收到错误预期消息包含 InResponseTo "id142e8231161a4246bf345d331a7b0ace",但发现 none。在 Kendor.AuthServices.MVC
Getting error Expected message to contain InResponseTo "id142e8231161a4246bf345d331a7b0ace", but found none. in Kendor.AuthServices.MVC
这是我的 web.config 文件
<configuration>
<configSections>
<section name="system.identityModel" type="System.IdentityModel.Configuration.SystemIdentityModelSection, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
<section name="system.identityModel.services" type="System.IdentityModel.Services.Configuration.SystemIdentityModelServicesSection, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
<section name="kentor.authServices" type="Kentor.AuthServices.Configuration.KentorAuthServicesSection, Kentor.AuthServices" />
</configSections>
<appSettings>
<add key="webpages:Version" value="3.0.0.0" />
<add key="webpages:Enabled" value="false" />
<add key="ClientValidationEnabled" value="true" />
<add key="UnobtrusiveJavaScriptEnabled" value="true" />
</appSettings>
<system.diagnostics>
<trace>
<listeners>
<add type="Microsoft.WindowsAzure.Diagnostics.DiagnosticMonitorTraceListener, Microsoft.WindowsAzure.Diagnostics, Version=2.8.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" name="AzureDiagnostics">
<filter type="" />
</add>
</listeners>
</trace>
</system.diagnostics>
<!--
For a description of web.config changes see http://go.microsoft.com/fwlink/?LinkId=235367.
The following attributes can be set on the <httpRuntime> tag.
<system.Web>
<httpRuntime targetFramework="4.6.1" />
</system.Web>
-->
<system.web>
<compilation debug="true" targetFramework="4.6.1" />
<httpRuntime targetFramework="4.5.2" />
<authentication mode="Forms">
<forms loginUrl="~/AuthServices/SignIn" />
</authentication>
</system.web>
<system.webServer>
<modules>
<add name="SessionAuthenticationModule" type="System.IdentityModel.Services.SessionAuthenticationModule, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" preCondition="managedHandler" />
</modules>
</system.webServer>
<kentor.authServices entityId="http://myapp.ci.01/metadata" returnUrl="http://localhost:63238/AuthServices/Acs">
<identityProviders>
<add entityId="http://myapp.ci.01/metadata"
signOnUrl="https://sso.myapp.com/issue/saml/?binding=redirect"
allowUnsolicitedAuthnResponse="true" binding="HttpRedirect">
<signingCertificate fileName="~/App_Data/MyApp.AuthServices.StubIdp.cer" />
</add>
</identityProviders>
</kentor.authServices>
<system.identityModel.services>
<federationConfiguration>
<cookieHandler requireSsl="false" name="RMInform" />
</federationConfiguration>
</system.identityModel.services>
<system.codedom>
<compilers>
<compiler language="c#;cs;csharp" extension=".cs" type="Microsoft.CodeDom.Providers.DotNetCompilerPlatform.CSharpCodeProvider, Microsoft.CodeDom.Providers.DotNetCompilerPlatform, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" warningLevel="4" compilerOptions="/langversion:6 /nowarn:1659;1699;1701" />
<compiler language="vb;vbs;visualbasic;vbscript" extension=".vb" type="Microsoft.CodeDom.Providers.DotNetCompilerPlatform.VBCodeProvider, Microsoft.CodeDom.Providers.DotNetCompilerPlatform, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" warningLevel="4" compilerOptions="/langversion:14 /nowarn:41008 /define:_MYTYPE=\"Web\" /optionInfer+" />
</compilers>
</system.codedom>
<runtime>
<assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
<dependentAssembly>
<assemblyIdentity name="WebGrease" publicKeyToken="31bf3856ad364e35" culture="neutral" />
<bindingRedirect oldVersion="0.0.0.0-1.5.2.14234" newVersion="1.5.2.14234" />
</dependentAssembly>
</assemblyBinding>
</runtime>
</configuration>
但是在登录后重定向到我的本地主机时出现错误
Server Error in '/' Application.
Expected message to contain InResponseTo
"id0dda716c55fd41bd98d4899ca3e14036", but found none.
Description: An unhandled exception occurred during the execution of
the current web request. Please review the stack trace for more
information about the error and where it originated in the code.
Exception Details:
Kentor.AuthServices.Exceptions.Saml2ResponseFailedValidationException:
Expected message to contain InResponseTo
"id0dda716c55fd41bd98d4899ca3e14036", but found none.
Source Error:
An unhandled exception was generated during the execution of the
current web request. Information regarding the origin and location of
the exception can be identified using the exception stack trace below.
Stack Trace:
[Saml2ResponseFailedValidationException: Expected message to contain
InResponseTo "id0dda716c55fd41bd98d4899ca3e14036", but found none.]
Kentor.AuthServices.Saml2P.Saml2Response.ReadAndValidateInResponseTo(XmlElement
xml, Saml2Id expectedInResponseTo) +295
Kentor.AuthServices.Saml2P.Saml2Response..ctor(XmlElement xml, Saml2Id
expectedInResponseTo) +317
Kentor.AuthServices.WebSso.AcsCommand.Run(HttpRequestData request,
IOptions options) +869
Kentor.AuthServices.Mvc.AuthServicesController.Acs() +81
lambda_method(Closure , ControllerBase , Object[] ) +87
System.Web.Mvc.ReflectedActionDescriptor.Execute(ControllerContext
controllerContext, IDictionary2 parameters) +280<br>
System.Web.Mvc.ControllerActionInvoker.InvokeActionMethod(ControllerContext
controllerContext, ActionDescriptor actionDescriptor, IDictionary2
parameters) +35
System.Web.Mvc.Async.<>c__DisplayClass42.b__41()
+33 System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeActionMethod(IAsyncResult
asyncResult) +42
System.Web.Mvc.Async.<>c__DisplayClass39.b__33()
+80 System.Web.Mvc.Async.<>c__DisplayClass4f.b__49()
+386 System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeActionMethodWithFilters(IAsyncResult
asyncResult) +42
System.Web.Mvc.Async.<>c__DisplayClass2a.b__20()
+32 System.Web.Mvc.Async.<>c__DisplayClass25.b__22(IAsyncResult
asyncResult) +185
System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeAction(IAsyncResult
asyncResult) +38
System.Web.Mvc.<>c__DisplayClass1d.b__18(IAsyncResult
asyncResult) +27
System.Web.Mvc.Async.<>c__DisplayClass4.b__3(IAsyncResult
ar) +22 System.Web.Mvc.Controller.EndExecuteCore(IAsyncResult
asyncResult) +53
System.Web.Mvc.Async.<>c__DisplayClass4.b__3(IAsyncResult
ar) +22 System.Web.Mvc.Controller.EndExecute(IAsyncResult
asyncResult) +38
System.Web.Mvc.<>c__DisplayClass8.b__3(IAsyncResult
asyncResult) +42
System.Web.Mvc.Async.<>c__DisplayClass4.b__3(IAsyncResult
ar) +22 System.Web.Mvc.MvcHandler.EndProcessRequest(IAsyncResult
asyncResult) +38
System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
+657 System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +146
这是我的 SAML 响应
<saml2p:AuthnRequest xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" ID="idcbb43fbc52b34e88b34e71fcb80c9ac8" Version="2.0" IssueInstant="2016-06-14T12:09:50Z" Destination="sso.myapp.com/issue/saml? binding=redirect" AssertionConsumerServiceURL="localhost:63238/AuthServices/Acs">; <saml2:Issuer>myapp.ci.01/metadata</saml2:Issuer>; </saml2p:AuthnRequest>
您的 Idp 似乎没有在响应消息中正确包含 inResponseTo 属性。这违反了 SAML 规范。
使用 SAML Tracer for Firefox 或 SAML DevTools for Chrome 等工具在浏览器中查看 SAML 消息。检查响应是否有一个 InResponseTo 匹配从 SP 发送的 AuthnRequest 的 Id。如果不存在,则 Idp 不正确。
或许可以在 AuthServices 中添加兼容性设置来忽略此错误。如果您需要,请在 AuthServices GitHub 问题跟踪器上提出问题进行讨论。
这是我的 web.config 文件
<configuration>
<configSections>
<section name="system.identityModel" type="System.IdentityModel.Configuration.SystemIdentityModelSection, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
<section name="system.identityModel.services" type="System.IdentityModel.Services.Configuration.SystemIdentityModelServicesSection, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
<section name="kentor.authServices" type="Kentor.AuthServices.Configuration.KentorAuthServicesSection, Kentor.AuthServices" />
</configSections>
<appSettings>
<add key="webpages:Version" value="3.0.0.0" />
<add key="webpages:Enabled" value="false" />
<add key="ClientValidationEnabled" value="true" />
<add key="UnobtrusiveJavaScriptEnabled" value="true" />
</appSettings>
<system.diagnostics>
<trace>
<listeners>
<add type="Microsoft.WindowsAzure.Diagnostics.DiagnosticMonitorTraceListener, Microsoft.WindowsAzure.Diagnostics, Version=2.8.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" name="AzureDiagnostics">
<filter type="" />
</add>
</listeners>
</trace>
</system.diagnostics>
<!--
For a description of web.config changes see http://go.microsoft.com/fwlink/?LinkId=235367.
The following attributes can be set on the <httpRuntime> tag.
<system.Web>
<httpRuntime targetFramework="4.6.1" />
</system.Web>
-->
<system.web>
<compilation debug="true" targetFramework="4.6.1" />
<httpRuntime targetFramework="4.5.2" />
<authentication mode="Forms">
<forms loginUrl="~/AuthServices/SignIn" />
</authentication>
</system.web>
<system.webServer>
<modules>
<add name="SessionAuthenticationModule" type="System.IdentityModel.Services.SessionAuthenticationModule, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" preCondition="managedHandler" />
</modules>
</system.webServer>
<kentor.authServices entityId="http://myapp.ci.01/metadata" returnUrl="http://localhost:63238/AuthServices/Acs">
<identityProviders>
<add entityId="http://myapp.ci.01/metadata"
signOnUrl="https://sso.myapp.com/issue/saml/?binding=redirect"
allowUnsolicitedAuthnResponse="true" binding="HttpRedirect">
<signingCertificate fileName="~/App_Data/MyApp.AuthServices.StubIdp.cer" />
</add>
</identityProviders>
</kentor.authServices>
<system.identityModel.services>
<federationConfiguration>
<cookieHandler requireSsl="false" name="RMInform" />
</federationConfiguration>
</system.identityModel.services>
<system.codedom>
<compilers>
<compiler language="c#;cs;csharp" extension=".cs" type="Microsoft.CodeDom.Providers.DotNetCompilerPlatform.CSharpCodeProvider, Microsoft.CodeDom.Providers.DotNetCompilerPlatform, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" warningLevel="4" compilerOptions="/langversion:6 /nowarn:1659;1699;1701" />
<compiler language="vb;vbs;visualbasic;vbscript" extension=".vb" type="Microsoft.CodeDom.Providers.DotNetCompilerPlatform.VBCodeProvider, Microsoft.CodeDom.Providers.DotNetCompilerPlatform, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" warningLevel="4" compilerOptions="/langversion:14 /nowarn:41008 /define:_MYTYPE=\"Web\" /optionInfer+" />
</compilers>
</system.codedom>
<runtime>
<assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
<dependentAssembly>
<assemblyIdentity name="WebGrease" publicKeyToken="31bf3856ad364e35" culture="neutral" />
<bindingRedirect oldVersion="0.0.0.0-1.5.2.14234" newVersion="1.5.2.14234" />
</dependentAssembly>
</assemblyBinding>
</runtime>
</configuration>
但是在登录后重定向到我的本地主机时出现错误
Server Error in '/' Application.
Expected message to contain InResponseTo "id0dda716c55fd41bd98d4899ca3e14036", but found none.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: Kentor.AuthServices.Exceptions.Saml2ResponseFailedValidationException: Expected message to contain InResponseTo "id0dda716c55fd41bd98d4899ca3e14036", but found none.
Source Error:
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.
Stack Trace:
[Saml2ResponseFailedValidationException: Expected message to contain InResponseTo "id0dda716c55fd41bd98d4899ca3e14036", but found none.]
Kentor.AuthServices.Saml2P.Saml2Response.ReadAndValidateInResponseTo(XmlElement xml, Saml2Id expectedInResponseTo) +295
Kentor.AuthServices.Saml2P.Saml2Response..ctor(XmlElement xml, Saml2Id expectedInResponseTo) +317
Kentor.AuthServices.WebSso.AcsCommand.Run(HttpRequestData request, IOptions options) +869
Kentor.AuthServices.Mvc.AuthServicesController.Acs() +81
lambda_method(Closure , ControllerBase , Object[] ) +87
System.Web.Mvc.ReflectedActionDescriptor.Execute(ControllerContext controllerContext, IDictionary2 parameters) +280<br> System.Web.Mvc.ControllerActionInvoker.InvokeActionMethod(ControllerContext controllerContext, ActionDescriptor actionDescriptor, IDictionary2 parameters) +35
System.Web.Mvc.Async.<>c__DisplayClass42.b__41() +33 System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeActionMethod(IAsyncResult asyncResult) +42
System.Web.Mvc.Async.<>c__DisplayClass39.b__33() +80 System.Web.Mvc.Async.<>c__DisplayClass4f.b__49() +386 System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeActionMethodWithFilters(IAsyncResult asyncResult) +42
System.Web.Mvc.Async.<>c__DisplayClass2a.b__20() +32 System.Web.Mvc.Async.<>c__DisplayClass25.b__22(IAsyncResult asyncResult) +185
System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeAction(IAsyncResult asyncResult) +38
System.Web.Mvc.<>c__DisplayClass1d.b__18(IAsyncResult asyncResult) +27
System.Web.Mvc.Async.<>c__DisplayClass4.b__3(IAsyncResult ar) +22 System.Web.Mvc.Controller.EndExecuteCore(IAsyncResult asyncResult) +53
System.Web.Mvc.Async.<>c__DisplayClass4.b__3(IAsyncResult ar) +22 System.Web.Mvc.Controller.EndExecute(IAsyncResult asyncResult) +38
System.Web.Mvc.<>c__DisplayClass8.b__3(IAsyncResult asyncResult) +42
System.Web.Mvc.Async.<>c__DisplayClass4.b__3(IAsyncResult ar) +22 System.Web.Mvc.MvcHandler.EndProcessRequest(IAsyncResult asyncResult) +38
System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +657 System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +146
这是我的 SAML 响应
<saml2p:AuthnRequest xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" ID="idcbb43fbc52b34e88b34e71fcb80c9ac8" Version="2.0" IssueInstant="2016-06-14T12:09:50Z" Destination="sso.myapp.com/issue/saml? binding=redirect" AssertionConsumerServiceURL="localhost:63238/AuthServices/Acs">; <saml2:Issuer>myapp.ci.01/metadata</saml2:Issuer>; </saml2p:AuthnRequest>
您的 Idp 似乎没有在响应消息中正确包含 inResponseTo 属性。这违反了 SAML 规范。
使用 SAML Tracer for Firefox 或 SAML DevTools for Chrome 等工具在浏览器中查看 SAML 消息。检查响应是否有一个 InResponseTo 匹配从 SP 发送的 AuthnRequest 的 Id。如果不存在,则 Idp 不正确。
或许可以在 AuthServices 中添加兼容性设置来忽略此错误。如果您需要,请在 AuthServices GitHub 问题跟踪器上提出问题进行讨论。