ITfoxtec - ADFS SAML2 根据验证程序,远程证书无效
ITfoxtec - ADFS SAML2 The remote certificate is invalid according to the validation procedure
我是 SAML2 身份验证的新手,尝试过使用 ITfoxtec。当我 运行 我的应用程序
时出现此错误
AuthenticationException: The remote certificate is invalid according
to the validation procedure.
System.Net.Security.SslStream.StartSendAuthResetSignal(ProtocolToken
message, AsyncProtocolRequest asyncRequest, ExceptionDispatchInfo
exception)
HttpRequestException: The SSL connection could not be established, see
inner exception.
System.Net.Http.ConnectHelper.EstablishSslConnectionAsyncCore(Stream
stream, SslClientAuthenticationOptions sslOptions, CancellationToken
cancellationToken)
WebException: The SSL connection could not be established, see inner
exception. The remote certificate is invalid according to the
validation procedure. System.Net.HttpWebRequest.GetResponse()
我正在使用使用 OpenSSL 生成的证书,并将 pfx 证书安装在 MMC 的受信任根 CA 存储中。我不确定为什么它仍然导致我出错。我还已经将该应用程序添加为我的 ADFS 中的依赖信任方。## 标题 ##
这是我的 StartUp.cs
的片段
services.Configure<Saml2Configuration>(Configuration.GetSection("Saml2"));
services.Configure<Saml2Configuration>(saml2Configuration =>
{
//saml2Configuration.SignAuthnRequest = true;
saml2Configuration.SigningCertificate = CertificateUtil.Load(Configuration["Saml2:SigningCertificateFile"], Configuration["Saml2:SigningCertificatePassword"]);
//saml2Configuration.SigningCertificate = CertificateUtil.Load(AppEnvironment.MapToPhysicalFilePath(Configuration["Saml2:SigningCertificateFile"]), Configuration["Saml2:SigningCertificatePassword"]);
var entityDescriptor = new EntityDescriptor();
entityDescriptor.ReadIdPSsoDescriptorFromUrl(new Uri(Configuration["Saml2:IdPMetadata"]));
if (entityDescriptor.IdPSsoDescriptor != null)
{
saml2Configuration.AllowedIssuer = entityDescriptor.EntityId;
saml2Configuration.SingleSignOnDestination = entityDescriptor.IdPSsoDescriptor.SingleSignOnServices.First().Location;
saml2Configuration.SingleLogoutDestination = entityDescriptor.IdPSsoDescriptor.SingleLogoutServices.First().Location;
saml2Configuration.SignatureValidationCertificates.AddRange(entityDescriptor.IdPSsoDescriptor.SigningCertificates);
if (entityDescriptor.IdPSsoDescriptor.WantAuthnRequestsSigned.HasValue)
{
saml2Configuration.SignAuthnRequest = entityDescriptor.IdPSsoDescriptor.WantAuthnRequestsSigned.Value;
}
}
else
{
throw new Exception("IdPSsoDescriptor not loaded from metadata.");
}
});
services.AddSaml2();
这是我的 appsettings.json
"Saml2": {
"IdPMetadata": "adfs url/FederationMetadata/2007-06/FederationMetadata.xml",
"Issuer": "saml_Example",
"SingleSignOnDestination": "http://adfs url/adfs/ls/",
"SignatureAlgorithm": "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256",
"SigningCertificateFile": "cert.pfx",
"SigningCertificatePassword": "pw",
"CertificateValidationMode": "None",
"RevocationMode": "NoCheck"
},
根据错误,您的 machine/server 不信任 AD FS SSL/TLS 证书。
您已配置 "IdPMetadata": "adfs url/FederationMetadata/2007-06/FederationMetadata.xml"。它应该是一个真正的 URL 就像 https://....
我是 SAML2 身份验证的新手,尝试过使用 ITfoxtec。当我 运行 我的应用程序
时出现此错误AuthenticationException: The remote certificate is invalid according to the validation procedure. System.Net.Security.SslStream.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, ExceptionDispatchInfo exception)
HttpRequestException: The SSL connection could not be established, see inner exception. System.Net.Http.ConnectHelper.EstablishSslConnectionAsyncCore(Stream stream, SslClientAuthenticationOptions sslOptions, CancellationToken cancellationToken)
WebException: The SSL connection could not be established, see inner exception. The remote certificate is invalid according to the validation procedure. System.Net.HttpWebRequest.GetResponse()
我正在使用使用 OpenSSL 生成的证书,并将 pfx 证书安装在 MMC 的受信任根 CA 存储中。我不确定为什么它仍然导致我出错。我还已经将该应用程序添加为我的 ADFS 中的依赖信任方。## 标题 ##
这是我的 StartUp.cs
的片段 services.Configure<Saml2Configuration>(Configuration.GetSection("Saml2"));
services.Configure<Saml2Configuration>(saml2Configuration =>
{
//saml2Configuration.SignAuthnRequest = true;
saml2Configuration.SigningCertificate = CertificateUtil.Load(Configuration["Saml2:SigningCertificateFile"], Configuration["Saml2:SigningCertificatePassword"]);
//saml2Configuration.SigningCertificate = CertificateUtil.Load(AppEnvironment.MapToPhysicalFilePath(Configuration["Saml2:SigningCertificateFile"]), Configuration["Saml2:SigningCertificatePassword"]);
var entityDescriptor = new EntityDescriptor();
entityDescriptor.ReadIdPSsoDescriptorFromUrl(new Uri(Configuration["Saml2:IdPMetadata"]));
if (entityDescriptor.IdPSsoDescriptor != null)
{
saml2Configuration.AllowedIssuer = entityDescriptor.EntityId;
saml2Configuration.SingleSignOnDestination = entityDescriptor.IdPSsoDescriptor.SingleSignOnServices.First().Location;
saml2Configuration.SingleLogoutDestination = entityDescriptor.IdPSsoDescriptor.SingleLogoutServices.First().Location;
saml2Configuration.SignatureValidationCertificates.AddRange(entityDescriptor.IdPSsoDescriptor.SigningCertificates);
if (entityDescriptor.IdPSsoDescriptor.WantAuthnRequestsSigned.HasValue)
{
saml2Configuration.SignAuthnRequest = entityDescriptor.IdPSsoDescriptor.WantAuthnRequestsSigned.Value;
}
}
else
{
throw new Exception("IdPSsoDescriptor not loaded from metadata.");
}
});
services.AddSaml2();
这是我的 appsettings.json
"Saml2": {
"IdPMetadata": "adfs url/FederationMetadata/2007-06/FederationMetadata.xml",
"Issuer": "saml_Example",
"SingleSignOnDestination": "http://adfs url/adfs/ls/",
"SignatureAlgorithm": "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256",
"SigningCertificateFile": "cert.pfx",
"SigningCertificatePassword": "pw",
"CertificateValidationMode": "None",
"RevocationMode": "NoCheck"
},
根据错误,您的 machine/server 不信任 AD FS SSL/TLS 证书。
您已配置 "IdPMetadata": "adfs url/FederationMetadata/2007-06/FederationMetadata.xml"。它应该是一个真正的 URL 就像 https://....