エラーが発生しましたInResponseTo "id142e8231161a4246bf345d331a7b0ace"を含むと予想されるメッセージが見つかりませんでした。 Kendor.AuthServices.MVC

Question

にこれは

<configuration> 
    <configSections> 
     <section name="system.identityModel" type="System.IdentityModel.Configuration.SystemIdentityModelSection, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" /> 
     <section name="system.identityModel.services" type="System.IdentityModel.Services.Configuration.SystemIdentityModelServicesSection, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" /> 
     <section name="kentor.authServices" type="Kentor.AuthServices.Configuration.KentorAuthServicesSection, Kentor.AuthServices" /> 
    </configSections> 
    <appSettings> 
     <add key="webpages:Version" value="3.0.0.0" /> 
     <add key="webpages:Enabled" value="false" /> 
     <add key="ClientValidationEnabled" value="true" /> 
     <add key="UnobtrusiveJavaScriptEnabled" value="true" /> 
    </appSettings> 
    <system.diagnostics> 
     <trace> 
      <listeners> 
       <add type="Microsoft.WindowsAzure.Diagnostics.DiagnosticMonitorTraceListener, Microsoft.WindowsAzure.Diagnostics, Version=2.8.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" name="AzureDiagnostics"> 
        <filter type="" /> 
       </add> 
      </listeners> 
     </trace> 
    </system.diagnostics> 
    <!-- 
    For a description of web.config changes see http://go.microsoft.com/fwlink/?LinkId=235367. 

    The following attributes can be set on the <httpRuntime> tag. 
     <system.Web> 
     <httpRuntime targetFramework="4.6.1" /> 
     </system.Web> 
    --> 
    <system.web> 
     <compilation debug="true" targetFramework="4.6.1" /> 
     <httpRuntime targetFramework="4.5.2" /> 

     <authentication mode="Forms"> 
      <forms loginUrl="~/AuthServices/SignIn" /> 
     </authentication> 
    </system.web> 
    <system.webServer> 
     <modules> 
      <add name="SessionAuthenticationModule" type="System.IdentityModel.Services.SessionAuthenticationModule, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" preCondition="managedHandler" /> 
     </modules> 

    </system.webServer> 

    <kentor.authServices entityId="http://myapp.ci.01/metadata" returnUrl="http://localhost:63238/AuthServices/Acs"> 
     <identityProviders> 
      <add entityId="http://myapp.ci.01/metadata" 
       signOnUrl="https://sso.myapp.com/issue/saml/?binding=redirect" 
       allowUnsolicitedAuthnResponse="true" binding="HttpRedirect"> 
       <signingCertificate fileName="~/App_Data/MyApp.AuthServices.StubIdp.cer" /> 
      </add> 
     </identityProviders> 
    </kentor.authServices> 
    <system.identityModel.services> 
     <federationConfiguration> 
      <cookieHandler requireSsl="false" name="RMInform" /> 
     </federationConfiguration> 
    </system.identityModel.services> 


    <system.codedom> 
     <compilers> 
      <compiler language="c#;cs;csharp" extension=".cs" type="Microsoft.CodeDom.Providers.DotNetCompilerPlatform.CSharpCodeProvider, Microsoft.CodeDom.Providers.DotNetCompilerPlatform, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" warningLevel="4" compilerOptions="/langversion:6 /nowarn:1659;1699;1701" /> 
      <compiler language="vb;vbs;visualbasic;vbscript" extension=".vb" type="Microsoft.CodeDom.Providers.DotNetCompilerPlatform.VBCodeProvider, Microsoft.CodeDom.Providers.DotNetCompilerPlatform, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" warningLevel="4" compilerOptions="/langversion:14 /nowarn:41008 /define:_MYTYPE=\&quot;Web\&quot; /optionInfer+" /> 
     </compilers> 
    </system.codedom> 
    <runtime> 
     <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1"> 
      <dependentAssembly> 
       <assemblyIdentity name="WebGrease" publicKeyToken="31bf3856ad364e35" culture="neutral" /> 
       <bindingRedirect oldVersion="0.0.0.0-1.5.2.14234" newVersion="1.5.2.14234" /> 
      </dependentAssembly> 
     </assemblyBinding> 
    </runtime> 
</configuration> 

私のweb.configファイルである。しかし、私はエラーに

Server Error in '/' Application.

Expected message to contain InResponseTo "id0dda716c55fd41bd98d4899ca3e14036", but found none.

Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: Kentor.AuthServices.Exceptions.Saml2ResponseFailedValidationException: Expected message to contain InResponseTo "id0dda716c55fd41bd98d4899ca3e14036", but found none.

Source Error:

An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

Stack Trace:

[Saml2ResponseFailedValidationException: Expected message to contain InResponseTo "id0dda716c55fd41bd98d4899ca3e14036", but found none.]
Kentor.AuthServices.Saml2P.Saml2Response.ReadAndValidateInResponseTo(XmlElement xml, Saml2Id expectedInResponseTo) +295
Kentor.AuthServices.Saml2P.Saml2Response..ctor(XmlElement xml, Saml2Id expectedInResponseTo) +317
Kentor.AuthServices.WebSso.AcsCommand.Run(HttpRequestData request, IOptions options) +869
Kentor.AuthServices.Mvc.AuthServicesController.Acs() +81
lambda_method(Closure , ControllerBase , Object[]) +87
System.Web.Mvc.ReflectedActionDescriptor.Execute(ControllerContext controllerContext, IDictionary 2 parameters) +280
System.Web.Mvc.ControllerActionInvoker.InvokeActionMethod(ControllerContext controllerContext, ActionDescriptor actionDescriptor, IDictionary 2 parameters) +35
System.Web.Mvc.Async.<>c__DisplayClass42.b__41() +33 System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeActionMethod(IAsyncResult asyncResult) +42
System.Web.Mvc.Async.<>c__DisplayClass39.b__33() +80 System.Web.Mvc.Async.<>c__DisplayClass4f.b__49() +386 System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeActionMethodWithFilters(IAsyncResult asyncResult) +42
System.Web.Mvc.Async.<>c__DisplayClass2a.b__20() +32 System.Web.Mvc.Async.<>c__DisplayClass25.b__22(IAsyncResult asyncResult) +185
System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeAction(IAsyncResult asyncResult) +38
System.Web.Mvc.<>c__DisplayClass1d.b__18(IAsyncResult asyncResult) +27
System.Web.Mvc.Async.<>c__DisplayClass4.b__3(IAsyncResult ar) +22 System.Web.Mvc.Controller.EndExecuteCore(IAsyncResult asyncResult) +53
System.Web.Mvc.Async.<>c__DisplayClass4.b__3(IAsyncResult ar) +22 System.Web.Mvc.Controller.EndExecute(IAsyncResult asyncResult) +38
System.Web.Mvc.<>c__DisplayClass8.b__3(IAsyncResult asyncResult) +42
System.Web.Mvc.Async.<>c__DisplayClass4.b__3(IAsyncResult ar) +22 System.Web.Mvc.MvcHandler.EndProcessRequest(IAsyncResult asyncResult) +38
System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +657 System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +146

を取得していますサインインした後、私はlocalhostにリダイレクトしながら、これは

私のSAML応答であり、あなたのIDPは、応答メッセージで inResponseTo属性を含め、適切ではないよう

<saml2p:AuthnRequest xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" ID="idcbb43fbc52b34e88b34e71fcb80c9ac8" Version="2.0" IssueInstant="2016-06-14T12:09:50Z" Destination="sso.myapp.com/issue/saml? binding=redirect" AssertionConsumerServiceURL="localhost:63238/AuthServices/Acs">; <saml2:Issuer>myapp.ci.01/metadata</saml2:Issuer>; </saml2p:AuthnRequest> 

Answer 1

が見えます。これはSAML仕様に違反しています。 ChromeがブラウザでSAMLメッセージを表示するため

は、FirefoxやSAMLデベロッパーツールのためのSAMLトレーサーなどのツールを使用してください。応答が、で、SPから送信された Idが AuthnRequestに一致するかどうかを確認します。存在しない場合、Idpは間違っています。

このエラーを無視するAuthServicesに互換性の設定を追加することが可能かもしれません。必要な場合は、AuthServices GitHubのissue trackerで問題を開いて議論してください。