无法通过 HTTP post 接收 SAML 响应 | SendSAMLResponseByHTTPPost

本文介绍了无法通过 HTTP post 接收 SAML 响应的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！

问题描述

在 SSO 实现中，验证用户后，我创建了一个 SAMLResponse 对象，并使用 IdentityProvider.SendSAMLResponseByHTTPPost() 方法将其发布到默认登陆 URL.

In SSO Implementation, having validated the User, I created a SAMLResponse object and posted it to the Default Landing URL using IdentityProvider.SendSAMLResponseByHTTPPost() Method.

IdentityProvider.SendSAMLResponseByHTTPPost(Response,strAssertionConsumerServiceURL、samlResponseXml、relayState);

samlResponseXml - 包含 SAML 请求 XML

samlResponseXml - contains the SAML Request XML

在 ServiceProvider.ReceiveSAMLResponseByHTTPPost() 方法上，我收到以下捕获异常.

On ServiceProvider.ReceiveSAMLResponseByHTTPPost() Method, I am getting the below Catch Exception.

未能通过 HTTP post 接收 SAML 响应

身份提供者和服务提供者都在同一个网络域中.

Both the Identity Provider and Service Provider are in same network domain.

附加了 ComponentSpace.SAML2 的日志

Attached the logs for ComponentSpace.SAML2

ComponentSpace.SAML2 Verbose: 0 : 9:19:44 PM: Missing form variable SAMLResponse
ComponentSpace.SAML2 Verbose: 0 : 9:19:44 PM: Exception: ComponentSpace.SAML2.SAMLBindingException: The form is missing the variable SAMLResponse
ComponentSpace.SAML2 Verbose: 0 : 9:19:44 PM: Exception: ComponentSpace.SAML2.SAMLBindingException: Failed to receive response over HTTP POST. ---> ComponentSpace.SAML2.SAMLBindingException: The form is missing the variable SAMLResponse
   at ComponentSpace.SAML2.Bindings.HTTPPostBinding.GetFormVariables(HttpRequest httpRequest, String messageFormVariableName, XmlElement& samlMessage, String& relayState)
   at ComponentSpace.SAML2.Bindings.HTTPPostBinding.ReceiveResponse(HttpRequest httpRequest, XmlElement& samlMessage, String& relayState)
   --- End of inner exception stack trace ---

推荐答案

问题:
(1) 无法通过 HTTP post 接收 SAML 响应

Issue:
(1) Failed to receive SAML response by HTTP post

(2)

ComponentSpace.SAML2 Verbose: 0 : 9:19:44 PM: Missing form variable SAMLResponse
ComponentSpace.SAML2 Verbose: 0 : 9:19:44 PM: Exception: ComponentSpace.SAML2.SAMLBindingException: The form is missing the variable SAMLResponse

分辨率:

SAML 异常日志指出 SAML Response 的形式/格式不正确.

The log of SAML exception states that the form/format of SAML Response is incorrect.

为 SSO 创建 SAML 响应提供以下示例代码演示如何使用 ComponentSpace 库生成 SAML 响应.

Creating SAML Response for SSO provides the following sample code to demonstrate how to generate SAML Response using ComponentSpace libray.

        // Create a SAML response with the user's local identity.
        private SAMLResponse CreateSAMLResponse()
        {
            //Trace.Write("IdPreating SAML response");
           SAMLResponse samlResponse = new SAMLResponse();
            samlResponse.Destination = strAssertionConsumerServiceURL;
            Issuer issuer = new Issuer(CreateAbsoluteURL("~/"));
            samlResponse.Issuer = issuer;
            samlResponse.Status = new Status(SAMLIdentifiers.PrimaryStatusCodes.Success, null);
            SAMLAssertion samlAssertion = new SAMLAssertion();
            samlAssertion.Issuer = issuer;
            //Subject subject = new Subject(new NameID(User.Identity.Name));
            Subject subject = new Subject(new NameID());
            SubjectConfirmation subjectConfirmation = new SubjectConfirmation(SAMLIdentifiers.SubjectConfirmationMethods.Bearer);
            SubjectConfirmationData subjectConfirmationData = new SubjectConfirmationData();
            subjectConfirmationData.Recipient = strAssertionConsumerServiceURL;
            subjectConfirmation.SubjectConfirmationData = subjectConfirmationData;
            subject.SubjectConfirmations.Add(subjectConfirmation);
            samlAssertion.Subject = subject;
            samlAssertion.SetAttributeValue("MemberId", this.txtMemberId.Text);
            samlAssertion.SetAttributeValue("Name", this.txtName.Text);
            samlAssertion.SetAttributeValue("Phone", this.txtPhone.Text);
            AuthnStatement authnStatement = new AuthnStatement();
            authnStatement.AuthnContext = new AuthnContext();
            authnStatement.AuthnContext.AuthnContextClassRef = new AuthnContextClassRef(SAMLIdentifiers.AuthnContextClasses.Password);
            samlAssertion.Statements.Add(authnStatement);
           samlResponse.Assertions.Add(samlAssertion);
            return samlResponse;
        }
        // Send the SAML response to the SP.
        private void SendSAMLResponse(SAMLResponse samlResponse, string relayState)
        {
            // Serialize the SAML response for transmission.
            XmlElement samlResponseXml = samlResponse.ToXml();
            // Sign the SAML response.
           X509Certificate2 x509Certificate = (X509Certificate2)Application["IdPX509Certificate"];
            SAMLMessageSignature.Generate(samlResponseXml, x509Certificate.PrivateKey, x509Certificate);
          IdentityProvider.SendSAMLResponseByHTTPPost(Response, strAssertionConsumerServiceURL, samlResponseXml, relayState);
        }

这篇关于无法通过 HTTP post 接收 SAML 响应的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！