【问题标题】:Sustainsys.Saml2 not setting same site = noneSustainsys.Saml2 未设置相同站点 = 无
【发布时间】:2020-02-07 18:09:10
【问题描述】:

我们正在使用 v2.4 Sustainsys.saml2 库,无法让软件设置 chrome 80 所需的相同站点 = none 标志。我们在事件查看器中收到错误(转载如下)

我们正在使用 .net V4.7.2 、windows server 2012 r2 和 IIS。我们的 IdP 尚未针对此问题实施修复。这有关系吗?

Log Name:      Application
Source:        ASP.NET 4.0.30319.0
Date:          2/7/2020 9:43:02 AM
Event ID:      1309
Task Category: Web Event
Level:         Warning
Keywords:      Classic
User:          N/A
Computer:      WSATPWEB02
Description:
Event code: 3005 
Event message: An unhandled exception has occurred. 
Event time: 2/7/2020 9:43:02 AM 
Event time (UTC): 2/7/2020 4:43:02 PM 
Event ID: 5319961cdc244a7fb390e1d5d01d9014 
Event sequence: 21 
Event occurrence: 3 
Event detail code: 0 





Exception information: 
    Exception type: NullReferenceException 
    Exception message: Object reference not set to an instance of an object.
   at Sustainsys.Saml2.SameSiteHelper.DisallowsSameSiteNone(String userAgent)
   at Sustainsys.Saml2.SameSiteHelper.EmitSameSiteNone(String userAgent)
   at Sustainsys.Saml2.Configuration.Saml2Notifications.<>c.<.ctor>b__64_3(String userAgent)
   at Sustainsys.Saml2.HttpModule.Saml2AuthenticationModule.OnAuthenticateRequest(Object sender, EventArgs e)
   at System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
   at System.Web.HttpApplication.ExecuteStepImpl(IExecutionStep step)
   at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)



Request information: 
    Request URL: https://testportal.myatphub.ca:443/Saml2/SignIn?ReturnUrl=/Authservices 
    Request path: /Saml2/SignIn 
    User host address: 10.254.9.72 
    User:  
    Is authenticated: False 
    Authentication Type:  
    Thread account name: IIS APPPOOL\DefaultAppPool 

Thread information: 
    Thread ID: 53 
    Thread account name: IIS APPPOOL\DefaultAppPool 
    Is impersonating: False 
    Stack trace:    at Sustainsys.Saml2.SameSiteHelper.DisallowsSameSiteNone(String userAgent)
   at Sustainsys.Saml2.SameSiteHelper.EmitSameSiteNone(String userAgent)
   at Sustainsys.Saml2.Configuration.Saml2Notifications.<>c.<.ctor>b__64_3(String userAgent)
   at Sustainsys.Saml2.HttpModule.Saml2AuthenticationModule.OnAuthenticateRequest(Object sender, EventArgs e)
   at System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
   at System.Web.HttpApplication.ExecuteStepImpl(IExecutionStep step)
   at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)


Custom event details: 

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="ASP.NET 4.0.30319.0" />
    <EventID Qualifiers="32768">1309</EventID>
    <Level>3</Level>
    <Task>3</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2020-02-07T16:43:02.000000000Z" />
    <EventRecordID>101086</EventRecordID>
    <Channel>Application</Channel>
    <Computer>WSATPWEB02</Computer>
    <Security />
  </System>
  <EventData>
    <Data>3005</Data>
    <Data>An unhandled exception has occurred.</Data>
    <Data>2/7/2020 9:43:02 AM</Data>
    <Data>2/7/2020 4:43:02 PM</Data>
    <Data>5319961cdc244a7fb390e1d5d01d9014</Data>
    <Data>21</Data>
    <Data>3</Data>
    <Data>0</Data>
    <Data>/LM/W3SVC/1/ROOT-2-132255671020333604</Data>
    <Data>Full</Data>
    <Data>/</Data>
    <Data>C:\inetpub\wwwroot\</Data>
    <Data>WSATPWEB02</Data>
    <Data>
    </Data>
    <Data>1864</Data>
    <Data>w3wp.exe</Data>
    <Data>IIS APPPOOL\DefaultAppPool</Data>
    <Data>NullReferenceException</Data>
    <Data>Object reference not set to an instance of an object.
   at Sustainsys.Saml2.SameSiteHelper.DisallowsSameSiteNone(String userAgent)
   at Sustainsys.Saml2.SameSiteHelper.EmitSameSiteNone(String userAgent)
   at Sustainsys.Saml2.Configuration.Saml2Notifications.&lt;&gt;c.&lt;.ctor&gt;b__64_3(String userAgent)
   at Sustainsys.Saml2.HttpModule.Saml2AuthenticationModule.OnAuthenticateRequest(Object sender, EventArgs e)
   at System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
   at System.Web.HttpApplication.ExecuteStepImpl(IExecutionStep step)
   at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean&amp; completedSynchronously)

</Data>
    <Data>https://testportal.myatphub.ca:443/Saml2/SignIn?ReturnUrl=/Authservices</Data>
    <Data>/Saml2/SignIn</Data>
    <Data>10.254.9.72</Data>
    <Data>
    </Data>
    <Data>False</Data>
    <Data>
    </Data>
    <Data>IIS APPPOOL\DefaultAppPool</Data>
    <Data>53</Data>
    <Data>IIS APPPOOL\DefaultAppPool</Data>
    <Data>False</Data>
    <Data>   at Sustainsys.Saml2.SameSiteHelper.DisallowsSameSiteNone(String userAgent)
   at Sustainsys.Saml2.SameSiteHelper.EmitSameSiteNone(String userAgent)
   at Sustainsys.Saml2.Configuration.Saml2Notifications.&lt;&gt;c.&lt;.ctor&gt;b__64_3(String userAgent)
   at Sustainsys.Saml2.HttpModule.Saml2AuthenticationModule.OnAuthenticateRequest(Object sender, EventArgs e)
   at System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
   at System.Web.HttpApplication.ExecuteStepImpl(IExecutionStep step)
   at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean&amp; completedSynchronously)
</Data>
  </EventData>
</Event>

【问题讨论】:

    标签: sustainsys-saml2 samesite


    【解决方案1】:

    这看起来像是库中的一个错误,但您可以在代码中解决它。

    问题在于EmitSameSiteNone 通知的默认实现。您能否连接您自己的实现,看看是否可以解决问题?请求标头中是否存在用户代理字符串?

    【讨论】:

    • 用户代理作为 null 进来
    猜你喜欢
    • 1970-01-01
    • 1970-01-01
    • 2020-12-16
    • 2020-12-13
    • 1970-01-01
    • 1970-01-01
    • 1970-01-01
    • 2020-02-07
    相关资源
    最近更新 更多