2016-06-14 4 views
0

이이 내 SAML 응답오류 받기 InResponseTo "id142e8231161a4246bf345d331a7b0ace"를 포함 할 것으로 예상되는 메시지가 있지만 찾을 수 없습니다. Kendor.AuthServices.MVC

입니다 오류를

Server Error in '/' Application.

Expected message to contain InResponseTo "id0dda716c55fd41bd98d4899ca3e14036", but found none.

Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: Kentor.AuthServices.Exceptions.Saml2ResponseFailedValidationException: Expected message to contain InResponseTo "id0dda716c55fd41bd98d4899ca3e14036", but found none.

Source Error:

An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

Stack Trace:

[Saml2ResponseFailedValidationException: Expected message to contain InResponseTo "id0dda716c55fd41bd98d4899ca3e14036", but found none.]
Kentor.AuthServices.Saml2P.Saml2Response.ReadAndValidateInResponseTo(XmlElement xml, Saml2Id expectedInResponseTo) +295
Kentor.AuthServices.Saml2P.Saml2Response..ctor(XmlElement xml, Saml2Id expectedInResponseTo) +317
Kentor.AuthServices.WebSso.AcsCommand.Run(HttpRequestData request, IOptions options) +869
Kentor.AuthServices.Mvc.AuthServicesController.Acs() +81
lambda_method(Closure , ControllerBase , Object[]) +87
System.Web.Mvc.ReflectedActionDescriptor.Execute(ControllerContext controllerContext, IDictionary 2 parameters) +280
System.Web.Mvc.ControllerActionInvoker.InvokeActionMethod(ControllerContext controllerContext, ActionDescriptor actionDescriptor, IDictionary
2 parameters) +35
System.Web.Mvc.Async.<>c__DisplayClass42.b__41() +33 System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeActionMethod(IAsyncResult asyncResult) +42
System.Web.Mvc.Async.<>c__DisplayClass39.b__33() +80 System.Web.Mvc.Async.<>c__DisplayClass4f.b__49() +386 System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeActionMethodWithFilters(IAsyncResult asyncResult) +42
System.Web.Mvc.Async.<>c__DisplayClass2a.b__20() +32 System.Web.Mvc.Async.<>c__DisplayClass25.b__22(IAsyncResult asyncResult) +185
System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeAction(IAsyncResult asyncResult) +38
System.Web.Mvc.<>c__DisplayClass1d.b__18(IAsyncResult asyncResult) +27
System.Web.Mvc.Async.<>c__DisplayClass4.b__3(IAsyncResult ar) +22 System.Web.Mvc.Controller.EndExecuteCore(IAsyncResult asyncResult) +53
System.Web.Mvc.Async.<>c__DisplayClass4.b__3(IAsyncResult ar) +22 System.Web.Mvc.Controller.EndExecute(IAsyncResult asyncResult) +38
System.Web.Mvc.<>c__DisplayClass8.b__3(IAsyncResult asyncResult) +42
System.Web.Mvc.Async.<>c__DisplayClass4.b__3(IAsyncResult ar) +22 System.Web.Mvc.MvcHandler.EndProcessRequest(IAsyncResult asyncResult) +38
System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +657 System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +146

을 내 Web.config의이

<configuration> 
    <configSections> 
     <section name="system.identityModel" type="System.IdentityModel.Configuration.SystemIdentityModelSection, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" /> 
     <section name="system.identityModel.services" type="System.IdentityModel.Services.Configuration.SystemIdentityModelServicesSection, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" /> 
     <section name="kentor.authServices" type="Kentor.AuthServices.Configuration.KentorAuthServicesSection, Kentor.AuthServices" /> 
    </configSections> 
    <appSettings> 
     <add key="webpages:Version" value="3.0.0.0" /> 
     <add key="webpages:Enabled" value="false" /> 
     <add key="ClientValidationEnabled" value="true" /> 
     <add key="UnobtrusiveJavaScriptEnabled" value="true" /> 
    </appSettings> 
    <system.diagnostics> 
     <trace> 
      <listeners> 
       <add type="Microsoft.WindowsAzure.Diagnostics.DiagnosticMonitorTraceListener, Microsoft.WindowsAzure.Diagnostics, Version=2.8.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" name="AzureDiagnostics"> 
        <filter type="" /> 
       </add> 
      </listeners> 
     </trace> 
    </system.diagnostics> 
    <!-- 
    For a description of web.config changes see http://go.microsoft.com/fwlink/?LinkId=235367. 

    The following attributes can be set on the <httpRuntime> tag. 
     <system.Web> 
     <httpRuntime targetFramework="4.6.1" /> 
     </system.Web> 
    --> 
    <system.web> 
     <compilation debug="true" targetFramework="4.6.1" /> 
     <httpRuntime targetFramework="4.5.2" /> 

     <authentication mode="Forms"> 
      <forms loginUrl="~/AuthServices/SignIn" /> 
     </authentication> 
    </system.web> 
    <system.webServer> 
     <modules> 
      <add name="SessionAuthenticationModule" type="System.IdentityModel.Services.SessionAuthenticationModule, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" preCondition="managedHandler" /> 
     </modules> 

    </system.webServer> 

    <kentor.authServices entityId="http://myapp.ci.01/metadata" returnUrl="http://localhost:63238/AuthServices/Acs"> 
     <identityProviders> 
      <add entityId="http://myapp.ci.01/metadata" 
       signOnUrl="https://sso.myapp.com/issue/saml/?binding=redirect" 
       allowUnsolicitedAuthnResponse="true" binding="HttpRedirect"> 
       <signingCertificate fileName="~/App_Data/MyApp.AuthServices.StubIdp.cer" /> 
      </add> 
     </identityProviders> 
    </kentor.authServices> 
    <system.identityModel.services> 
     <federationConfiguration> 
      <cookieHandler requireSsl="false" name="RMInform" /> 
     </federationConfiguration> 
    </system.identityModel.services> 


    <system.codedom> 
     <compilers> 
      <compiler language="c#;cs;csharp" extension=".cs" type="Microsoft.CodeDom.Providers.DotNetCompilerPlatform.CSharpCodeProvider, Microsoft.CodeDom.Providers.DotNetCompilerPlatform, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" warningLevel="4" compilerOptions="/langversion:6 /nowarn:1659;1699;1701" /> 
      <compiler language="vb;vbs;visualbasic;vbscript" extension=".vb" type="Microsoft.CodeDom.Providers.DotNetCompilerPlatform.VBCodeProvider, Microsoft.CodeDom.Providers.DotNetCompilerPlatform, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" warningLevel="4" compilerOptions="/langversion:14 /nowarn:41008 /define:_MYTYPE=\&quot;Web\&quot; /optionInfer+" /> 
     </compilers> 
    </system.codedom> 
    <runtime> 
     <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1"> 
      <dependentAssembly> 
       <assemblyIdentity name="WebGrease" publicKeyToken="31bf3856ad364e35" culture="neutral" /> 
       <bindingRedirect oldVersion="0.0.0.0-1.5.2.14234" newVersion="1.5.2.14234" /> 
      </dependentAssembly> 
     </assemblyBinding> 
    </runtime> 
</configuration> 

파일 그러나 서명 후 내 로컬 호스트로 리디렉션 동안 나는 점점 오전에

<saml2p:AuthnRequest xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" ID="idcbb43fbc52b34e88b34e71fcb80c9ac8" Version="2.0" IssueInstant="2016-06-14T12:09:50Z" Destination="sso.myapp.com/issue/saml? binding=redirect" AssertionConsumerServiceURL="localhost:63238/AuthServices/Acs">; <saml2:Issuer>myapp.ci.01/metadata</saml2:Issuer>; </saml2p:AuthnRequest> 

답변

1

Idp가 응답 메시지에 inResponseTo 속성을 제대로 포함하지 않은 것 같습니다. 이는 SAML 사양을 위반 한 것입니다.

Firefox 용 SAML Tracer 또는 Chrome 용 SAML DevTools와 같은 도구를 사용하여 브라우저에서 SAML 메시지를 봅니다. SP에서 보낸 IdInResponseToAuthnRequest과 일치하는지 확인합니다. 존재하지 않으면 Idp가 올바르지 않습니다.

AuthServices에서 호환성 설정을 추가하여이 오류를 무시할 수 있습니다. 필요한 경우 AuthServices GitHub 문제 추적기에서 문제를 열어 논의하십시오.

+0

http : //myapp.ci.01/metadata

+0

위의 내용이 SAML입니다. 응답. 그것은 InResponseTo 속성을 가지고 있지 않습니다. –

+0

또한 여기에 있습니다 : https://github.com/KentorIT/authservices/blob/master/doc/Configuration.md#allowunsolicitedauthnresponse-attribute, 그것이 진실임을 알려줌으로써 우리는 혼란에 빠질 수 있습니다. 제 경우에는 작동하지 않습니다 –