将kentor.authservices升级到sustainsys.saml2后/saml2/idp/出现404错误

与Kentor.AuthServices.owin 0.18.0和此流量日志一起工作。

200 GET https://some-saml2-idp.com/saml2/idp/SSO_1..39%3D&RelayState=Os..j
302 POST https://demo.local/AuthServices/Acs
200 GET for the set RedirectUri

升级到sustainsys.saml2.owin 2.2.0之后,我得到了这个流量日志…

200 GET https://some-saml2-idp.com/saml2/idp/SSO_1a7f5..sy%2Fh9rebTw%3D%3D&RelayState=1M..3c
302 POST https://demo.local/AuthServices/Acs
303 GET https://demo.local/login?error=access_denied
200 GET https://some-saml2-idp.com/saml2/idp/SSO_1a7f..NfLr6E299uPwE%3D&RelayState=cS..L
302 POST https://demo.local/AuthServices/Acs
404 GET https://demo.local/saml2/idp/SSO_1..39?SAMLRequest=hZ..bTw==&RelayState=1M..c&error=access_denied

我尝试清除所有的cookie,并尝试找到任何“自己的”代码来解释错误或错误参数。

如果我能在不改变IDP方面的任何东西的情况下让我的两个分支机构都工作,我会更愿意。

我的web.config具有以下结构…

<sustainsys.saml2 entityId="https://demo.local/AuthServices"
        returnUrl="https://demo.local"
        publicOrigin="https://demo.local"
        modulePath="/AuthServices">
    <serviceCertificates>
        <add fileName="~/somename.pfx"
            use="Signing" />
    </serviceCertificates>
    <identityProviders>
        <add entityId="My-IDP"
            allowUnsolicitedAuthnResponse="true"
            loadMetadata="true"
            metadataLocation="https://some-saml2-idp.com/metadata" />
    </identityProviders>
</sustainsys.saml2>

我的奥文启动…

var defaultSignInAsAuthType = "Cookies";

app.SetDefaultSignInAsAuthenticationType(defaultSignInAsAuthType);

app.UseCookieAuthentication(new CookieAuthenticationOptions
{
    AuthenticationType = defaultSignInAsAuthType,
    ReturnUrlParameter  = "returnUrl",
    LoginPath = new PathString("/login"),
    LogoutPath = new PathString("/logout")
});

var saml2Options = new Saml2AuthenticationOptions(true);
app.UseSaml2Authentication(saml2Options);
app.UseStageMarker(PipelineStage.Authenticate);

AntiForgeryConfig.UniqueClaimTypeIdentifier = ClaimTypes.Name;

我缺少什么来模拟旧包设置的行为?