[英]ADFS returns an error when sending SAML 2.0 AuthnRequest
我有一個簽名的AuthnRequest,當我將saml請求發送到ADFS時,發生以下錯誤:
Microsoft.IdentityServer.Protocols.Saml.HttpSamlMessageException:MSIS7015:該請求不包含預期的協議消息,或者根據HTTP SAML協議綁定找到了錯誤的協議參數。 在Microsoft.IdentityServer.Web.FederationPassiveContext.EnsureCurrent(HttpContext上下文)處的Microsoft.IdentityServer.Web.HttpSamlMessageFactory.CreateMessage(HttpContext httpContext)
這是我簽名的AuthnRequest:
<?xml version="1.0"?>
<samlp:AuthnRequest xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" Version="2.0" Destination="https://xadfs.xxx.com/adfs/ls/" ID="idde801c3623e24a46ac1b8249dadc6d49" IssueInstant="2014-12-22T07:05:33.7751472Z" AssertionConsumerServiceURL="http://sp.com/" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" IsPassive="false">
<saml:Issuer>https:/sp.com</saml:Issuer>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<Reference URI="#idde801c3623e24a46ac1b8249dadc6d49">
<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>exOnraFOscgGqGJ730P1o7e0hsc=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>...Signature...</SignatureValue>
<KeyInfo>
<X509Data>
<X509Certificate>...Cert...</X509Certificate>
</X509Data>
</KeyInfo>
</Signature>
<samlp:NameIDPolicy AllowCreate="True" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"/>
<samlp:RequestedAuthnContext Comparison="exact">
<saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef>
</samlp:RequestedAuthnContext>
</samlp:AuthnRequest>
這是我的POST請求:
POST https://xadfs.xxx.com/adfs/ls/ HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Referer: https://sp.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip, deflate
Host: xadfs.xxx.com
Content-Length: 3924
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: MSISIPSelectionPersistent=aHR0...
SAMLRequest=request&RelayState=token
您能告訴我我的saml請求出了什么問題嗎?
我有一個MVC SP,並使用SAML2 Nuget包。
我發現了問題:
AllowCreate值應為“ true”而不是“ True”
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.