ITfoxtec.Identity.Saml2 URI无效问题

ITfoxtec.Identity.Saml2 Invalid URI Issue(ITfoxtec.Identity.Saml2 URI无效问题)

本文介绍了ITfoxtec.Identity.Saml2 URI无效问题的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

当我为我的Okta SAML实现使用<TargetFramework>net462</TargetFramework>时,这会抛出一个无效的URL,但在我第一次尝试在netcoreapp3.1上使用这段代码时,它工作得非常好。如果我错过了什么,请告诉我,谢谢。

[HttpGet, AllowAnonymous]
    public IActionResult Index(string returnUrl = null)
    {
        try
        {
            var config = GetSAMLConfig();
            var binding = new Saml2RedirectBinding();
            binding.SetRelayStateQuery(new Dictionary<string, string> { { relayStateReturnUrl, returnUrl ?? Url.Content("~/") } });
            var request = new Saml2AuthnRequest(config);
            return binding.Bind(request).ToActionResult();
        }
        catch (Exception e)
        {
            Console.WriteLine(e);
            throw;
        }
    }

   private Saml2Configuration GetSAMLConfig()
    {
        var config = new Saml2Configuration();
        config.AllowedAudienceUris.Add("Okta_SAML_Example");
        config.CertificateValidationMode = X509CertificateValidationMode.ChainTrust;
        config.RevocationMode = X509RevocationMode.NoCheck;

        var entityDescriptor = new EntityDescriptor();
        entityDescriptor.ReadIdPSsoDescriptorFromUrl(new Uri("https://---------.okta.com/app/exk2b0b7dibno7rOB5d6/sso/saml/metadata"));
        if (entityDescriptor.IdPSsoDescriptor != null)
        {
            config.SingleSignOnDestination = entityDescriptor.IdPSsoDescriptor.SingleSignOnServices.First().Location;
            config.SignatureValidationCertificates.AddRange(entityDescriptor.IdPSsoDescriptor.SigningCertificates);
        }
        else
        {
            throw new Exception("IdPSsoDescriptor not loaded from metadata.");
        }

        return config;
    }

实际异常

System.UriFormatException: Invalid URI: The format of the URI could not be determined.
   at System.Uri.CreateThis(String uri, Boolean dontEscape, UriKind uriKind)
   at ITfoxtec.Identity.Saml2.Configuration.Saml2IdentityConfiguration.GetAudienceRestriction(Boolean audienceRestricted, IEnumerable`1 allowedAudienceUris)
   at ITfoxtec.Identity.Saml2.Configuration.Saml2IdentityConfiguration.GetIdentityConfiguration(Saml2Configuration config)
   at ITfoxtec.Identity.Saml2.Saml2Request..ctor(Saml2Configuration config)
   at ITfoxtec.Identity.Saml2.Saml2AuthnRequest..ctor(Saml2Configuration config)
   at SAMLNet461.Controllers.HomeController.Index(String returnUrl) in D:REPOPELICANLOCALSAML.RND - CompanyAcccounts adjustmentSAML.DemoSAMLNet461ControllersHomeController.cs:line 69
   at lambda_method(Closure , Object , Object[] )
   at Microsoft.AspNetCore.Mvc.Internal.ActionMethodExecutor.SyncActionResultExecutor.Execute(IActionResultTypeMapper mapper, ObjectMethodExecutor executor, Object controller, Object[] arguments)
   at Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker.<InvokeActionMethodAsync>d__12.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker.<InvokeNextActionFilterAsync>d__10.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker.Rethrow(ActionExecutedContext context)
   at Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted)
   at Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker.<InvokeInnerFilterAsync>d__13.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at Microsoft.AspNetCore.Mvc.Internal.ResourceInvoker.<InvokeNextResourceFilter>d__23.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at Microsoft.AspNetCore.Mvc.Internal.ResourceInvoker.Rethrow(ResourceExecutedContext context)
   at Microsoft.AspNetCore.Mvc.Internal.ResourceInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted)
   at Microsoft.AspNetCore.Mvc.Internal.ResourceInvoker.<InvokeFilterPipelineAsync>d__18.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.AspNetCore.Mvc.Internal.ResourceInvoker.<InvokeAsync>d__16.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.AspNetCore.Builder.RouterMiddleware.<Invoke>d__4.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.AspNetCore.StaticFiles.StaticFileMiddleware.<Invoke>d__7.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddleware.<Invoke>d__7.MoveNext()

推荐答案

代码看起来正确。

可能是TLS版本问题。

另一种解决方案是下载代码中的元数据并将元数据字符串添加到ITfoxtec Identity SAML 2.0库中:

var idPMetadataXml = "... downloaded metadata ...";
var entityDescriptor = new EntityDescriptor();
entityDescriptorReadIdPSsoDescriptor(idPMetadataXml);
...

更新:

该错误似乎与受众限制有关:

config.AllowedAudienceUris.Add("Okta_SAML_Example"); 

受众必须是.NET框架应用程序中的URI。纯文本字符串仅在.NET Core和.NET 5.0中受支持。

.NET框架示例:https://github.com/ITfoxtec/ITfoxtec.Identity.Saml2/tree/master/test/TestWebApp

这篇关于ITfoxtec.Identity.Saml2 URI无效问题的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持编程学习网!

本文标题为:ITfoxtec.Identity.Saml2 URI无效问题

基础教程推荐