我的服务提供商网站为什么在我点击登录按钮时会抛出这个错误?

huangapple
go评论320阅读模式
英文:

Why is my service provider web app throwing this error when I click the login button?

问题

我正在构建一个 .Net Core Web 应用程序,它将作为服务提供商,并使用单点登录 (SSO) 通过身份提供者来登录用户。

当我加载这个 Web 应用程序并点击 "登录" 按钮时,我遇到了错误。

在我的 appsettings.json 文件中,我有以下内容:

"Saml2": {
    "zau_idpMetadata": "https://saml.zau.edu/zau_idp/shibboleth",
    "Issuer": "UniversityComms",
    "SingleSignOnDestination": "https://saml.zau.edu/zau_idp/profile/SSO",
    "SingleLogoutDestination": "https://saml.zau.edu/zau_idp/profile/Logout",
    "CertificateValidationMode": "None",
    // "CertificateValidationMode": "ChainTrust",
    "RevocationMode": "NoCheck"
}

您可以看到我已经定义了 SingleLogoutDestination

而且在我的 program.cs 文件中有以下内容:

builder.Services.Configure<Saml2Configuration>(saml2Configuration =>
{
    saml2Configuration.AllowedAudienceUris.Add(saml2Configuration.Issuer);

    var entityDescriptor = new EntityDescriptor();
    //entityDescriptor.ReadIdPSsoDescriptorFromUrlAsync(httpClientFactory, new Uri(Configuration["Saml2:IdPMetadata"])).GetAwaiter().GetResult();
    entityDescriptor.ReadIdPSsoDescriptorFromUrl(new Uri(configuration["Saml2:IdPMetadata"]));
    if (entityDescriptor.IdPSsoDescriptor != null)
    {
        saml2Configuration.SingleSignOnDestination = entityDescriptor.IdPSsoDescriptor.SingleSignOnServices.First().Location;
        saml2Configuration.SingleLogoutDestination = entityDescriptor.IdPSsoDescriptor.SingleLogoutServices.First().Location;
        saml2Configuration.SignatureValidationCertificates.AddRange(entityDescriptor.IdPSsoDescriptor.SigningCertificates);
    }
    else
    {
        throw new Exception("IdPSsoDescriptor not loaded from metadata.");
    }
});

builder.Services.AddSaml2();

var app = builder.Build();

然而,当我启动应用程序并尝试通过SSO登录时,我遇到了以下错误:

System.InvalidOperationException: 'Sequence contains no elements'

InvalidOperationException: Sequence contains no elements

完整错误信息如下:

Microsoft.Extensions.Options.OptionsFactory<TOptions>.Create(string name)
Microsoft.Extensions.Options.UnnamedOptionsManager<TOptions>.get_Value()
UniversityComms.Controllers.AuthController..ctor(IOptions<Saml2Configuration> configAccessor) in AuthController.cs

{
    const string relayStateReturnUrl = "ReturnUrl";
    private readonly Saml2Configuration config;
    public AuthController(IOptions<Saml2Configuration> configAccessor)
    {

        config = configAccessor.Value;

    }
    [Route("Login")]
    public IActionResult Login(string? returnUrl = null)
    {
        var binding = new Saml2RedirectBinding();

希望这能帮助您解决问题。如果需要进一步的帮助,请提供更多详细信息。

英文:

I am building a .Net Core Web App that will be a service provider and use SSO to sign in users via an Identity Provider.

When I load the web app, and click Login...I get errors....

I have the following in my appsettings.json file:

  &quot;Saml2&quot;: {
    &quot;zau_idpMetadata&quot;: &quot;https://saml.zau.edu/zau_idp/shibboleth &quot;,
    &quot;Issuer&quot;: &quot;UniversityComms&quot;,
    &quot;SingleSignOnDestination&quot;: &quot;https://saml.zau.edu/zau_idp/profile/SSO&quot;,
    &quot;SingleLogoutDestination&quot;: &quot;https://saml.zau.edu/zau_idp/profile/Logout&quot;,
    &quot;CertificateValidationMode&quot;: &quot;None&quot;,
    //&quot;CertificateValidationMode&quot;: &quot;ChainTrust&quot;,
    &quot;RevocationMode&quot;: &quot;NoCheck&quot;
  }

You can see that I have SingleLogoutDestination defined.

And this is in my program.cs file:

builder.Services.Configure&lt;Saml2Configuration&gt;(saml2Configuration =&gt;
{
    saml2Configuration.AllowedAudienceUris.Add(saml2Configuration.Issuer);

    var entityDescriptor = new EntityDescriptor();
    //entityDescriptor.ReadIdPSsoDescriptorFromUrlAsync(httpClientFactory, new Uri(Configuration[&quot;Saml2:IdPMetadata&quot;])).GetAwaiter().GetResult();
    entityDescriptor.ReadIdPSsoDescriptorFromUrl(new Uri(configuration[&quot;Saml2:IdPMetadata&quot;]));
    if (entityDescriptor.IdPSsoDescriptor != null)
    {
        saml2Configuration.SingleSignOnDestination = entityDescriptor.IdPSsoDescriptor.SingleSignOnServices.First().Location;
        saml2Configuration.SingleLogoutDestination = entityDescriptor.IdPSsoDescriptor.SingleLogoutServices.First().Location;
        saml2Configuration.SignatureValidationCertificates.AddRange(entityDescriptor.IdPSsoDescriptor.SigningCertificates);
    }
    else
    {
        throw new Exception(&quot;IdPSsoDescriptor not loaded from metadata.&quot;);
    }
});

builder.Services.AddSaml2();

var app = builder.Build();

However, when I start the app, and try to login via SSO, I get this error:

System.InvalidOperationException: 'Sequence contains no elements'

Here is the full error:

  InvalidOperationException: Sequence contains no elements

    System.Linq.ThrowHelper.ThrowNoElementsException()
    System.Linq.Enumerable.First&lt;TSource&gt;(IEnumerable&lt;TSource&gt; source)
    Program+&lt;&gt;c__DisplayClass0_0.&lt;&lt;Main&gt;$&gt;b__0(Saml2Configuration saml2Configuration) in Program.cs

        var entityDescriptor = new EntityDescriptor();
        //entityDescriptor.ReadIdPSsoDescriptorFromUrlAsync(httpClientFactory, new Uri(Configuration[&quot;Saml2:IdPMetadata&quot;])).GetAwaiter().GetResult();
        entityDescriptor.ReadIdPSsoDescriptorFromUrl(new Uri(configuration[&quot;Saml2:IdPMetadata&quot;]));
        if (entityDescriptor.IdPSsoDescriptor != null)
        {
            saml2Configuration.SingleSignOnDestination = entityDescriptor.IdPSsoDescriptor.SingleSignOnServices.First().Location;

            saml2Configuration.SingleLogoutDestination = entityDescriptor.IdPSsoDescriptor.SingleLogoutServices.First().Location;

            saml2Configuration.SignatureValidationCertificates.AddRange(entityDescriptor.IdPSsoDescriptor.SigningCertificates);
        }
        else
        {
            throw new Exception(&quot;IdPSsoDescriptor not loaded from metadata.&quot;);
        }

Microsoft.Extensions.Options.OptionsFactory&lt;TOptions&gt;.Create(string name)
Microsoft.Extensions.Options.UnnamedOptionsManager&lt;TOptions&gt;.get_Value()
UniversityComms.Controllers.AuthController..ctor(IOptions&lt;Saml2Configuration&gt; configAccessor) in AuthController.cs

        {
            const string relayStateReturnUrl = &quot;ReturnUrl&quot;;
            private readonly Saml2Configuration config;
            public AuthController(IOptions&lt;Saml2Configuration&gt; configAccessor)
            {

                config = configAccessor.Value;

            }
            [Route(&quot;Login&quot;)]
            public IActionResult Login(string? returnUrl = null)
            {
                var binding = new Saml2RedirectBinding();

lambda_method22(Closure , IServiceProvider , object[] )

答案1

得分: 1

这段代码从IdP元数据端点zau_idpMetadata加载SingleSignOnDestinationSingleLogoutDestination。IdP元数据可能不包含至少一个SingleLogoutServices,因此在.First()上失败。

您可以将单点注销行注释掉,并从配置中加载它。

英文:

The code loads the SingleSignOnDestination and SingleLogoutDestination from the IdP metadata endpoint zau_idpMetadata. The IdP metadata probably do not contain at lease one SingleLogoutServices and therefore it fails on .First().

You can comment out the single logout line and load it from config.

huangapple
  • 本文由 发表于 2023年6月15日 02:26:09
  • 转载请务必保留本文链接:https://go.coder-hub.com/76476544.html
  • asp.net-core
  • c#
  • itfoxtec-identity-saml2
  • saml-2.0
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定