Iis 7 如何获得WIF SAML2扩展';Saml2AuthenticationModule是否在Windows Azure计算仿真程序中工作?
在IIS Express中,使用Saml2AuthenticationModule(来自)会产生以下应用程序流:Iis 7 如何获得WIF SAML2扩展';Saml2AuthenticationModule是否在Windows Azure计算仿真程序中工作?,iis-7,azure,httpmodule,wif,saml-2.0,Iis 7,Azure,Httpmodule,Wif,Saml 2.0,在IIS Express中,使用Saml2AuthenticationModule(来自)会产生以下应用程序流: 用户转到调用Saml2AuthenticationModule.Current.SignIn(args)的服务提供商URL 模块将请求路由到身份提供程序 根据SP的AssertionConsumerService元数据,IdP将SSO响应发送回SP。在我当前的测试中,此URL为“{rootdomain}/ServiceProvider/saml/post/ac”。据我所知,这个URL
Saml2AuthenticationModule.Current.SignIn
(args)的服务提供商URL李>
ServiceProvider/saml/post/ac
”。据我所知,这个URL是不可配置的<md:AssertionConsumerService index="1"
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
Location="https://127.0.0.1/ServiceProvider/saml/post/ac" />
这是怎么回事?模块不是应该截取这个URL并处理SAML响应吗?为什么这在IIS Express中有效,而在azure compute emulator中无效?
以下是SAML内容的web.config:
<system.webServer>
<validation validateIntegratedModeConfiguration="false" />
<modules runAllManagedModulesForAllRequests="true">
<add name="Saml2AuthenticationModule"
type="Microsoft.IdentityModel.Web.Saml2AuthenticationModule"/>
<add name="SessionAuthenticationModule"
type="Microsoft.IdentityModel.Web.SessionAuthenticationModule"/>
</modules>
...
</system.webServer>
...
saml2 azure中的entityID为https://www.mydomain.com/saml2/development/azure
,具有上述AssertionConsumerService URL,并且在测试的SP和IdP中
<system.webServer>
<validation validateIntegratedModeConfiguration="false" />
<modules runAllManagedModulesForAllRequests="true">
<add name="Saml2AuthenticationModule"
type="Microsoft.IdentityModel.Web.Saml2AuthenticationModule"/>
<add name="SessionAuthenticationModule"
type="Microsoft.IdentityModel.Web.SessionAuthenticationModule"/>
</modules>
...
</system.webServer>
<microsoft.identityModel>
<service>
<audienceUris>
<add value="https://www.mydomain.com/saml2/development/azure"/>
</audienceUris>
<certificateValidation certificateValidationMode="None"/>
<issuerNameRegistry type="Microsoft.IdentityModel.Tokens.ConfigurationBasedIssuerNameRegistry">
<!-- The set of trusted issuers. -->
<trustedIssuers>
<add name="urn:samples:identityprovider" thumbprint="59 fc 9a da 58 86 31 8d 1d d5 f8 a6 0f 9a 53 f8 09 fc 0e 63"/>
</trustedIssuers>
</issuerNameRegistry>
<serviceTokenResolver type="Samples.Saml.Utilities.SampleServiceProviderSecurityTokenResolver"/>
<!-- Enable saveBootstrapTokens so the token visualizer can show the raw SAML assertion. -->
<securityTokenHandlers>
<securityTokenHandlerConfiguration saveBootstrapTokens="true">
</securityTokenHandlerConfiguration>
</securityTokenHandlers>
<federatedAuthentication>
<cookieHandler requireSsl="true"/>
</federatedAuthentication>
</service>
</microsoft.identityModel>
<microsoft.identityModel.saml metadata="saml2-azure.xml">
<identityProviders>
<metadata file="identityprovider.xml"/>
</identityProviders>
</microsoft.identityModel.saml>