我从 ItFoxTec 获取了此示例测试 SP 代码,并从此控制器执行 SingleLogout:
[Route("SingleLogout")]
public async Task<IActionResult> SingleLogout()
{
Saml2StatusCodes status;
var requestBinding = new Saml2PostBinding();
var logoutRequest = new Saml2LogoutRequest(config, User);
try
{
requestBinding.Unbind(Request.ToGenericHttpRequest(), logoutRequest);
status = Saml2StatusCodes.Success;
await logoutRequest.DeleteSession(HttpContext);
}
catch (Exception exc)
{
// log exception
Debug.WriteLine("SingleLogout error: " + exc);
status = Saml2StatusCodes.RequestDenied;
}
var responsebinding = new Saml2PostBinding();
responsebinding.RelayState = requestBinding.RelayState;
var saml2LogoutResponse = new Saml2LogoutResponse(config)
{
InResponseToAsString = logoutRequest.IdAsString,
Status = status
};
return responsebinding.Bind(saml2LogoutResponse).ToActionResult();
}
当我到达此端点时,我从 ITfoxtec.Identity.Saml2.InvalidSaml2BindingException 收到此消息
不是 HTTP POST 方法
看起来IdP产生了一个GET请求,我不知道是否有一些配置错误。其实看起来是这样的:
services.Configure<Saml2Configuration>(saml2Configuration =>
{
saml2Configuration.Issuer = saml2Configuration.Issuer;
saml2Configuration.AllowedAudienceUris.Add(saml2Configuration.Issuer);
var entityDescriptor = new EntityDescriptor();
var httpClientFactory = services.BuildServiceProvider().GetService<IHttpClientFactory>();
entityDescriptor.ReadIdPSsoDescriptorFromUrl(new Uri(federationMetadata));
if (entityDescriptor.IdPSsoDescriptor == null)
throw new InvalidOperationException("Error loading federation metadata.");
saml2Configuration.SingleSignOnDestination = entityDescriptor.IdPSsoDescriptor.SingleSignOnServices.First().Location;
saml2Configuration.SingleLogoutDestination = entityDescriptor.IdPSsoDescriptor.SingleLogoutServices.First().Location;
saml2Configuration.SignatureValidationCertificates.AddRange(entityDescriptor.IdPSsoDescriptor.SigningCertificates);
});
可以通过
Saml2PostBinding
(POST) 和 Saml2RedirectBinding
(GET) 绑定来注销。
要接受获取请求,您需要将
Saml2PostBinding
更改为 Saml2RedirectBinding
。