英文:
Why is my service provider web app throwing this error when I click the login button?
问题
我正在构建一个 .Net Core Web 应用程序,它将作为服务提供商,并使用单点登录 (SSO) 通过身份提供者来登录用户。
当我加载这个 Web 应用程序并点击 "登录" 按钮时,我遇到了错误。
在我的 appsettings.json 文件中,我有以下内容:
"Saml2": {
"zau_idpMetadata": "https://saml.zau.edu/zau_idp/shibboleth",
"Issuer": "UniversityComms",
"SingleSignOnDestination": "https://saml.zau.edu/zau_idp/profile/SSO",
"SingleLogoutDestination": "https://saml.zau.edu/zau_idp/profile/Logout",
"CertificateValidationMode": "None",
// "CertificateValidationMode": "ChainTrust",
"RevocationMode": "NoCheck"
}
您可以看到我已经定义了 SingleLogoutDestination。
而且在我的 program.cs 文件中有以下内容:
builder.Services.Configure<Saml2Configuration>(saml2Configuration =>
{
saml2Configuration.AllowedAudienceUris.Add(saml2Configuration.Issuer);
var entityDescriptor = new EntityDescriptor();
//entityDescriptor.ReadIdPSsoDescriptorFromUrlAsync(httpClientFactory, new Uri(Configuration["Saml2:IdPMetadata"])).GetAwaiter().GetResult();
entityDescriptor.ReadIdPSsoDescriptorFromUrl(new Uri(configuration["Saml2:IdPMetadata"]));
if (entityDescriptor.IdPSsoDescriptor != null)
{
saml2Configuration.SingleSignOnDestination = entityDescriptor.IdPSsoDescriptor.SingleSignOnServices.First().Location;
saml2Configuration.SingleLogoutDestination = entityDescriptor.IdPSsoDescriptor.SingleLogoutServices.First().Location;
saml2Configuration.SignatureValidationCertificates.AddRange(entityDescriptor.IdPSsoDescriptor.SigningCertificates);
}
else
{
throw new Exception("IdPSsoDescriptor not loaded from metadata.");
}
});
builder.Services.AddSaml2();
var app = builder.Build();
然而,当我启动应用程序并尝试通过SSO登录时,我遇到了以下错误:
System.InvalidOperationException: 'Sequence contains no elements'
InvalidOperationException: Sequence contains no elements
完整错误信息如下:
Microsoft.Extensions.Options.OptionsFactory<TOptions>.Create(string name)
Microsoft.Extensions.Options.UnnamedOptionsManager<TOptions>.get_Value()
UniversityComms.Controllers.AuthController..ctor(IOptions<Saml2Configuration> configAccessor) in AuthController.cs
{
const string relayStateReturnUrl = "ReturnUrl";
private readonly Saml2Configuration config;
public AuthController(IOptions<Saml2Configuration> configAccessor)
{
config = configAccessor.Value;
}
[Route("Login")]
public IActionResult Login(string? returnUrl = null)
{
var binding = new Saml2RedirectBinding();
希望这能帮助您解决问题。如果需要进一步的帮助,请提供更多详细信息。
英文:
I am building a .Net Core Web App that will be a service provider and use SSO to sign in users via an Identity Provider.
When I load the web app, and click Login...I get errors....
I have the following in my appsettings.json file:
"Saml2": {
"zau_idpMetadata": "https://saml.zau.edu/zau_idp/shibboleth ",
"Issuer": "UniversityComms",
"SingleSignOnDestination": "https://saml.zau.edu/zau_idp/profile/SSO",
"SingleLogoutDestination": "https://saml.zau.edu/zau_idp/profile/Logout",
"CertificateValidationMode": "None",
//"CertificateValidationMode": "ChainTrust",
"RevocationMode": "NoCheck"
}
You can see that I have SingleLogoutDestination defined.
And this is in my program.cs file:
builder.Services.Configure<Saml2Configuration>(saml2Configuration =>
{
saml2Configuration.AllowedAudienceUris.Add(saml2Configuration.Issuer);
var entityDescriptor = new EntityDescriptor();
//entityDescriptor.ReadIdPSsoDescriptorFromUrlAsync(httpClientFactory, new Uri(Configuration["Saml2:IdPMetadata"])).GetAwaiter().GetResult();
entityDescriptor.ReadIdPSsoDescriptorFromUrl(new Uri(configuration["Saml2:IdPMetadata"]));
if (entityDescriptor.IdPSsoDescriptor != null)
{
saml2Configuration.SingleSignOnDestination = entityDescriptor.IdPSsoDescriptor.SingleSignOnServices.First().Location;
saml2Configuration.SingleLogoutDestination = entityDescriptor.IdPSsoDescriptor.SingleLogoutServices.First().Location;
saml2Configuration.SignatureValidationCertificates.AddRange(entityDescriptor.IdPSsoDescriptor.SigningCertificates);
}
else
{
throw new Exception("IdPSsoDescriptor not loaded from metadata.");
}
});
builder.Services.AddSaml2();
var app = builder.Build();
However, when I start the app, and try to login via SSO, I get this error:
System.InvalidOperationException: 'Sequence contains no elements'
Here is the full error:
InvalidOperationException: Sequence contains no elements
System.Linq.ThrowHelper.ThrowNoElementsException()
System.Linq.Enumerable.First<TSource>(IEnumerable<TSource> source)
Program+<>c__DisplayClass0_0.<<Main>$>b__0(Saml2Configuration saml2Configuration) in Program.cs
var entityDescriptor = new EntityDescriptor();
//entityDescriptor.ReadIdPSsoDescriptorFromUrlAsync(httpClientFactory, new Uri(Configuration["Saml2:IdPMetadata"])).GetAwaiter().GetResult();
entityDescriptor.ReadIdPSsoDescriptorFromUrl(new Uri(configuration["Saml2:IdPMetadata"]));
if (entityDescriptor.IdPSsoDescriptor != null)
{
saml2Configuration.SingleSignOnDestination = entityDescriptor.IdPSsoDescriptor.SingleSignOnServices.First().Location;
saml2Configuration.SingleLogoutDestination = entityDescriptor.IdPSsoDescriptor.SingleLogoutServices.First().Location;
saml2Configuration.SignatureValidationCertificates.AddRange(entityDescriptor.IdPSsoDescriptor.SigningCertificates);
}
else
{
throw new Exception("IdPSsoDescriptor not loaded from metadata.");
}
Microsoft.Extensions.Options.OptionsFactory<TOptions>.Create(string name)
Microsoft.Extensions.Options.UnnamedOptionsManager<TOptions>.get_Value()
UniversityComms.Controllers.AuthController..ctor(IOptions<Saml2Configuration> configAccessor) in AuthController.cs
{
const string relayStateReturnUrl = "ReturnUrl";
private readonly Saml2Configuration config;
public AuthController(IOptions<Saml2Configuration> configAccessor)
{
config = configAccessor.Value;
}
[Route("Login")]
public IActionResult Login(string? returnUrl = null)
{
var binding = new Saml2RedirectBinding();
lambda_method22(Closure , IServiceProvider , object[] )
答案1
得分: 1
这段代码从IdP元数据端点zau_idpMetadata加载SingleSignOnDestination和SingleLogoutDestination。IdP元数据可能不包含至少一个SingleLogoutServices,因此在.First()上失败。
您可以将单点注销行注释掉,并从配置中加载它。
英文:
The code loads the SingleSignOnDestination and SingleLogoutDestination from the IdP metadata endpoint zau_idpMetadata. The IdP metadata probably do not contain at lease one SingleLogoutServices and therefore it fails on .First().
You can comment out the single logout line and load it from config.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论