1
使用Kentor + Windows身份验证我有一个IdentityServer3与Windows Authentication Service工作。现在我想在我的IdentityServer3上处理SAML2协议,并且我看到Kentor可以为我做到这一点。上IdentityServer3
的问题是,Kentor是所有样本中的ID连接,我搜索了一会儿,但我无法找到如何Kentor与WindowsAuth结合的任何文件。经过多次尝试都没有成功,我来这里问是否真的可行?
这里是我的Startup.cs(非工作)配置:
public void Configuration(IAppBuilder appBuilder)
{
appBuilder.Map("/windows", ConfigureWindowsTokenProvider);
appBuilder.UseIdentityServer(GetIdentityServerOptions());
}
private void ConfigureWsFederation(IAppBuilder pluginApp, IdentityServerOptions options)
{
var factory = new WsFederationServiceFactory(options.Factory);
factory.Register(new Registration<IEnumerable<RelyingParty>>(RelyingParties.Get()));
factory.RelyingPartyService = new Registration<IRelyingPartyService>(typeof(InMemoryRelyingPartyService));
factory.CustomClaimsService = new Registration<ICustomWsFederationClaimsService>(typeof(ClaimsService));
factory.CustomRequestValidator = new Registration<ICustomWsFederationRequestValidator>(typeof(RequestValidator));
var wsFedOptions = new WsFederationPluginOptions
{
IdentityServerOptions = options,
Factory = factory,
};
pluginApp.UseWsFederationPlugin(wsFedOptions);
}
private IdentityServerOptions GetIdentityServerOptions()
{
DefaultViewServiceOptions viewServiceOptions = new DefaultViewServiceOptions();
viewServiceOptions.CustomViewDirectory = HttpContext.Current.Server.MapPath("~/Templates");
viewServiceOptions.Stylesheets.Add("/Content/Custom.css");
IdentityServerServiceFactory factory = new IdentityServerServiceFactory()
.UseInMemoryClients(new List<Client>())
.UseInMemoryScopes(new List<Scope>());
factory.ConfigureDefaultViewService(viewServiceOptions);
factory.UserService = new Registration<IUserService>(resolver => new UserService());
return new IdentityServerOptions
{
SigningCertificate = Certificate.Load(),
Factory = factory,
PluginConfiguration = ConfigureWsFederation,
EventsOptions = new EventsOptions
{
RaiseSuccessEvents = true,
RaiseFailureEvents = true,
},
AuthenticationOptions = new IdentityServer3.Core.Configuration.AuthenticationOptions
{
IdentityProviders = ConfigureIdentityProviders,
EnableLocalLogin = false,
},
RequireSsl = true,
};
}
private void ConfigureIdentityProviders(IAppBuilder app, string signInAsType)
{
ConfigureWSFederationProvider(app, signInAsType);
ConfigureKentorProvider(app, signInAsType);
}
private void ConfigureKentorProvider(IAppBuilder app, string signInAsType)
{
SPOptions spOptions = new SPOptions
{
EntityId = new EntityId("Dropbox"),
};
KentorAuthServicesAuthenticationOptions kentorOptions = new KentorAuthServicesAuthenticationOptions(false)
{
Caption = "Windows",
SignInAsAuthenticationType = signInAsType,
SPOptions = spOptions,
};
IdentityProvider idp = new IdentityProvider(new EntityId("http://stubidp.kentor.se/Metadata"), spOptions)
{
Binding = Saml2BindingType.HttpRedirect,
AllowUnsolicitedAuthnResponse = true,
LoadMetadata = true,
};
kentorOptions.IdentityProviders.Add(idp);
app.UseKentorAuthServicesAuthentication(kentorOptions);
}
private void ConfigureWSFederationProvider(IAppBuilder app, string signInAsType)
{
app.UseWsFederationAuthentication(new WsFederationAuthenticationOptions()
{
AuthenticationType = "windows",
Caption = "Windows",
SignInAsAuthenticationType = signInAsType,
MetadataAddress = serverHost + "windows",
Wtrealm = "urn:idsrv3",
});
}
private void ConfigureWindowsTokenProvider(IAppBuilder app)
{
app.UseWindowsAuthenticationService(new WindowsAuthenticationOptions
{
IdpReplyUrl = serverHost,
SigningCertificate = Certificate.Load(),
EnableOAuth2Endpoint = false,
});
}
此配置建立,但是当我使用Dropbox的SSO(使用SAML2)我得到的异常No Idp with entity id "Dropbox" found。
'标题=“窗口”,'看起来错在你的Kentor代码,但听起来像你的主要问题是在其他地方。 – explunit
是的,可以在IdentityServer3中使用Kentor.AuthServices和Windows作为单独的外部身份提供程序。我没有时间去提炼出我当前的代码到一个较小的样本,但我开始与https://github.com/KentorIT/authservices/tree/master/SampleIdentityServer3然后将Windows身份验证样品中添加从IdentityServer3 – explunit
感谢您评论,但我需要让他们一起工作,而不是分离。这是我的文章的重点。 –