我正在遵循SAML 2.0与IdentityServer4的集成,并实现"IdentityServer 4作为SAML服务提供商"。
我还阅读了自动元数据查找并配置了我的启动,如下所示
authenticationBuilder = authenticationBuilder.AddSaml2p("saml2p", options =>
{
options.Licensee = "DEMO";
options.LicenseKey = "<<LICENSE_KEY>>";
options.IdentityProviderMetadataAddress = "https://degreed.com/saml/idp/94";
options.ServiceProviderOptions = new SpOptions
{
EntityId = "https://degreed.com/DegreedIdP/94",
MetadataPath = "/saml/metadata",
// optional
//SignAuthenticationRequests = true,
//SigningCertificate = new X509Certificate2(Convert.FromBase64String("<<SOME_STRING>>"))
};
options.CallbackPath = "/signin-idsrv";
options.SignInScheme = IdentityServerConstants.ExternalCookieAuthenticationScheme;
});
我正在获得IdendityServer登录屏幕,其中一个外部提供商作为SAML2P,但是当我单击它时,它会重定向到 https://localhost:44380/External/Challenge?provider=saml2p&returnUrl=%2Fgrants,我可以看到一个空白页。当我签入身份服务器日志时,它说"System.InvalidOperationException: IDX20803: Unable to obtain configuration from: 'https://degreed.com/saml/idp/94'. ---> System.AggregateException: One or more values could not be parsed from the metadata document. See inner exceptions for details. (Unable to parse a value for SigningCertificate from the metadata document) ---> IdentityServer4.Saml.Exceptions.SamlXmlParsingException: Unable to parse a value for SigningCertificate from the metadata document">
第一个链接断开了?
元数据是否具有签名元素?
尝试将"签名身份验证请求"设置为"False"。
按照第二篇文章手动输入元数据时会发生什么?