使用asp.net使用Fedlet进行ADFS SSO身份验证时出错 [英] Getting error while ADFS SSO authentication using Fedlet using asp.net

问题描述

我想使用Fedlet为ADFS 2.0实现SSO.

Fedlet(SP)使用HTTP POST绑定启动单一登录时出现以下错误

由于扩展元数据中的签名证书别名为空或未知，因此无法对XML进行签名.

我正在使用sp.xml文件中的以下部分

I want to implement SSO for ADFS 2.0 using Fedlet.

I am getting following error while Fedlet (SP) initiated Single Sign-On using HTTP POST binding

XML can not be signed due to either empty or unknown signature certificate alias in extended metadata.

I am using following part in the sp.xml file

    <SPSSODescriptor AuthnRequestsSigned="true" WantAssertionsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
		<KeyDescriptor use="signing">
            <dsig:KeyInfo xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
                <dsig:X509Data>
                    <dsig:X509Certificate>
                        30 82 01 0a 02 82 01 01 00 86 8b 27 30 03 35 3a 07 3a 20 96 d6 ed f4 b3 17 92 a0 d0 78 21 90 72 e3 26 9e bf 79 25 ee 56 ae e6 5b 0d 84 21 02 18 9b d3 df 55 8c 31 b0 6c bd 60 d4 d9 6e 4b 16 f6 96 34 e2 df 97 7e 0a 43 be e7 cc a3 7a 9c b9 d5 5a a0 8d fa 19 62 c8 85 58 ca 39 a7 51 57 94 6a bd 83 b1 03 ec 40 d1 6a 83 ac 48 9b 22 3d 7c 47 eb 75 a7 e3 2f 10 26 aa 51 31 56 9a bf 98 df bc b5 b2 a0 61 31 8d 18 26 cc fd 07 65 1c 4a fc 0a 32 6e 19 44 43 63 d6 b3 80 de f0 f6 83 a1 14 89 df ad 46 7d 0e c0 a7 86 77 95 08 12 9c f6 19 17 85 e1 b6 25 b0 04 2c 48 e4 27 21 fb 8f 42 91 33 95 57 6e 7c 50 13 93 91 ac 59 f5 7a 31 9e 83 8e bd 6a fd 56 79 8e 84 80 e2 04 9e 1a 85 15 79 5b 60 92 1a ac 90 13 9b 66 f5 e6 f7 d0 2a 2c 7d 23 71 15 53 bf 9c 3e c4 5c 6a b6 60 15 a1 14 03 e5 06 22 45 d7 bb 57 53 17 17 02 03 01 00 01

                    </dsig:X509Certificate>
                    <dsig:X509IssuerSerial>
                        <dsig:X509IssuerName>CN = ADFS Signing - site details.com</dsig:X509IssuerName>
                        <!--<dsig:X509SerialNumber>?a9 a3 d3 07 9d 1d 13 ba 79 7b 06 06 94 97 04 cc f6 fb 91 e3</dsig:X509SerialNumber>-->
                    </dsig:X509IssuerSerial>
                    <dsig:X509SubjectName>CN = ADFS Signing - site details.com</dsig:X509SubjectName>
                </dsig:X509Data>
            </dsig:KeyInfo>
</KeyDescriptor>

身份提供者(IdP)和服务提供者(SP)是否都需要SSL.我们在Idp端拥有有效的SSL证书，但在SP端没有有效的SSL证书.此问题是由于SSL证书引起的吗?

Is SSL is required for both Identity Provider(IdP) and Service provider(SP). We have active SSL certificate at Idp side but no active SSL at SP side. Is this problem is due to SSL certificate?

推荐答案

是，需要SP边证书.我对OpenAM进行了同样的操作，这是必需的.

Yes SP side certificate would be required. I did same with OpenAM and there it was required.

这篇关于使用asp.net使用Fedlet进行ADFS SSO身份验证时出错的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！