从ADFS Single Sign On读取cookie
[英]Read cookies from ADFS Single Sign On
问题描述
Good morning, 
早上好,
On my test-site I implemented SSO (SAML2.0 from ComponentSpace) which works great, but the next level - live situation- is giving me a headache… 在我的测试网站上,我实现了SSO(来自ComponentSpace的SAML2.0),效果很好,但是下一个级别 - 现场情况 - 让我头疼...
My customer is using ADFS for authentication and when a user accesses my site (in the cloud) for the first time, my site generates a nice SAML-request which is answered with a SAML-response from ADFS. 我的客户正在使用ADFS进行身份验证,当用户第一次访问我的站点(在云端)时,我的站点会生成一个很好的SAML请求,并通过ADFS的SAML响应来回答。 The user is logged-in. 用户已登录。 All well so far. 到目前为止一切顺利。
But, when the users accesses my site for the second time ADFS does not response anymore to my SAML-request. 但是,当用户第二次访问我的网站时,ADFS不再响应我的SAML请求。 After digging into this situation it seems that ADFS saves the first time several cookies on the client webbrowser (under its own domain-name) and when ADFS detects those 4 cookies the second time it does not respond to my SAML-request. 在深入了解这种情况之后,ADFS似乎第一次在客户端webbrowser上保存了几个cookie(在其自己的域名下),并且当ADFS第二次在没有响应我的SAML请求时检测到这4个cookie时。
I searched several sites and found a good document about this behaviour on https://msdn.microsoft.com/nl-nl/en%C2%ADus/library/bb897402 . 我搜索了几个站点,并在https://msdn.microsoft.com/nl-nl/en%C2%ADus/library/bb897402上找到了一个关于此行为的好文档。 The solution in this article is based on AzMan, but we use the latest Windows server 2012R2 which AzMan is deprecated. 本文中的解决方案基于AzMan,但我们使用不推荐使用AzMan的最新Windows服务器2012R2。
So how do I deal with this situation? 那么我该如何处理这种情况呢?
- How can I detect and read from my domain the cookies from the adfs.customerdomainname.nl? 如何从我的域中检测并读取adfs.customerdomainname.nl中的cookie?
- The cookies are encrypted. Cookie已加密。 How can I decrypt them, to get the right UserId from it? 我怎样才能解密它们,从中获取正确的UserId?
- Is there a good sample on how to implement SSO in combination with ADFS? 有关如何与ADFS结合实施SSO的良好示例吗?
Any help is appreciated! 任何帮助表示赞赏!
Thanks, 谢谢,
best regards, Arno 最好的问候,阿诺
1 个解决方案
解决方案1
0 2018-04-19 18:13:48
I'd similar issue while authenticating users with ADFS 3.0 from a C# MVC web application. 从C#MVC Web应用程序使用ADFS 3.0对用户进行身份验证时,我遇到了类似的问题。 The reason was that while cookies are still active (not-expired) they cannot be overwritten so to fix this issue I created a new CookieManager instead of using the default one. 原因是虽然cookie仍处于活动状态(未过期),但它们无法被覆盖,因此为了解决此问题,我创建了一个新的CookieManager而不是使用默认的CookieManager。 Below is the line of code that worked for me. 下面是适合我的代码行。
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
CookieManager = new SystemWebCookieManager()
});
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.