ITfoxtec.Identity.Saml2 URI无效问题 [英] ITfoxtec.Identity.Saml2 Invalid URI Issue
本文介绍了ITfoxtec.Identity.Saml2 URI无效问题的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
当我为我的Okta SAML实现使用<TargetFramework>net462</TargetFramework>时,这会抛出一个无效的URL,但在我第一次尝试在netcoreapp3.1上使用这段代码时,它工作得非常好。如果我错过了什么,请告诉我,谢谢。
[HttpGet, AllowAnonymous]
public IActionResult Index(string returnUrl = null)
{
try
{
var config = GetSAMLConfig();
var binding = new Saml2RedirectBinding();
binding.SetRelayStateQuery(new Dictionary<string, string> { { relayStateReturnUrl, returnUrl ?? Url.Content("~/") } });
var request = new Saml2AuthnRequest(config);
return binding.Bind(request).ToActionResult();
}
catch (Exception e)
{
Console.WriteLine(e);
throw;
}
}
private Saml2Configuration GetSAMLConfig()
{
var config = new Saml2Configuration();
config.AllowedAudienceUris.Add("Okta_SAML_Example");
config.CertificateValidationMode = X509CertificateValidationMode.ChainTrust;
config.RevocationMode = X509RevocationMode.NoCheck;
var entityDescriptor = new EntityDescriptor();
entityDescriptor.ReadIdPSsoDescriptorFromUrl(new Uri("https://---------.okta.com/app/exk2b0b7dibno7rOB5d6/sso/saml/metadata"));
if (entityDescriptor.IdPSsoDescriptor != null)
{
config.SingleSignOnDestination = entityDescriptor.IdPSsoDescriptor.SingleSignOnServices.First().Location;
config.SignatureValidationCertificates.AddRange(entityDescriptor.IdPSsoDescriptor.SigningCertificates);
}
else
{
throw new Exception("IdPSsoDescriptor not loaded from metadata.");
}
return config;
}
实际异常
System.UriFormatException: Invalid URI: The format of the URI could not be determined.
at System.Uri.CreateThis(String uri, Boolean dontEscape, UriKind uriKind)
at ITfoxtec.Identity.Saml2.Configuration.Saml2IdentityConfiguration.GetAudienceRestriction(Boolean audienceRestricted, IEnumerable`1 allowedAudienceUris)
at ITfoxtec.Identity.Saml2.Configuration.Saml2IdentityConfiguration.GetIdentityConfiguration(Saml2Configuration config)
at ITfoxtec.Identity.Saml2.Saml2Request..ctor(Saml2Configuration config)
at ITfoxtec.Identity.Saml2.Saml2AuthnRequest..ctor(Saml2Configuration config)
at SAMLNet461.Controllers.HomeController.Index(String returnUrl) in D:REPOPELICANLOCALSAML.RND - CompanyAcccounts adjustmentSAML.DemoSAMLNet461ControllersHomeController.cs:line 69
at lambda_method(Closure , Object , Object[] )
at Microsoft.AspNetCore.Mvc.Internal.ActionMethodExecutor.SyncActionResultExecutor.Execute(IActionResultTypeMapper mapper, ObjectMethodExecutor executor, Object controller, Object[] arguments)
at Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker.<InvokeActionMethodAsync>d__12.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker.<InvokeNextActionFilterAsync>d__10.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker.Rethrow(ActionExecutedContext context)
at Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted)
at Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker.<InvokeInnerFilterAsync>d__13.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at Microsoft.AspNetCore.Mvc.Internal.ResourceInvoker.<InvokeNextResourceFilter>d__23.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at Microsoft.AspNetCore.Mvc.Internal.ResourceInvoker.Rethrow(ResourceExecutedContext context)
at Microsoft.AspNetCore.Mvc.Internal.ResourceInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted)
at Microsoft.AspNetCore.Mvc.Internal.ResourceInvoker.<InvokeFilterPipelineAsync>d__18.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.AspNetCore.Mvc.Internal.ResourceInvoker.<InvokeAsync>d__16.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.AspNetCore.Builder.RouterMiddleware.<Invoke>d__4.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.AspNetCore.StaticFiles.StaticFileMiddleware.<Invoke>d__7.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddleware.<Invoke>d__7.MoveNext()
推荐答案
代码看起来正确。
可能是TLS版本问题。
另一种解决方案是下载代码中的元数据并将元数据字符串添加到ITfoxtec Identity SAML 2.0库中:
var idPMetadataXml = "... downloaded metadata ...";
var entityDescriptor = new EntityDescriptor();
entityDescriptorReadIdPSsoDescriptor(idPMetadataXml);
...
更新:
该错误似乎与受众限制有关:
config.AllowedAudienceUris.Add("Okta_SAML_Example");
受众必须是.NET框架应用程序中的URI。纯文本字符串仅在.NET Core和.NET 5.0中受支持。
.NET框架示例:https://github.com/ITfoxtec/ITfoxtec.Identity.Saml2/tree/master/test/TestWebApp
这篇关于ITfoxtec.Identity.Saml2 URI无效问题的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
