使用OKTA SAML2.0成功登录后,HttpContext.GetOwinContext().Authentication.GetExternalLoginInfoAsync()始终返回NULL [英] HttpContext.GetOwinContext().Authentication.GetExternalLoginInfoAsync() always return null after successfully login using OKTA SAML2.0
本文介绍了使用OKTA SAML2.0成功登录后,HttpContext.GetOwinContext().Authentication.GetExternalLoginInfoAsync()始终返回NULL的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我目前正在尝试让Okta使用我们基于ASP.NETMVC4.7的应用程序。我观察到Okta登录成功但不幸的是在身份验证(接受SAML响应)质询后,ExternalLoginCallback被调用,然后检查Okta信息是否存在以用于自己的身份验证,但它总是返回NULL引用ExternalLoginCallback方法。或https://github.com/bvillanueva-mdsol/OktaSaml2OwinSample/issues/1作为代码基,并且还在Git集线器中为各自的所有者引发了问题。
<add key="ApplicationBaseUri" value="https://localhost:2687" />
<add key="IdentityProviderIssuer" value="http://www.okta.com/exk3js0t73vBlN4Vq5d7" />
<add key="IdentityProviderSsoUri" value="https://dev-00349616.okta.com/app/dev-00349616_httpslocalhost2687signinsaml_1/exk3js0t73vBlN4Vq5d7/sso/saml" />
public void Configuration(IAppBuilder app)
{
app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/Account/Login"),
AuthenticationMode = AuthenticationMode.Active
});
app.UseSaml2Authentication(CreateSaml2Options());
}
private static Saml2AuthenticationOptions CreateSaml2Options()
{
var applicationBaseUri = new Uri(ConfigurationManager.AppSettings["ApplicationBaseUri"]);
var saml2BaseUri = new Uri(applicationBaseUri, "saml2");
var identityProviderIssuer = ConfigurationManager.AppSettings["IdentityProviderIssuer"];
var identityProviderSsoUri = new Uri(ConfigurationManager.AppSettings["IdentityProviderSsoUri"]);
var Saml2Options = new Saml2AuthenticationOptions(false)
{
SPOptions = new SPOptions
{
EntityId = new EntityId(saml2BaseUri.AbsoluteUri),
ReturnUrl = applicationBaseUri
}
};
var identityProvider = new IdentityProvider(new EntityId(identityProviderIssuer), Saml2Options.SPOptions)
{
AllowUnsolicitedAuthnResponse = true,
Binding = Saml2BindingType.HttpRedirect,
SingleSignOnServiceUrl = identityProviderSsoUri
};
identityProvider.SigningKeys.AddConfiguredKey(
new X509Certificate2(
HostingEnvironment.MapPath(
"~/App_Data/okta.cert")));
Saml2Options.IdentityProviders.Add(identityProvider);
return Saml2Options;
}
Account Controller.cs文件
[AllowAnonymous]
public ActionResult Login(string returnUrl)
{
//ControllerContext.HttpContext.Session.RemoveAll();
return new Saml2ChallengeResult(Url.Action("ExternalLoginCallback", "Account", new { ReturnUrl = returnUrl }));
}
[AllowAnonymous]
public async Task<ActionResult> ExternalLoginCallback(string returnUrl)
{
var loginInfo = await HttpContext.GetOwinContext().Authentication.GetExternalLoginInfoAsync();
if (loginInfo == null) // always return null
{
return RedirectToAction("LoginError");
}
var identity = new ClaimsIdentity(loginInfo.ExternalIdentity.Claims,
DefaultAuthenticationTypes.ApplicationCookie);
var authProps = new AuthenticationProperties
{
IsPersistent = true,
ExpiresUtc = DateTime.UtcNow.AddMinutes(1)
};
HttpContext.GetOwinContext().Authentication.SignIn(authProps, identity);
return RedirectToLocal(returnUrl);
}
[AllowAnonymous]
public ActionResult LoginError()
{
return Content("Error Logging in!");
}
private IAuthenticationManager AuthenticationManager =>
HttpContext.GetOwinContext().Authentication;
private ActionResult RedirectToLocal(string returnUrl)
{
if (Url.IsLocalUrl(returnUrl))
{
return Redirect(returnUrl);
}
return RedirectToAction("Index", "Home");
}
internal class Saml2ChallengeResult : HttpUnauthorizedResult
{
public string RedirectUri { get; set; }
public Saml2ChallengeResult(string redirectUri)
{
RedirectUri = redirectUri;
}
public override void ExecuteResult(ControllerContext context)
{
context.RequestContext.HttpContext.Response.SuppressFormsAuthenticationRedirect = true;
var properties = new AuthenticationProperties { RedirectUri = RedirectUri };
context.HttpContext.GetOwinContext().Authentication.Challenge(properties, "Saml2");
}
}
}
推荐答案
解决方案与我错过的正确步骤更相关。
- 代码完全正确,可以正常工作
线索: 令人惊讶的是,IIS显示有2个应用程序正在运行,甚至关闭了https://localhost:44376 Visual Studio应用程序。
现在我正在从Okta获取登录信息详细信息
这篇关于使用OKTA SAML2.0成功登录后,HttpContext.GetOwinContext().Authentication.GetExternalLoginInfoAsync()始终返回NULL的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文