个人中心
gpt4 book ai didi

ssl - ITfoxtec - ADFS SAML2 根据验证程序,远程证书无效

转载 作者:行者123 更新时间:2023-12-04 22:36:58 27 4
gpt4 key购买 nike

我是 SAML2 身份验证的新手,并尝试过使用 ITfoxtec。运行我的应用程序时出现此错误

AuthenticationException: The remote certificate is invalid accordingto the validation procedure.System.Net.Security.SslStream.StartSendAuthResetSignal(ProtocolTokenmessage, AsyncProtocolRequest asyncRequest, ExceptionDispatchInfoexception)

HttpRequestException: The SSL connection could not be established, seeinner exception.System.Net.Http.ConnectHelper.EstablishSslConnectionAsyncCore(Streamstream, SslClientAuthenticationOptions sslOptions, CancellationTokencancellationToken)

WebException: The SSL connection could not be established, see innerexception. The remote certificate is invalid according to thevalidation procedure. System.Net.HttpWebRequest.GetResponse()


我正在使用使用 OpenSSL 生成的证书,并将 pfx 证书安装在 MMC 的受信任的根 CA 存储中。我不确定为什么它仍然会导致我出错。我还已经在我的 ADFS 中将该应用程序添加为依赖信任方。## 标题 ##
这是我的 StartUp.cs 的片段 
  services.Configure<Saml2Configuration>(Configuration.GetSection("Saml2"));

            services.Configure<Saml2Configuration>(saml2Configuration =>
            {

                //saml2Configuration.SignAuthnRequest = true;
                saml2Configuration.SigningCertificate = CertificateUtil.Load(Configuration["Saml2:SigningCertificateFile"], Configuration["Saml2:SigningCertificatePassword"]);
               //saml2Configuration.SigningCertificate = CertificateUtil.Load(AppEnvironment.MapToPhysicalFilePath(Configuration["Saml2:SigningCertificateFile"]), Configuration["Saml2:SigningCertificatePassword"]);



                var entityDescriptor = new EntityDescriptor();
                entityDescriptor.ReadIdPSsoDescriptorFromUrl(new Uri(Configuration["Saml2:IdPMetadata"]));
                if (entityDescriptor.IdPSsoDescriptor != null)
                {
                    saml2Configuration.AllowedIssuer = entityDescriptor.EntityId;
                    saml2Configuration.SingleSignOnDestination = entityDescriptor.IdPSsoDescriptor.SingleSignOnServices.First().Location;
                    saml2Configuration.SingleLogoutDestination = entityDescriptor.IdPSsoDescriptor.SingleLogoutServices.First().Location;
                    saml2Configuration.SignatureValidationCertificates.AddRange(entityDescriptor.IdPSsoDescriptor.SigningCertificates);
                    if (entityDescriptor.IdPSsoDescriptor.WantAuthnRequestsSigned.HasValue)
                    {
                        saml2Configuration.SignAuthnRequest = entityDescriptor.IdPSsoDescriptor.WantAuthnRequestsSigned.Value;
                    }
                }
                else
                {
                    throw new Exception("IdPSsoDescriptor not loaded from metadata.");
                }
            });
            services.AddSaml2();
这是我的 appsettings.json 
  "Saml2": {
    "IdPMetadata": "adfs url/FederationMetadata/2007-06/FederationMetadata.xml",
    "Issuer": "saml_Example",
    "SingleSignOnDestination": "http://adfs url/adfs/ls/",
    "SignatureAlgorithm": "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256",
    "SigningCertificateFile": "cert.pfx",
    "SigningCertificatePassword": "pw",
    "CertificateValidationMode": "None",
    "RevocationMode": "NoCheck"
  },

最佳答案

根据错误,您的机器/服务器不信任 AD FS SSL/TLS 证书。
您已配置"IdPMetadata": "adfs url/FederationMetadata/2007-06/FederationMetadata.xml" .它应该是一个真实的 URL,如 https://... .

关于ssl - ITfoxtec - ADFS SAML2 根据验证程序,远程证书无效,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/68616211/

27 4 0
文章推荐: amazon-web-services - 对 AWS Elastic Beanstalk 的 HTTPS 请求返回 net::ERR_CERT_COMMON_NAME_INVALID
文章推荐: sql - 如果传递空值,则返回所有行
文章推荐: tabs - 如何自动确定vim中的标签类型并相应地设置expandtab?
文章推荐: php - 在php中使用pdo通过tls连接mysql服务器时是否需要指定证书颁发机构?
行者123
个人简介

我是一名优秀的程序员,十分优秀!

滴滴打车优惠券免费领取
滴滴打车优惠券
全站热门文章
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com