问题
I am trying to create an authentication on an ASP.NET Core 2.0 web app.
My company is using Ping Federate and I am trying to authenticate my users using the company login page and in return validating the returned token using my signing key (X509SecurityKey down here).
The ping login link link looks like:
https://auth.companyname.com
I configured the Startup.cs to be able to log in and challenge against this site.
I decorated my HomeController with a [Authorize(Policy="Mvc")].
I am able to reach the login page, but, whenever I return from it I get ( I tried turning off/on multiple multiple validations):
Exception: Correlation failed.
Unknown location
Exception: An error was encountered while handling the remote login.
Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler.HandleRequestAsync()
The error message is not very helpful... anybody encountered such an issue before?
public void ConfigureServices(IServiceCollection services)
{
services.AddMvc();
services.AddAuthentication(options =>
{
options.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
})
.AddCookie()
.AddOpenIdConnect(options =>
{
options.Authority = PF_LOGINPATH;
options.ClientId = Configuration["ClientId"];
options.ClientSecret = Configuration["ClientSecret"];
options.Scope.Clear();
options.ResponseType = OpenIdConnectResponseType.CodeIdTokenToken;
options.SaveTokens = false;
options.GetClaimsFromUserInfoEndpoint = false;//true;
options.TokenValidationParameters = new TokenValidationParameters
{
RequireSignedTokens = false,
ValidateActor = false,
ValidateAudience = false,
ValidateIssuer = false,
ValidateIssuerSigningKey = false,
ValidateTokenReplay = false,
// Compensate server drift
ClockSkew = TimeSpan.FromHours(24),
//ValidIssuer = PF_LOGINPATH;
// Ensure key
IssuerSigningKey = CERTIFICATE,
// Ensure expiry
RequireExpirationTime = false,//true,
ValidateLifetime = false,//true,
// Save token
SaveSigninToken = false
};
});
services.AddAuthorization(options =>
{
options.AddPolicy("Mvc", policy =>
{
policy.AuthenticationSchemes.Add(OpenIdConnectDefaults.AuthenticationScheme);
policy.RequireAuthenticatedUser();
});
});
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
if (env.IsDevelopment())
{
app.UseBrowserLink();
app.UseDeveloperExceptionPage();
}
else
{
app.UseExceptionHandler("/Home/Error");
}
app.UseStaticFiles();
app.UseAuthentication();
app.UseMvc(routes =>
{
routes.MapRoute(
name: "default",
template: "{controller=Home}/{action=Index}/{id?}");
});
}
回答1:
I had similar situation. My Application url is like this : "https://domain/appname" so when someone types url "https://domain/appname/" [with trailling slash], it gives Correlation error. This is how I have resolved it (found from some oher site)
public void ConfigureServices(IServiceCollection services)
{
services.AddAuthentication(options =>
{
//Auth schemes here
})
.AddOpenIdConnect(oid =>
{
//Other config here
oid.Events = new OpenIdConnectEvents()
{
OnRemoteFailure = OnRemoteFailure
};
});
}
private Task OnRemoteFailure(RemoteFailureContext context)
{
if (context.Failure.Message.Contains("Correlation failed"))
{
context.Response.Redirect("/AppName"); // redirect without trailing slash
context.HandleResponse();
}
return Task.CompletedTask;
}
来源:https://stackoverflow.com/questions/51161562/asp-net-core-2-0-openid-connect-auth-correlation-error