回复Azuread的URL - 如何检索Samlresponse

发布于 2025-02-13 08:47:54 字数 1225 浏览 0 评论 0原文

我有一个基于Azure AD的单个登录工作流程。我的项目是在.NET Core 6 + Sustapesys.saml2.aspnetcore2中构建的。

我可以通过Azure AD进行身份验证，也就是说：将我的电子邮件输入MS签名 - ＆GT;组织签名页 - ＆GT;验证您的身份（文本或来自Microsoft的文字） - ＆GT;重定向以回复Localhost上的URL。

我在从邮政到replyurl中获得samlreponse的问题有问题。

在网络选项卡中，我看到帖子方法到https：// localhost：5002/saml2/acs 它的状态是303（这似乎很奇怪），

           {
               options.SPOptions.EntityId = new EntityId("*");
               options.SPOptions.AuthenticateRequestSigningBehavior = Sustainsys.Saml2.Configuration.SigningBehavior.Never;
               options.SPOptions.MinIncomingSigningAlgorithm = "http://www.w3.org/2000/09/xmldsig#rsa-sha1";

               options.IdentityProviders.Add(
                 new IdentityProvider(
                   new EntityId("https://sts.windows.net/*"), options.SPOptions)
                 {
                     MetadataLocation = "https://login.microsoftonline.com/*/federationmetadata/2007-06/federationmetadata.xml?appid=*",
                 });
           });

当我从Postman中拨打帖子为“回调”时，

我得到： sustainsys.saml2.exceptions.nosamlresponsefoundexception：http请求中没有SAML2响应。

i认为我缺少某些东西，不确定

从我的角度看，它看起来像Azure AD贴上邮报，但Local主机不“抓住它”，不能调试它。

原文

I have a Single Sign-In workflow based on Azure AD.
My project is build in .NET Core 6 + Sustainsys.Saml2.AspNetCore2.

I'm able to authenticate via Azure AD, that is:
pass my Email in MS Sign in --> organisation Sign In Page -> Verify your Identity(text or call from Microsoft) -> redirect to Reply URL on localhost.

I Have a problem with getting SAMLReponse from POST to ReplyURL.

In Network tab I see POST method to https://localhost:5002/Saml2/Acs
Status of this is 303(this seems to be odd)

           {
               options.SPOptions.EntityId = new EntityId("*");
               options.SPOptions.AuthenticateRequestSigningBehavior = Sustainsys.Saml2.Configuration.SigningBehavior.Never;
               options.SPOptions.MinIncomingSigningAlgorithm = "http://www.w3.org/2000/09/xmldsig#rsa-sha1";

               options.IdentityProviders.Add(
                 new IdentityProvider(
                   new EntityId("https://sts.windows.net/*"), options.SPOptions)
                 {
                     MetadataLocation = "https://login.microsoftonline.com/*/federationmetadata/2007-06/federationmetadata.xml?appid=*",
                 });
           });

When I call POST to 'callback' from Postman I get:

Sustainsys.Saml2.Exceptions.NoSamlResponseFoundException: No Saml2 Response found in the http request.

I think I'm missing something, not sure what

From my perspective it's look like Azure AD do POST to RepluURL, but localhost do not 'catch it', can't debug it.

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

萤火眠眠 2025-02-20 08:47:54

我看到2件事缺少。

需要加载元数据
returnurl未在spoptions中设置

           {
               options.SPOptions.EntityId = new EntityId("*");
               options.SPOptions.AuthenticateRequestSigningBehavior = Sustainsys.Saml2.Configuration.SigningBehavior.Never;
               options.SPOptions.MinIncomingSigningAlgorithm = "http://www.w3.org/2000/09/xmldsig#rsa-sha1";
               
               //specify a location to navigate to after succesful authentication
               options.SPOptions.ReturnUrl = new Uri("https://localhost:5002");
                    
               options.IdentityProviders.Add(
                 new IdentityProvider(
                   new EntityId("https://sts.windows.net/*"), options.SPOptions)
                 {
                     MetadataLocation = "https://login.microsoftonline.com/*/federationmetadata/2007-06/federationmetadata.xml?appid=*",
                     //Load metadata
                     LoadMetadata = true
                 });
           });

I see 2 things missing.

Need to load the metadata
ReturnURL not set in SPOptions

           {
               options.SPOptions.EntityId = new EntityId("*");
               options.SPOptions.AuthenticateRequestSigningBehavior = Sustainsys.Saml2.Configuration.SigningBehavior.Never;
               options.SPOptions.MinIncomingSigningAlgorithm = "http://www.w3.org/2000/09/xmldsig#rsa-sha1";
               
               //specify a location to navigate to after succesful authentication
               options.SPOptions.ReturnUrl = new Uri("https://localhost:5002");
                    
               options.IdentityProviders.Add(
                 new IdentityProvider(
                   new EntityId("https://sts.windows.net/*"), options.SPOptions)
                 {
                     MetadataLocation = "https://login.microsoftonline.com/*/federationmetadata/2007-06/federationmetadata.xml?appid=*",
                     //Load metadata
                     LoadMetadata = true
                 });
           });

回复收藏 0 原文

~没有更多了~