我从ItFoxTec获取了这个示例测试SP代码,并从这个控制器执行SingleLogout:
[Route("SingleLogout")]
public async Task<IActionResult> SingleLogout()
{
Saml2StatusCodes status;
var requestBinding = new Saml2PostBinding();
var logoutRequest = new Saml2LogoutRequest(config, User);
try
{
requestBinding.Unbind(Request.ToGenericHttpRequest(), logoutRequest);
status = Saml2StatusCodes.Success;
await logoutRequest.DeleteSession(HttpContext);
}
catch (Exception exc)
{
// log exception
Debug.WriteLine("SingleLogout error: " + exc);
status = Saml2StatusCodes.RequestDenied;
}
var responsebinding = new Saml2PostBinding();
responsebinding.RelayState = requestBinding.RelayState;
var saml2LogoutResponse = new Saml2LogoutResponse(config)
{
InResponseToAsString = logoutRequest.IdAsString,
Status = status
};
return responsebinding.Bind(saml2LogoutResponse).ToActionResult();
}
当我到达这个端点时,我收到了来自ITfoxtec.Identity.Saml2.InvalidSaml2BindingException的消息
非HTTP POST方法
IdP似乎生成了一个GET请求,我不知道是否有一些配置错误.实际上,看起来是这样的:
services.Configure<Saml2Configuration>(saml2Configuration =>
{
saml2Configuration.Issuer = saml2Configuration.Issuer;
saml2Configuration.AllowedAudienceUris.Add(saml2Configuration.Issuer);
var entityDescriptor = new EntityDescriptor();
var httpClientFactory = services.BuildServiceProvider().GetService<IHttpClientFactory>();
entityDescriptor.ReadIdPSsoDescriptorFromUrl(new Uri(federationMetadata));
if (entityDescriptor.IdPSsoDescriptor == null)
throw new InvalidOperationException("Error loading federation metadata.");
saml2Configuration.SingleSignOnDestination = entityDescriptor.IdPSsoDescriptor.SingleSignOnServices.First().Location;
saml2Configuration.SingleLogoutDestination = entityDescriptor.IdPSsoDescriptor.SingleLogoutServices.First().Location;
saml2Configuration.SignatureValidationCertificates.AddRange(entityDescriptor.IdPSsoDescriptor.SigningCertificates);
});