我使用以下代码来配置 Saml2
public static void ConfigureSaml2(this IServiceCollection services, IConfiguration configuration)
{
services.Configure<Saml2Configuration>(configuration.GetSection(Saml2Section));
services.Configure<Saml2Configuration>(saml2Configuration =>
{
var signingCertificateName = configuration.GetValue<string>($"{Saml2Section}:{SigningCertificateName}");
var signatureCertificateName = configuration.GetValue<string>($"{Saml2Section}:{SignatureCertificateName}");
Configure(saml2Configuration, signingCertificateName, signatureCertificateName);
});
services.AddSaml2(slidingExpiration: true);
}
private static void Configure(Saml2Configuration saml2Configuration, string signingCertificateName, string signatureCertificateName)
{
saml2Configuration.SignAuthnRequest = true;
saml2Configuration.AllowedIssuer = saml2Configuration.SingleSignOnDestination.ToString();
saml2Configuration.SigningCertificate = CertificateUtil.Load(
StoreName.My, StoreLocation.CurrentUser, X509FindType.FindBySubjectDistinguishedName, signingCertificateName);
saml2Configuration.SignatureValidationCertificates.Add(
CertificateUtil.Load(StoreName.My, StoreLocation.CurrentUser, X509FindType.FindBySubjectDistinguishedName, signatureCertificateName));
saml2Configuration.AllowedAudienceUris.Add(saml2Configuration.Issuer);
saml2Configuration.CustomCertificateValidator = new Saml2CertificateValidator
{
CertificateValidationMode = saml2Configuration.CertificateValidationMode,
RevocationMode = saml2Configuration.RevocationMode,
TrustedStoreLocation = StoreLocation.CurrentUser
};
saml2Configuration.CertificateValidationMode = X509CertificateValidationMode.Custom;
}
应用程序托管在 Azure …