我正在关注SAML 2.0 Integration with IdentityServer4,并将“ IdentityServer 4作为SAML服务提供者实现”。
我还阅读了Automatic Metadata Lookup,并按如下所示配置了我的启动程序
authenticationBuilder = authenticationBuilder.AddSaml2p("saml2p", options =>
{
options.Licensee = "DEMO";
options.LicenseKey = "<<LICENSE_KEY>>";
options.IdentityProviderMetadataAddress = "https://degreed.com/saml/idp/94";
options.ServiceProviderOptions = new SpOptions
{
EntityId = "https://degreed.com/DegreedIdP/94",
MetadataPath = "/saml/metadata",
// optional
//SignAuthenticationRequests = true,
//SigningCertificate = new X509Certificate2(Convert.FromBase64String("<<SOME_STRING>>"))
};
options.CallbackPath = "/signin-idsrv";
options.SignInScheme = IdentityServerConstants.ExternalCookieAuthenticationScheme;
});
我正在使用一个外部提供程序作为SAML2P来获得IdendityServer登录屏幕,但是当我单击它时,它重定向到https://localhost:44380/External/Challenge?provider=saml2p&returnUrl=%2Fgrants,并且我可以看到一个空白页。当我检查IdentityServer日志时,它说“ System.InvalidOperationException: IDX20803: Unable to obtain configuration from: 'https://degreed.com/saml/idp/94'. ---> System.AggregateException: One or more values could not be parsed from the metadata document. See inner exceptions for details. (Unable to parse a value for SigningCertificate from the metadata document) ---> IdentityServer4.Saml.Exceptions.SamlXmlParsingException: Unable to parse a value for SigningCertificate from the metadata document”
第一个链接断开了?
元数据是否具有签名元素?
尝试将“ SignAuthenticationRequests”设置为“ False”。
当您根据第二篇文章手动输入元数据时会发生什么?