie的名称.处理Saml响应后,将读取cookie的内容并还原AuthenticationProperty(包括ReturnUrl).
The relayData and returnPath that you pass in to AuthenticationProperties are preserved in an encrypted cookie during the call to the Idp. The RelayState in the actual Saml2 exchange is a random string, that is also the name of the cookie. When the Saml response is processed, the contents of the cookie are read and the AuthenticationProperties are restored (including the ReturnUrl).
这篇关于从SamlResponse读取中继状态的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
