C# 使用Sustainsys和Azure发出消息的SAML单次注销无效错误
详情: 我有一个定制服务提供商,Azure AD是我们的身份提供商。我已经能够实现单点登录。尝试全局单次注销时出现问题。我构造注销请求并按如下方式发送:C# 使用Sustainsys和Azure发出消息的SAML单次注销无效错误,c#,azure,webforms,azure-active-directory,sustainsys-saml2,C#,Azure,Webforms,Azure Active Directory,Sustainsys Saml2,详情: 我有一个定制服务提供商,Azure AD是我们的身份提供商。我已经能够实现单点登录。尝试全局单次注销时出现问题。我构造注销请求并按如下方式发送: CommandResult commandResult = CommandFactory.GetCommand(CommandFactory.LogoutCommandName).Run(requestData, Options); var responseWrapper = new HttpResponseWrapper(HttpRespo
CommandResult commandResult = CommandFactory.GetCommand(CommandFactory.LogoutCommandName).Run(requestData, Options);
var responseWrapper = new HttpResponseWrapper(HttpResponse);
commandResult.ApplyCookies(responseWrapper);
commandResult.Apply(responseWrapper);
Azure上会弹出以下错误:
抱歉,您登录时遇到问题
AADSTS20012:尝试处理错误时出错
WS-Federation消息。消息无效
刷新页面后,Azure表示他们已成功将我注销。在服务提供商方面,我看到了带有签名和x509证书的初始注销请求。刷新后,Azure将SAML注销请求(而不是注销响应)发送回LogoutURL
SAML配置:
<sustainsys.saml2 entityId="serviceProviderURL.net"
publicOrigin="serviceProviderURL.net/Resource"
modulePath="/Saml2"
returnUrl="serviceProviderURL.net/homePage.aspx" authenticateRequestSigningBehavior="Never">
<identityProviders>
<add entityId="AzureProvidedID" signOnUrl="AzureProvidedURL/saml2" logoutUrl="https://login.microsoftonline.com/common/wsfederation?wa=wsignout1.0" allowUnsolicitedAuthnResponse="true" binding="HttpPost" wantAuthnRequestsSigned="false">
<signingCertificate fileName="~/Resources/Dev-Regression-SSO.cer" />
</add>
</identityProviders>
</sustainsys.saml2>
我不确定我是否在正确的地方有正确的证书。我非常感谢您的任何意见。我先表示感谢。
Sharad我能够通过Azure AD获得全局单点注销。我需要确认两件事:
我能够通过Azure AD获得全球单一注销。我需要确认两件事:
try
{
var signingKeyPath = AppDomain.CurrentDomain.SetupInformation.ApplicationBase;
var X509Cert = new X509Certificate2(signingKeyPath + "\\Dev-Regression-SSO.cer");
options.IdentityProviders.Default.SigningKeys.AddConfiguredKey(X509Cert);
}
catch (Exception ex)
{
CoreLogging.GeneralLogger.Error(String.Format(" Identity Provider Exception : {0}", ex.Message));
}
#endregion
#region Service Provider
try
{
var pp = AppDomain.CurrentDomain.SetupInformation.ApplicationBase + "Resources";
X509Certificate2 certificate1 = new X509Certificate2(pp + "\\serviceProvider.pfx", "password", X509KeyStorageFlags.MachineKeySet);
options.SPOptions.ServiceCertificates.Add(certificate1);
}
catch(Exception ex)
{
CoreLogging.GeneralLogger.Error("Service Provider Exception : " + ex.Message);
}