asp.net-mvc – 使用MVC应用程序中的Kentor Auth服务库将Google

您好我正在使用kentor身份验证服务(Kentor身份验证服务是一个库,它为ASP.NET和IIS网站添加了SAML2P支持,允许该网站充当SAML2服务提供商(SP)).现在我正在使用谷歌作为用于测试我的应用程序的Identity Privider(使用owin midddleware进行身份验证).我也设置了Google身份提供程序.但是当我运行应用程序时它给了我一个错误

“400.那是一个错误.
请求URL中的请求无效,idpId无效,请检查SP端是否正确配置了SSO URL.我们知道的就这些.”

我使用过SingleSignOnServiceUrl = https://accounts.google.com/o/saml2/idp?idpid=xxxxxxxxx

DiscoveryServiceUrl = https://accounts.google.com/o/saml2/idp?idpid=xxxxxxxxx

以上配置是否正确？

我在下面附加了App_start配置.来自Kentor auth服务库.

public partial class Startup
{
    // For more information on configuring authentication,please visit http://go.microsoft.com/fwlink/?LinkId=301864
    public void ConfigureAuth(IAppBuilder app)
    {
        // Configure the db context,user manager and signin manager to use a single instance per request
        app.CreatePerOwinContext(ApplicationDbContext.Create);
        app.CreatePerOwinContext<ApplicationUserManager>(ApplicationUserManager.Create);
        app.CreatePerOwinContext<ApplicationSignInManager>(ApplicationSignInManager.Create);

        // Enable the application to use a cookie to store information for the signed in user
        // and to use a cookie to temporarily store information about a user logging in with a third party login provider
        // Configure the sign in cookie
        app.UseCookieAuthentication(new CookieAuthenticationOptions
        {
            AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,LoginPath = new PathString("/Account/Login"),Provider = new CookieAuthenticationProvider
            {
                // Enables the application to validate the security stamp when the user logs in.
                // This is a security feature which is used when you change a password or add an external login to your account.  
                OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager,ApplicationUser>(
                    validateInterval: TimeSpan.FromMinutes(30),regenerateIdentity: (manager,user) => user.GenerateUserIdentityAsync(manager))
            }
        });
        app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);

        app.UseKentorAuthServicesAuthentication(CreateAuthServicesOptions());
    }

    private static KentorAuthServicesAuthenticationOptions CreateAuthServicesOptions()
    {
        var spOptions = CreateSPOptions();
        var authServicesOptions = new KentorAuthServicesAuthenticationOptions(false)
        {
            SPOptions = spOptions
        };

        var idp = new IdentityProvider(new EntityId("~/App_Data/GoogleIDPMetadata.xml"),spOptions)
            {
                AllowUnsolicitedAuthnResponse = true,Binding = Saml2BindingType.HttpRedirect,SingleSignOnServiceUrl = new Uri("https://accounts.google.com/o/saml2/idp?idpid=xxxxxxxxx")
            };

        idp.SigningKeys.AddConfiguredKey(
            new X509Certificate2(
                HostingEnvironment.MapPath(
                    "~/App_Data/Kentor.AuthServices.StubIdp.cer")));

        authServicesOptions.IdentityProviders.Add(idp);

        // It's enough to just create the federation and associate it
        // with the options. The federation will load the metadata and
        // update the options with any identity providers found.
        new Federation("http://example.com/Federation",true,authServicesOptions);

        return authServicesOptions;
    }

    private static SPOptions CreateSPOptions()
    {
        var swedish = CultureInfo.GetCultureInfo("sv-se");

        var organization = new Organization();
        organization.Names.Add(new LocalizedName("Kentor",swedish));
        organization.DisplayNames.Add(new LocalizedName("Kentor IT AB",swedish));
        organization.Urls.Add(new LocalizedUri(new Uri("http://www.kentor.se"),swedish));

        var spOptions = new SPOptions
        {
            EntityId = new EntityId("https://example.com/AuthServices"),ReturnUrl = new Uri("https://example.com/Account/ExternalLoginCallback"),DiscoveryServiceUrl = new Uri(https://accounts.google.com/o/saml2/idp?idpid=xxxxxxxxx"),Organization = organization
        };

        var techContact = new ContactPerson
        {
            Type = ContactType.Technical
        };
        techContact.EmailAddresses.Add("authservices@example.com");
        spOptions.Contacts.Add(techContact);

        var supportContact = new ContactPerson
        {
            Type = ContactType.Support
        };
        supportContact.EmailAddresses.Add("support@example.com");
        spOptions.Contacts.Add(supportContact);

        var attributeConsumingService = new AttributeConsumingService("AuthServices")
        {
            IsDefault = true,};

        attributeConsumingService.RequestedAttributes.Add(
            new RequestedAttribute("urn:someName")
            {
                FriendlyName = "Some Name",IsRequired = true,NameFormat = RequestedAttribute.AttributeNameFormatUri
            });

        attributeConsumingService.RequestedAttributes.Add(
            new RequestedAttribute("Minimal"));

        spOptions.AttributeConsumingServices.Add(attributeConsumingService);

        spOptions.ServiceCertificates.Add(new X509Certificate2(
            AppDomain.CurrentDomain.SetupInformation.ApplicationBase + "/App_Data/Kentor.AuthServices.Tests.pfx"));

        return spOptions;
    }

为什么我重定向到google saml页面时出现400错误？提前致谢