SAML 与 ASP.NET Core Identity 的集成
[英]SAML integration with ASP.NET Core Identity
问题描述
Our service provider asked for the following information for the SAML integration.
我们的服务提供商要求提供以下 SAML 集成信息。
- Identity Provider ID (eg http://myadfs.domain.com/adfs/services/trust )身份提供者 ID(例如http://myadfs.domain.com/adfs/services/trust )
- XML Meta Data (eg http://your-adfs-domain.com/Federation/Metadata/2007-06/Federationmetadata.xml ) XML 元数据(例如http://your-adfs-domain.com/Federation/Metadata/2007-06/Federationmetadata.xml )
- Username attribute (eg http://myadfs.domain.com/ws/2008/06/identity/claims/windowsaccountname )用户名属性(例如http://myadfs.domain.com/ws/2008/06/identity/claims/windowsaccountname )
Now it's my first time trying with SAML and I need to build the identity provider and I'd like to use ASP.NET Core Identity for user authentication.现在这是我第一次尝试使用 SAML,我需要构建身份提供程序,我想使用ASP.NET Core Identity进行用户身份验证。
As I understand it right, the flow would be正如我理解的那样,流程是
- From the service provider site, they have a button to sign in with SAML SSO从服务提供商站点,他们有一个按钮可以使用 SAML SSO 登录
- Clicking on the button would redirect to identity provider's login page单击该按钮将重定向到身份提供者的登录页面
- Put username and password and authenticate against our database using asp.net core identity输入用户名和密码,并使用 asp.net 核心身份对我们的数据库进行身份验证
- If successful, return claim information如果成功,返回索赔信息
- Logged in to service provider site登录到服务提供商站点
I've researched and found several open-source SAML integrations with ASP.NET Core such as Sustainsys or ITfoxtec.我研究并发现了几个与 ASP.NET Core 的开源 SAML 集成,例如 Sustainsys 或 ITfoxtec。 Sustainsys has several samples and it seems like SampleIdentityServer4AspNetIdentity is the way to go. Sustainsys 有几个示例,似乎SampleIdentityServer4AspNetIdentity是要走的路。
- Is it the right one to build identity provider with .net identity?使用 .net 身份构建身份提供者是否合适?
- What are
new EntityId("https://localhost:44342/Saml2")andnew EntityId("http://localhost:52071/Metadata")inStartup.csand where can I get those values?什么是new EntityId("https://localhost:44342/Saml2")和new EntityId("http://localhost:52071/Metadata")在Startup.cs和我在哪里可以得到这些价值?
Any guidance would be appreciated.任何指导将不胜感激。
1 个解决方案
解决方案1
1 已采纳 2020-02-13 08:53:43
The login flow you describe is correct.您描述的登录流程是正确的。
It is possible to build a identity provider using the ITfoxtec.Identity.Saml2 package and ASP.NET Core Identity.可以使用 ITfoxtec.Identity.Saml2 包和 ASP.NET Core Identity 构建身份提供程序。 I have implemented identity providers using the ITfoxtec.Identity.Saml2 package a number of times.我已经多次使用 ITfoxtec.Identity.Saml2 包实现身份提供者。 But you need to be aware of implementing a secure solution, it needs to be done rights else you will leave the hacker a bunch of possibilities :)但是你需要意识到实施一个安全的解决方案,它需要完成,否则你会给黑客留下一堆可能性:)
The new EntityId("https://localhost:44342/Saml2") is the identity providers id which you define yourself. new EntityId("https://localhost:44342/Saml2")是您自己定义的身份提供商 ID。
A link to a ASP.NET Core identity provider sample application https://github.com/ITfoxtec/ITfoxtec.Identity.Saml2/tree/master/test/TestIdPCore .指向 ASP.NET Core 身份提供程序示例应用程序https://github.com/ITfoxtec/ITfoxtec.Identity.Saml2/tree/master/test/TestIdPCore 的链接。 Howewer, the sample application is not using the ASP.NET Core Identity.但是,示例应用程序未使用 ASP.NET Core 标识。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.