问题
In our ASP.Net project, I am using Kentor.AuthServices.HTTPModule and have configured ADFS.
Have given the SAML Assertion Consumer Binding as "redirect" and Trusted-URL as "ourSiteUrl".
After ADFS login is successful, it will redirect to ourSiteURL/AuthServices/Acs?SAMLResponse=... and it throws an Exception
Kentor.AuthServices.Exceptions.InvalidSignatureException: Cannot verify signature of message from unknown sender win-3obaenpbsol.dc10.inapp.com/adfs/services/trust.
What could be the reason for this issue?
回答1:
The reason is that AuthServices does not recognize the Idp with entity id win-3obaenpbsol.dc10.inapp.com/adfs/services/trust.
I also see that you are using the Redirect binding when sending the response to AuthServices, which is not supported. That is a setting you need to change on the ADFS side.
To make configuration easier, please use metadata. AuthServices supports importing ADFS metadata and AuthServices generates metadata that ADFS can consume at ourSiteURL/AuthServices/.
来源:https://stackoverflow.com/questions/38433399/kentor-httpmodule-adfs-login-samlresponse-error