英文:
Why is my service provider web app throwing this error when I click the login button?
问题
我正在构建一个 .Net Core Web 应用程序,它将作为服务提供商,并使用单点登录 (SSO) 通过身份提供者来登录用户。
当我加载这个 Web 应用程序并点击 "登录" 按钮时,我遇到了错误。
在我的 appsettings.json
文件中,我有以下内容:
"Saml2": {
"zau_idpMetadata": "https://saml.zau.edu/zau_idp/shibboleth",
"Issuer": "UniversityComms",
"SingleSignOnDestination": "https://saml.zau.edu/zau_idp/profile/SSO",
"SingleLogoutDestination": "https://saml.zau.edu/zau_idp/profile/Logout",
"CertificateValidationMode": "None",
// "CertificateValidationMode": "ChainTrust",
"RevocationMode": "NoCheck"
}
您可以看到我已经定义了 SingleLogoutDestination
。
而且在我的 program.cs
文件中有以下内容:
builder.Services.Configure<Saml2Configuration>(saml2Configuration =>
{
saml2Configuration.AllowedAudienceUris.Add(saml2Configuration.Issuer);
var entityDescriptor = new EntityDescriptor();
//entityDescriptor.ReadIdPSsoDescriptorFromUrlAsync(httpClientFactory, new Uri(Configuration["Saml2:IdPMetadata"])).GetAwaiter().GetResult();
entityDescriptor.ReadIdPSsoDescriptorFromUrl(new Uri(configuration["Saml2:IdPMetadata"]));
if (entityDescriptor.IdPSsoDescriptor != null)
{
saml2Configuration.SingleSignOnDestination = entityDescriptor.IdPSsoDescriptor.SingleSignOnServices.First().Location;
saml2Configuration.SingleLogoutDestination = entityDescriptor.IdPSsoDescriptor.SingleLogoutServices.First().Location;
saml2Configuration.SignatureValidationCertificates.AddRange(entityDescriptor.IdPSsoDescriptor.SigningCertificates);
}
else
{
throw new Exception("IdPSsoDescriptor not loaded from metadata.");
}
});
builder.Services.AddSaml2();
var app = builder.Build();
然而,当我启动应用程序并尝试通过SSO登录时,我遇到了以下错误:
System.InvalidOperationException: 'Sequence contains no elements'
InvalidOperationException: Sequence contains no elements
完整错误信息如下:
Microsoft.Extensions.Options.OptionsFactory<TOptions>.Create(string name)
Microsoft.Extensions.Options.UnnamedOptionsManager<TOptions>.get_Value()
UniversityComms.Controllers.AuthController..ctor(IOptions<Saml2Configuration> configAccessor) in AuthController.cs
{
const string relayStateReturnUrl = "ReturnUrl";
private readonly Saml2Configuration config;
public AuthController(IOptions<Saml2Configuration> configAccessor)
{
config = configAccessor.Value;
}
[Route("Login")]
public IActionResult Login(string? returnUrl = null)
{
var binding = new Saml2RedirectBinding();
希望这能帮助您解决问题。如果需要进一步的帮助,请提供更多详细信息。
英文:
I am building a .Net Core Web App that will be a service provider and use SSO to sign in users via an Identity Provider.
When I load the web app, and click Login
...I get errors....
I have the following in my appsettings.json
file:
"Saml2": {
"zau_idpMetadata": "https://saml.zau.edu/zau_idp/shibboleth ",
"Issuer": "UniversityComms",
"SingleSignOnDestination": "https://saml.zau.edu/zau_idp/profile/SSO",
"SingleLogoutDestination": "https://saml.zau.edu/zau_idp/profile/Logout",
"CertificateValidationMode": "None",
//"CertificateValidationMode": "ChainTrust",
"RevocationMode": "NoCheck"
}
You can see that I have SingleLogoutDestination
defined.
And this is in my program.cs
file:
builder.Services.Configure<Saml2Configuration>(saml2Configuration =>
{
saml2Configuration.AllowedAudienceUris.Add(saml2Configuration.Issuer);
var entityDescriptor = new EntityDescriptor();
//entityDescriptor.ReadIdPSsoDescriptorFromUrlAsync(httpClientFactory, new Uri(Configuration["Saml2:IdPMetadata"])).GetAwaiter().GetResult();
entityDescriptor.ReadIdPSsoDescriptorFromUrl(new Uri(configuration["Saml2:IdPMetadata"]));
if (entityDescriptor.IdPSsoDescriptor != null)
{
saml2Configuration.SingleSignOnDestination = entityDescriptor.IdPSsoDescriptor.SingleSignOnServices.First().Location;
saml2Configuration.SingleLogoutDestination = entityDescriptor.IdPSsoDescriptor.SingleLogoutServices.First().Location;
saml2Configuration.SignatureValidationCertificates.AddRange(entityDescriptor.IdPSsoDescriptor.SigningCertificates);
}
else
{
throw new Exception("IdPSsoDescriptor not loaded from metadata.");
}
});
builder.Services.AddSaml2();
var app = builder.Build();
However, when I start the app, and try to login via SSO, I get this error:
System.InvalidOperationException: 'Sequence contains no elements'
Here is the full error:
InvalidOperationException: Sequence contains no elements
System.Linq.ThrowHelper.ThrowNoElementsException()
System.Linq.Enumerable.First<TSource>(IEnumerable<TSource> source)
Program+<>c__DisplayClass0_0.<<Main>$>b__0(Saml2Configuration saml2Configuration) in Program.cs
var entityDescriptor = new EntityDescriptor();
//entityDescriptor.ReadIdPSsoDescriptorFromUrlAsync(httpClientFactory, new Uri(Configuration["Saml2:IdPMetadata"])).GetAwaiter().GetResult();
entityDescriptor.ReadIdPSsoDescriptorFromUrl(new Uri(configuration["Saml2:IdPMetadata"]));
if (entityDescriptor.IdPSsoDescriptor != null)
{
saml2Configuration.SingleSignOnDestination = entityDescriptor.IdPSsoDescriptor.SingleSignOnServices.First().Location;
saml2Configuration.SingleLogoutDestination = entityDescriptor.IdPSsoDescriptor.SingleLogoutServices.First().Location;
saml2Configuration.SignatureValidationCertificates.AddRange(entityDescriptor.IdPSsoDescriptor.SigningCertificates);
}
else
{
throw new Exception("IdPSsoDescriptor not loaded from metadata.");
}
Microsoft.Extensions.Options.OptionsFactory<TOptions>.Create(string name)
Microsoft.Extensions.Options.UnnamedOptionsManager<TOptions>.get_Value()
UniversityComms.Controllers.AuthController..ctor(IOptions<Saml2Configuration> configAccessor) in AuthController.cs
{
const string relayStateReturnUrl = "ReturnUrl";
private readonly Saml2Configuration config;
public AuthController(IOptions<Saml2Configuration> configAccessor)
{
config = configAccessor.Value;
}
[Route("Login")]
public IActionResult Login(string? returnUrl = null)
{
var binding = new Saml2RedirectBinding();
lambda_method22(Closure , IServiceProvider , object[] )
答案1
得分: 1
这段代码从IdP元数据端点zau_idpMetadata
加载SingleSignOnDestination
和SingleLogoutDestination
。IdP元数据可能不包含至少一个SingleLogoutServices
,因此在.First()
上失败。
您可以将单点注销行注释掉,并从配置中加载它。
英文:
The code loads the SingleSignOnDestination
and SingleLogoutDestination
from the IdP metadata endpoint zau_idpMetadata
. The IdP metadata probably do not contain at lease one SingleLogoutServices
and therefore it fails on .First()
.
You can comment out the single logout line and load it from config.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论