Meteor SAML消息的签名错误
我有一个meteor应用程序,运行在windows server 2012 r2上,iis 8.5作为我的应用程序的反向代理(在ubuntu和nginx上也尝试过),我正在尝试使用saml通过ADFS 2.0进行身份验证 我不断得到以下错误:Meteor SAML消息的签名错误,meteor,adfs2.0,Meteor,Adfs2.0,我有一个meteor应用程序,运行在windows server 2012 r2上,iis 8.5作为我的应用程序的反向代理(在ubuntu和nginx上也尝试过),我正在尝试使用saml通过ADFS 2.0进行身份验证 我不断得到以下错误: Event 303, AD FS 2.0 The Federation Service encountered an error while processing the SAML authentication request. Additional
Event 303, AD FS 2.0
The Federation Service encountered an error while processing the SAML authentication request.
Additional Data
Exception details:
MicrosoftidentityModel.Protocols.XmISignature.SignatureVerificationFailedException: M5I50038: SAML Message has wrong signature. Issuer:
at MicrosoftldentityServer.Protocols.Saml.Contract.SamIContractUtility,CreateSamIMessage(MSISSamlBindingMessage message)
at Microsoft.IdentityServer.Service.Sam1Protocol.Sam1ProtocolService.CreateErrorMessage(CreateErrorMe.ssageRequest
createErrorMessageRequest)r
at Microsoft.IdentityServer.Service.Sam1Protocol.SarnIProtocolService.ProcessRequest(Message requestMessage)
Log Name:
AD FS 2.0/Admin
Source:
AD FS 2.0
Logged:
10/04/2016 09:0S:1
Event ID:
303
Task Category:
None
Level:
Error
Keywords:
AD F
User:
NETWORK SERVICE
Computer:
我尝试根据以下命令安装kb2896713
不幸的是,到目前为止没有运气
有人知道吗?问题的根源是什么
编辑
这是我使用的开源软件:Rocket.Chat
}您是否有任何代码用于通过这种方式进行身份验证?如果是,请提供一份报告。
console.log("requestToUrl:");
request = request.replace(/(\r\n|\n|\r)/gm,"");
console.log("Logout request:" + request);
var self = this;
var result;
zlib.deflateRaw(request, function (err, buffer) {
if (err) {
return callback(err);
}
var base64 = buffer.toString('base64');
var target = self.options.entryPoint;
if (operation === 'logout') {
if (self.options.idpSLORedirectURL) {
target = self.options.idpSLORedirectURL;
}
}
if (target.indexOf('?') > 0)
target += '&';
else
target += '?';
var samlRequest = {
SAMLRequest: base64
};
var relayState;
// TBD. We should really include a proper RelayState here
if (operation === 'logout') {
relayState = self.options.issuer;
} else {
relayState = self.options.provider;
}
// URL Encode the bytes
var encodedRequest = encodeURIComponent(base64);
console.log("encodedRequest:"+encodedRequest);
var encodedRelayState = encodeURIComponent(relayState);
var finalSignatureValue = "";
var encodedSigAlg = encodeURIComponent("http://www.w3.org/2000/09/xmldsig#rsa-sha1");
var strSignature = "SAMLRequest=" + encodedRequest.replace(/(\r\n|\n|\r)/gm,"");
strSignature += "&RelayState=" + encodedRelayState;
strSignature += "&SigAlg=" + encodedSigAlg;
var signer = crypto.createSign('RSA-SHA1');
signer.update(strSignature);
var signature = signer.sign(self.options.privateKey, 'base64');
console.log("signature:" + signature);
var b = new Buffer(signature);
var s = b.toString('base64');
var encodedSignature = encodeURIComponent(signature);
console.log("encodedSignature:" + encodedSignature);
var finalSignatureValue = "&SigAlg=" + encodedSigAlg + "&Signature=" + encodedSignature;
target += "SAMLRequest=" + encodedRequest.replace(/(\r\n|\n|\r)/gm,"");
target +="&RelayState=" + encodedRelayState;
target += finalSignatureValue;
if (Meteor.settings.debug) {
console.log("requestToUrl: " + target);
}
if (operation === 'logout') {
// in case of logout we want to be redirected back to the Meteor app.
result = target;
return callback(null, target);
} else {
callback(null, target);
}
});