在MVC5 .NET框架的工作耗费4.5 Saml2.0(Saml2.0令牌是由F5 BIGIP工具生成) [英] Consuming Saml2.0 in MVC5 .net frame work 4.5 (Saml2.0 token is generated by F5 BigIp tool)
问题描述
Web应用程序的当前状态:
我们在AngularJs,MVC5设计现有的Web应用程序。验证正在发生的事情对我们的自定义数据库。
Current State of web application: We have an existing web application designed in AngularJs, MVC5. Authentication is happening against our custom database.
签到的:
我们没有乘坐过Microsoft.AspNet.Identity.UserManager和其他源类谈谈我们的数据库来获取用户的相关信息。
加入结果System.Security.Claims.ClaimsIdentity。
SignIn: We did over ride Microsoft.AspNet.Identity.UserManager and other source classes to talk to our database to get user related information. adding the results to System.Security.Claims.ClaimsIdentity.
传递到Microsoft.Owin.Security.IAuthenticationManager.SignIn(PARAMS System.Security.Claims.ClaimsIdentity []身份)
Passing on to "Microsoft.Owin.Security.IAuthenticationManager.SignIn(params System.Security.Claims.ClaimsIdentity[] identities)
我需要SSO:
愿我们的auhentication移到SSO与SAML 2.0令牌,因为我们正计划2个新的供应商整合到我们的web应用程序
What I need SSO: We would like to move the auhentication to SSO with SAML 2.0 token as we are planning to integrate 2 new vendors into our web application
的身份提供程序:
我们正在实施F5 BIG叶身份提供者,通过提供登录页面确实验证并生成令牌SAML2。我们的web应用程序将被配置为服务提供商。在重定向到Web应用程序,将通上saml2.0令牌。
Identity Provider: We are implementing Identity provider in F5 Big Ip which does the authentication by providing the login page and generates the saml2 token. Our web application would be configured as Service provider. On redirect to the web application it will pass on the saml2.0 token.
在MVC的.NET Framework消费SAML2.0 4.5.2
我所有的应用程序将需要的是消费saml2.0令牌,并与现有的身份验证管道进行整合。
的可以做的事:的
从身份提供者的元数据具有公共密钥解密saml2.0令牌和以及被用于签署的元数据文件的键
Consuming SAML2.0 in MVC .net framework 4.5.2 All my application would need is to consume saml2.0 token and integrate with existing authentication pipeline. Things to do: Meta data from Identity provider has public key to decrypt saml2.0 token and as well a key which is used to sign the meta data file
我的假设是解析请求的SAML 2.0令牌并验证该令牌是有效的,从属性的使用数据,并查询详细信息数据库,将结果插入System.Security.Claims.ClaimsIdentity和使用现有的登入操作。
需要弄清楚如何配置原则..而我们还需要Microsoft.AspNet.Identity.UserManager。
My assumption would be parse the request for SAML 2.0 token and verify if the token is valid and use the data from the attributes and query the database for more details and insert the results into "System.Security.Claims.ClaimsIdentity" and use the existing signin operation. Need to figure out how to configure the principle.. and do we still need Microsoft.AspNet.Identity.UserManager.
研究:
在Visual Studio中,我们有身份和访问工具,它从犯规存在vs2013。
通过Windows标识基础文章接着和索赔的身份原则
WWW。codeproject.com /用品/ 504399 /了解-Windows的身份基金会WIF
Research: In visual studio we had identity and access tool which doesnt exist from vs2013. Went through the article on windows identity foundation and claims identity principle www.codeproject.com/Articles/504399/Understanding-Windows-Identity-Foundation-WIF
我知道WIF支持saml2.0令牌而不是SAML2协议。
I know wif support saml2.0 token but not saml2 protocols.
下面是建议使用的第三方工具
http://nzpcmad.blogspot.co.nz/2013 /06/saml-saml-connectivity-toolkit.html
Here are the third party tools that was suggested to be used http://nzpcmad.blogspot.co.nz/2013/06/saml-saml-connectivity-toolkit.html
我不知道只是消耗,我需要使用的工具之一吗?正如我们在F5 BIGIP配置,而不是我们的IDP设计.NET
I am not sure just to consume do I need to used one of the tool? As we have our IDP configured in F5 bigip and not designed in .net
另外一个很好的文章,我发现
<一href=\"http://www.primaryobjects.com/2013/08/08/using-single-sign-on-with-windows-identity-foundation-in-mvc-net/\" rel=\"nofollow\">http://www.primaryobjects.com/2013/08/08/using-single-sign-on-with-windows-identity-foundation-in-mvc-net/
Another good article I found http://www.primaryobjects.com/2013/08/08/using-single-sign-on-with-windows-identity-foundation-in-mvc-net/
也看了有关Saml2SecurityTokenHandler一些建议来处理saml2.0令牌。
Also saw some suggestions about Saml2SecurityTokenHandler to process saml2.0 token.
我AP preciate如果有人能指点我简单的解决方案集成到现有的web应用程序。只需要消耗saml2.0令牌,并与现有的基于声明的身份验证集成。
I appreciate if someone can direct me to simpler solution to integrate to my existing web app. Just need to consume saml2.0 token and integrate with existing claims based authentication.
推荐答案
确定 - 那么你必须使用SAML栈按照你使用的链接
OK - then you have to use a SAML stack as per the link you used.
看一看Kentor - 有网站上的一些例子再加上我做了一个写的高达
Have a look at Kentor - there's some examples on the site plus I did a write up
更新:
SAML的工作方式是,客户端需要一个AuthnRequest发送到IDP,则用户认证,然后对IDP发送AuthnResponse到客户端。响应包含SAML令牌包含断言(索赔)。
The way SAML works is that the client needs to send an AuthnRequest to the IDP, then the user authenticates and then the IDP sends a AuthnResponse to the client. The response contains the SAML token which contains the assertions (claims).
这篇关于在MVC5 .NET框架的工作耗费4.5 Saml2.0(Saml2.0令牌是由F5 BIGIP工具生成)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
