当前位置: 动力学知识库 > 问答 > 编程问答 >

single sign on - Service Provider ComponenetSpace Identity Provider ADFS 2.0 Issue in in enabling SSO for .Net Application

问题描述:

I am enabling SSO for an existing .net application. I am using componentspace SAML 2.0 component as service provider(SP) and ADFS 2.0 as identity provider(IdP) i have configured ADFS on different service and SP is on different server.I am launching SP InitiateSSO is called and browser get redirected to IdP url and based on the relay party url its returned back to SP.

When trying to get:

SAMLServiceProvider.ReceiveSSO(Request, out isInResponseTo, out partnerIdP, out userName, out attributes, out targetUrl);

its saying "The partner identity provider http://sp.com/adfs/services/trust is not configured".

in fiddler I am getting following calls.

  • /login.aspx?ReturnUrl=%2fDefault.aspx
  • /adfs/ls/?SAMLRequest=7b0HYBxJliUmL23Ke39K9UrX4HShCIBgEyTYkEAQ7MGIzeaS7B1pRyMpqyqBymVWZV1mFkDM7Z28995777333nvvvfe6O51OJ%2Fff%2Fz9cZmQBbPbOStrJniGAqsgfP358Hz8iHjfZolw9Ol638%2BWr%2FBet86ZNz55%2B9tHvf%2F5gOr032d3bPp%2Fszbb3Z5%2FubR9MHxxs7%2BUP9mezncn93cnso%2FQn87opquVnH%2B2Ndz5Kz5pmnZ8tmzZbtvTRzu697R1648GbnQeP9u892r0%2F3n9w8FMfpU%2Bpl2KZtfzmvG1Xj%2B7eLZZtnc2KfDGeVou72ey8uVs2dz9Kn1X1NGf0PvvoPCubHN28zJqmuMztJy%2Frqq2mVfmkWM6K5cVnH63r5aMqa4rm0TJb5M2jdvro9fEXzx8Rmo8m0qh59O03b15uv%2Fzy9ZuP0uOmyWvgc1Itm%2FUir1%2Fn9WUxzb969VwwbAjFWb6oxiGeAHp36OVx1qzefZS%2BW5TL5hHTeTNiKx3FR0c8K4%2BYnLX3%2FubXM4PGR0fDGD%2B%2B64E%2B0tl%2FQbDOnr6symJ6DYIvsna4q93xLn9SzLbPuemj9bJZ5dPivMiJI47Lsro6qfOspelp6zXNzt0j6TVks6P%2FBw%3D%3D&SigAlg=http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23rsa-sha1&Signature=rXOfg3K3D87RobofnuU5xXfBbYYIlHOeNf3IkOrLVekTycKWW7foBAKeBuatyyaCZwnmZMWJiMOGU87P4NOy0YXGdO3F5VhvZ9ZGLxK74GWrTOvWmvY%2Fa4z%2FrGRv6TkNRRMdy6rZS5sBn%2B1aQx0bzlPwAMwaCVbIU%2FQxTJa4zok%3D
  • /adfs/ls/auth/integrated/?SAMLRequest=7b0HYBxJliUmL23Ke39K9UrX4HShCIBgEyTYkEAQ7MGIzeaS7B1pRyMpqyqBymVWZV1mFkDM7Z28995777333nvvvfe6O51OJ%2Fff%2Fz9cZmQBbPbOStrJniGAqsgfP358Hz8iHjfZolw9Ol638%2BWr%2FBet86ZNz55%2B9tHvf%2F5gOr032d3bPp%2Fszbb3Z5%2FubR9MHxxs7%2BUP9mezncn93cnso%2FQn87opquVnH%2B2Ndz5Kz5pmnZ8tmzZbtvTRzu697R1648GbnQeP9u892r0%2F3n9w8FMfpU%2Bpl2KZtfzmvG1Xj%2B7eLZZtnc2KfDGeVou72ey8uVs2dz9Kn1X1NGf0PvvoPCubHN28zJqmuMztJy%2Frqq2mVfmkWM6K5cVnH63r5aMqa4rm0TJb5M2jdvro9fEXzx8Rmo8m0qh59O03b15uv%2Fzy9ZuP0uOmyWvgc1Itm%2FUir1%2Fn9WUxzb969VwwbAjFWb6oxiGeAHp36OVx1qzefZS%2BW5TL5hHTeTNiKx3FR0c8K4%2BYnLX3%2FubXM4PGR0fDGD%2B%2B64E%2B0tl%2FQbDOnr6symJ6DYIvsna4q93xLn9SzLbPuemj9bJZ5dPivMiJI47Lsro6qfOspelp6zXNzt0j6TVks6P%2FBw%3D%3D&SigAlg=http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23rsa-sha1&Signature=rXOfg3K3D87RobofnuU5xXfBbYYIlHOeNf3IkOrLVekTycKWW7foBAKeBuatyyaCZwnmZMWJiMOGU87P4NOy0YXGdO3F5VhvZ9ZGLxK74GWrTOvWmvY%2Fa4z%2FrGRv6TkNRRMdy6rZS5sBn%2B1aQx0bzlPwAMwaCVbIU%2FQxTJa4zok%3D
  • /SAML/AssertionConsumerService.aspx

Stack track

[SAMLException: The partner identity provider http:// sp.com/adfs/services/trust is not configured.]

ComponentSpace.SAML2.Configuration.SAMLConfiguration.GetPartnerIdentityProvider(String name) in c:\Sandboxes\ComponentSpace\SAMLv20\Library\Configuration\SAMLConfiguration.cs:245

ComponentSpace.SAML2.SAMLServiceProvider.ReceiveSSO(HttpRequest httpRequest, Boolean& isInResponseTo, String& partnerIdP, String& userName, SAMLAttribute[]& attributes, String& relayState) in c:\Sandboxes\ComponentSpace\SAMLv20\Library\SAMLServiceProvider.cs:664

ComponentSpace.SAML2.SAMLServiceProvider.ReceiveSSO(HttpRequest httpRequest, Boolean& isInResponseTo, String& partnerIdP, String& userName, IDictionary`2& attributes, String& relayState) in c:\Sandboxes\ComponentSpace\SAMLv20\Library\SAMLServiceProvider.cs:637

ExampleServiceProvider.SAML.AssertionConsumerService.Page_Load(Object sender, EventArgs e) in C:\Program Files (x86)\ComponentSpace SAML v2.0 for .NET\Examples\SSO\HighLevelAPI\WebForms\ExampleServiceProvider\SAML\AssertionConsumerService.aspx.cs:28

System.Web.Util.CalliHelper.EventArgFunctionCaller(IntPtr fp, Object o, Object t, EventArgs e) +25

System.Web.Util.CalliEventHandlerDelegateProxy.Callback(Object sender, EventArgs e) +42

System.Web.UI.Control.OnLoad(EventArgs e) +132

System.Web.UI.Control.LoadRecursive() +66

System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +2428

ADFS Configuration is:

<PartnerIdentityProvider Name="https://sp.com/adfs/services/trust"

SignAuthnRequest="true"

WantSAMLResponseSigned="false"

WantAssertionSigned="false"

WantAssertionEncrypted="false"

UseEmbeddedCertificate="true"

SingleSignOnServiceUrl="http://sp.com/adfs/ls/"/ >

Service provider configuration are as:

<SAMLConfiguration xmlns="urn:componentspace:SAML:2.0:configuration">

<ServiceProvider Name="https://demo.sp.com"

AssertionConsumerServiceUrl="~/SAML/AssertionConsumerService.aspx"

CertificateFile="sp.pfx"

CertificatePassword="password" />

ERROR that i am getting in:

Server Error in '/' Application.

The partner identity provider http:// sp.com/adfs/services/trust is not configured. Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: ComponentSpace.SAML2.Exceptions.SAMLException: The partner identity provider http:// sp.com/adfs/services/trust is not configured.

网友答案:

I got that problem resolved by changing the order of authentication.

http://social.technet.microsoft.com/wiki/contents/articles/1600.ad-fs-2-0-how-to-change-the-local-authentication-type.aspx

Now its working. :-)

网友答案:

The following error is actually thrown by ComponentSpace:

The partner identity provider http://sp.com/adfs/services/trust is not configured

This is because your PartnerSP key in <appSettings /> and your Name attribute in <PartnerIdentityProvider /> do not match:

saml.config:

<PartnerIdentityProvider Name="https://sp.com/adfs/services/trust" ... />

Web.config:

<appSettings>
    <add key="PartnerSP" value="http://sp.com/adfs/services/trust />
    ...
</appSettings>

The Name of the PartnerIdentityProvider should be set to: http://sp.com/adfs/services/trust

分享给朋友:
您可能感兴趣的文章:
随机阅读: