服务提供商 ComponenetSpace 身份提供商 ADFS 2.0 在为 .Net 应用程序启用 SSO 时出现问题答案

【问题标题】：Service Provider ComponenetSpace Identity Provider ADFS 2.0 Issue in in enabling SSO for .Net Application服务提供商 ComponenetSpace 身份提供商 ADFS 2.0 在为 .Net 应用程序启用 SSO 时出现问题
【发布时间】：2013-08-27 08:55:01
【问题描述】：

我正在为现有的 .net 应用程序启用 SSO。我使用组件空间 SAML 2.0 组件作为服务提供者 (SP) 和 ADFS 2.0 作为身份提供者 (IdP) 我在不同的服务上配置了 ADFS，并且 SP 在不同的服务器上。我正在启动 SP InitiateSSO 被调用并且浏览器被重定向到 IdP url并根据中继方 url 返回给 SP。

尝试获取时：

SAMLServiceProvider.ReceiveSSO(Request, out isInResponseTo, out partnerIdP, out userName, out attributes, out targetUrl);

它说“未配置合作伙伴身份提供者http://sp.com/adfs/services/trust”。

在提琴手中，我收到了以下电话。

/login.aspx?ReturnUrl=%2fDefault.aspx
/ ADFS / LS /？SAMLRequest = 7b0HYBxJliUmL23Ke39K9UrX4HShCIBgEyTYkEAQ7MGIzeaS7B1pRyMpqyqBymVWZV1mFkDM7Z28995777333nvvvfe6O51OJ％2FFF％2Fz9cZmQBbPbOStrJniGAqsgfP358Hz8iHjfZolw9Ol638％2BWr％2FBet86ZNz55％2B9tHvf％2F5gOr032d3bPp％2Fszbb3Z5％2FubR9MHxxs7％2BUP9mezncn93cnso％2FQn87opquVnH％2B2Ndz5Kz5pmnZ8tmzZbtvTRzu697R1648GbnQeP9u892r0％2F3n9w8FMfpU％2Bpl2KZtfzmvG1Xj％2B7eLZZtnc2KfDGeVou72ey8uVs2dz9Kn1X1NGf0PvvoPCubHN28zJqmuMztJy％2Frqq2mVfmkWM6K5cVnH63r5aMqa4rm0TJb5M2jdvro9fEXzx8Rmo8m0qh59O03b15uv％2Fzy9ZuP0uOmyWvgc1Itm％2FUir1％2Fn9WUxzb969VwwbAjFWb6oxiGeAHp36OVx1qzefZS％2BW5TL5hHTeTNiKx3FR0c8K4 ％2BYnLX3％2FubXM4PGR0fDGD％2B％2B64E％2B0tl％2FQbDOnr6symJ6DYIvsna4q93xLn9SzLbPuemj9bJZ5dPivMiJI47Lsro6qfOspelp6zXNzt0j6TVks6P％2FBw％3D％3D＆SigAlg = HTTP％3A％2F％2Fwww.w3.org％2F2000％2F09％2Fxmldsig％23rsa-SHA1＆签名= rXOfg3K3D87RobofnuU5xXfBbYYIlHOeNf3IkOrLVekTycKWW7foBAKeBuatyyaCZwnmZMWJiMOGU87P4NOy0YXGdO3F5VhvZ9ZGLxK74GWrTOvWmvY％2Fa4z％2FrGRv6TkNRRMdy6rZS5sBn％2B1aQx0bzlPwAMwaCVbIU％2FQxTJa4zok %3D
/ ADFS / LS / AUTH /集成的/？SAMLRequest = 7b0HYBxJliUmL23Ke39K9UrX4HShCIBgEyTYkEAQ7MGIzeaS7B1pRyMpqyqBymVWZV1mFkDM7Z28995777333nvvvfe6O51OJ％2FFF％2Fz9cZmQBbPbOStrJniGAqsgfP358Hz8iHjfZolw9Ol638％2BWr％2FBet86ZNz55％2B9tHvf％2F5gOr032d3bPp％2Fszbb3Z5％2FubR9MHxxs7％2BUP9mezncn93cnso％2FQn87opquVnH％2B2Ndz5Kz5pmnZ8tmzZbtvTRzu697R1648GbnQeP9u892r0％2F3n9w8FMfpU％2Bpl2KZtfzmvG1Xj％2B7eLZZtnc2KfDGeVou72ey8uVs2dz9Kn1X1NGf0PvvoPCubHN28zJqmuMztJy％2Frqq2mVfmkWM6K5cVnH63r5aMqa4rm0TJb5M2jdvro9fEXzx8Rmo8m0qh59O03b15uv％2Fzy9ZuP0uOmyWvgc1Itm％2FUir1 ％2Fn9WUxzb969VwwbAjFWb6oxiGeAHp36OVx1qzefZS％2BW5TL5hHTeTNiKx3FR0c8K4％2BYnLX3％2FubXM4PGR0fDGD％2B％2B64E％2B0tl％2FQbDOnr6symJ6DYIvsna4q93xLn9SzLbPuemj9bJZ5dPivMiJI47Lsro6qfOspelp6zXNzt0j6TVks6P％2FBw％3D％3D＆SigAlg = HTTP％3A％2F％2Fwww.w3.org％2F2000％2F09％2Fxmldsig％23rsa-SHA1＆签名= rXOfg3K3D87RobofnuU5xXfBbYYIlHOeNf3IkOrLVekTycKWW7foBAKeBuatyyaCZwnmZMWJiMOGU87P4NOy0YXGdO3F5VhvZ9ZGLxK74GWrTOvWmvY％2Fa4z％2FrGRv6TkNRRMdy6rZS5sBn %2B1aQx0bzlPwAMwaCVbIU%2FQxTJa4zok%3D
/SAML/AssertionConsumerService.aspx

堆栈轨迹

[SAMLException: The partner identity provider http:// sp.com/adfs/services/trust is not configured.]
  ComponentSpace.SAML2.Configuration.SAMLConfiguration.GetPartnerIdentityProvider(String name) in c:\Sandboxes\ComponentSpace\SAMLv20\Library\Configuration\SAMLConfiguration.cs:245
  ComponentSpace.SAML2.SAMLServiceProvider.ReceiveSSO(HttpRequest httpRequest, Boolean& isInResponseTo, String& partnerIdP, String& userName, SAMLAttribute[]& attributes, String& relayState) in c:\Sandboxes\ComponentSpace\SAMLv20\Library\SAMLServiceProvider.cs:664
  ComponentSpace.SAML2.SAMLServiceProvider.ReceiveSSO(HttpRequest httpRequest, Boolean& isInResponseTo, String& partnerIdP, String& userName, IDictionary`2& attributes, String& relayState) in c:\Sandboxes\ComponentSpace\SAMLv20\Library\SAMLServiceProvider.cs:637
  ExampleServiceProvider.SAML.AssertionConsumerService.Page_Load(Object sender, EventArgs e) in C:\Program Files (x86)\ComponentSpace SAML v2.0 for .NET\Examples\SSO\HighLevelAPI\WebForms\ExampleServiceProvider\SAML\AssertionConsumerService.aspx.cs:28
  System.Web.Util.CalliHelper.EventArgFunctionCaller(IntPtr fp, Object o, Object t, EventArgs e) +25
  System.Web.Util.CalliEventHandlerDelegateProxy.Callback(Object sender, EventArgs e) +42
  System.Web.UI.Control.OnLoad(EventArgs e) +132
  System.Web.UI.Control.LoadRecursive() +66
  System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +2428

ADFS 配置为：

<PartnerIdentityProvider Name="https://sp.com/adfs/services/trust"
   SignAuthnRequest="true"
   WantSAMLResponseSigned="false"
   WantAssertionSigned="false"
   WantAssertionEncrypted="false"
   UseEmbeddedCertificate="true"
   SingleSignOnServiceUrl="http://sp.com/adfs/ls/"/ >

服务提供者配置如下：

<SAMLConfiguration xmlns="urn:componentspace:SAML:2.0:configuration">
<ServiceProvider Name="https://demo.sp.com"
   AssertionConsumerServiceUrl="~/SAML/AssertionConsumerService.aspx"
   CertificateFile="sp.pfx"
   CertificatePassword="password" />

我遇到的错误：

Server Error in '/' Application.
The partner identity provider http:// sp.com/adfs/services/trust is not configured. Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code. 

Exception Details: ComponentSpace.SAML2.Exceptions.SAMLException: The partner identity provider http:// sp.com/adfs/services/trust is not configured.

【问题讨论】：

标签： single-sign-on claims-based-identity saml-2.0 adfs2.0 federated-identity

【解决方案1】：

我通过更改身份验证顺序解决了这个问题。

http://social.technet.microsoft.com/wiki/contents/articles/1600.ad-fs-2-0-how-to-change-the-local-authentication-type.aspx

现在它的工作。 :-)

【讨论】：

【解决方案2】：

ComponentSpace 实际抛出如下错误：

合作伙伴身份提供者http://sp.com/adfs/services/trust 是未配置

这是因为您在<appSettings /> 中的PartnerSP 键和您在<PartnerIdentityProvider /> 中的Name 属性不匹配：

saml.config：

<PartnerIdentityProvider Name="https://sp.com/adfs/services/trust" ... />

Web.config：

<appSettings>
    <add key="PartnerSP" value="http://sp.com/adfs/services/trust />
    ...
</appSettings>

PartnerIdentityProvider 的名称应设置为：http://sp.com/adfs/services/trust

【讨论】：