使用OKTA SAML2.0成功登录后，HttpContext.GetOwinContext().Authentication.GetExternalLoginInfoAsync()始终返回NULL [英] HttpContext.GetOwinContext().Authentication.GetExternalLoginInfoAsync() always return null after successfully login using OKTA SAML2.0

问题描述

我目前正在尝试让Okta使用我们基于ASP.NETMVC4.7的应用程序。我观察到Okta登录成功但不幸的是在身份验证(接受SAML响应)质询后，ExternalLoginCallback被调用，然后检查Okta信息是否存在以用于自己的身份验证，但它总是返回NULL引用ExternalLoginCallback方法。或https://github.com/bvillanueva-mdsol/OktaSaml2OwinSample/issues/1作为代码基，并且还在Git集线器中为各自的所有者引发了问题。

     <add key="ApplicationBaseUri" value="https://localhost:2687" />
  <add key="IdentityProviderIssuer" value="http://www.okta.com/exk3js0t73vBlN4Vq5d7" />
  <add key="IdentityProviderSsoUri" value="https://dev-00349616.okta.com/app/dev-00349616_httpslocalhost2687signinsaml_1/exk3js0t73vBlN4Vq5d7/sso/saml" />


 

public void Configuration(IAppBuilder app)
    {
        app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);
        app.UseCookieAuthentication(new CookieAuthenticationOptions
        {
            AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
            LoginPath = new PathString("/Account/Login"),
            AuthenticationMode = AuthenticationMode.Active
        });
        
        app.UseSaml2Authentication(CreateSaml2Options());
    }

    private static Saml2AuthenticationOptions CreateSaml2Options()
    {
        var applicationBaseUri = new Uri(ConfigurationManager.AppSettings["ApplicationBaseUri"]);
        var saml2BaseUri = new Uri(applicationBaseUri, "saml2");
        var identityProviderIssuer = ConfigurationManager.AppSettings["IdentityProviderIssuer"];
        var identityProviderSsoUri = new Uri(ConfigurationManager.AppSettings["IdentityProviderSsoUri"]);

        var Saml2Options = new Saml2AuthenticationOptions(false)
        {
            SPOptions = new SPOptions
            {
                EntityId = new EntityId(saml2BaseUri.AbsoluteUri),
                
                ReturnUrl = applicationBaseUri
                
            }
        };

        var identityProvider = new IdentityProvider(new EntityId(identityProviderIssuer), Saml2Options.SPOptions)
        {
            AllowUnsolicitedAuthnResponse = true,
            Binding = Saml2BindingType.HttpRedirect,
            SingleSignOnServiceUrl = identityProviderSsoUri
        };

        identityProvider.SigningKeys.AddConfiguredKey(
            new X509Certificate2(
                HostingEnvironment.MapPath(
                    "~/App_Data/okta.cert")));

        Saml2Options.IdentityProviders.Add(identityProvider);

        return Saml2Options;
    }

Account Controller.cs文件

 [AllowAnonymous]
    public ActionResult Login(string returnUrl)
    {
        //ControllerContext.HttpContext.Session.RemoveAll();
        return new Saml2ChallengeResult(Url.Action("ExternalLoginCallback", "Account", new { ReturnUrl = returnUrl }));
    }

    [AllowAnonymous]
    public async Task<ActionResult> ExternalLoginCallback(string returnUrl)
    {
        var loginInfo = await  HttpContext.GetOwinContext().Authentication.GetExternalLoginInfoAsync();
        if (loginInfo == null) // always return null 
        {
            return RedirectToAction("LoginError");
        }

        var identity = new ClaimsIdentity(loginInfo.ExternalIdentity.Claims,
            DefaultAuthenticationTypes.ApplicationCookie);
        var authProps = new AuthenticationProperties
        {
            IsPersistent = true,
            ExpiresUtc = DateTime.UtcNow.AddMinutes(1)
        };            
        HttpContext.GetOwinContext().Authentication.SignIn(authProps, identity);

        return RedirectToLocal(returnUrl);
    }

    [AllowAnonymous]
    public ActionResult LoginError()
    {
        return Content("Error Logging in!");
    }

    private IAuthenticationManager AuthenticationManager =>
        HttpContext.GetOwinContext().Authentication;

    private ActionResult RedirectToLocal(string returnUrl)
    {
        if (Url.IsLocalUrl(returnUrl))
        {
            return Redirect(returnUrl);
        }
        return RedirectToAction("Index", "Home");
    }

    internal class Saml2ChallengeResult : HttpUnauthorizedResult
    {
        public string RedirectUri { get; set; }

        public Saml2ChallengeResult(string redirectUri)
        {
            RedirectUri = redirectUri;
        }
        
        public override void ExecuteResult(ControllerContext context)
        {
            context.RequestContext.HttpContext.Response.SuppressFormsAuthenticationRedirect = true;

            var properties = new AuthenticationProperties { RedirectUri = RedirectUri };
            context.HttpContext.GetOwinContext().Authentication.Challenge(properties, "Saml2");
        }
    }
}

推荐答案

解决方案与我错过的正确步骤更相关。

1. 代码完全正确，可以正常工作

为了运行该应用程序，我们在bin文件夹中放置了Roslyn文件夹，并且不小心从RUUNING https://localhost:44376应用程序中复制了Roslyn文件夹。我们不应将罗斯林文件夹从正在运行的应用程序复制粘贴到https://localhost:2687.

线索： 令人惊讶的是，IIS显示有2个应用程序正在运行，甚至关闭了https://localhost:44376 Visual Studio应用程序。

现在我正在从Okta获取登录信息详细信息

这篇关于使用OKTA SAML2.0成功登录后，HttpContext.GetOwinContext().Authentication.GetExternalLoginInfoAsync()始终返回NULL的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！