WCF SAML 1.1客戶端文檔

Question

下面是情形：

1）WCF客戶端調用STS經由RST /發行請求

2）STS與RSTRC/IssueFinal放置SAML令牌插入響應請求SAML令牌響應頭

3）WCF客戶端拿起SAML令牌的進行呼叫業務web服務

STS和Web Service的基於Java的環境中託管。 1）和2）正常工作，也就是說，我可以看到STS以預期的方式響應SOAP標頭和正確設置的正文。

現在，問題是，在收到來自STS的響應後，WCF客戶端向安全上下文令牌發送一個請求給業務Web服務，這當然會失敗，我不知道如何以及爲什麼。

這是我的客戶的app.config：

<?xml version="1.0" encoding="utf-8" ?> 
<configuration> 
<system.serviceModel> 
<bindings> 
<wsFederationHttpBinding> 
<binding name="RegistryServiceBinding"> 
    <security mode="TransportWithMessageCredential"> 
    <message issuedTokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#samlv1.1" 
     negotiateServiceCredential="False" establishSecurityContext="false"> 
     <issuer address="https://my-sts-ip/idp-ws/services/BasicSAMLIssuer" 
     binding="customBinding" bindingConfiguration="STSBinding" /> 
    </message> 
    </security> 
</binding> 
</wsFederationHttpBinding> 

<customBinding> 
<binding name="STSBinding"> 
    <security allowInsecureTransport="False" 
    authenticationMode="UserNameOverTransport" 
    requireSignatureConfirmation="false" 
    messageSecurityVersion="WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10"> 
    </security>   
    <textMessageEncoding messageVersion="Soap12WSAddressing10" /> 
    <httpsTransport/> 
</binding>  
</customBinding> 
</bindings> 

<client> 
    <endpoint address="https://my-ws-ip/soap/RegistryStoredQuery" 
    binding="wsFederationHttpBinding" bindingConfiguration="RegistryServiceBinding" 
    contract="IXDSRegistry" name="RegistrySTS" /> 
</client> 
</system.serviceModel> 
<startup> 
    <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.0,Profile=Client" /> 
</startup> 
</configuration> 

而這正是WCF客戶端從STS獲取SAML令牌（略）後發送：

<?xml version="1.0" encoding="UTF-8"?> 
<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" 
      xmlns:a="http://www.w3.org/2005/08/addressing" 
      xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"> 
<s:Header> 
<a:Action 
    s:mustUnderstand="1">http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT</a:Action> 
<a:MessageID>urn:uuid:fecde50b-a3bd-40f1-ae5b-662a3aa9bf80</a:MessageID> 
<ActivityId CorrelationId="cec77c8d-1d09-4e34-9c5a-dbf5bb219ba8" 
    xmlns="http://schemas.microsoft.com/2004/09/ServiceModel/Diagnostics">bfce2552-393d-43d0-8722-0c16ae22bba4</ActivityId> 
<a:ReplyTo> 
    <a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address> 
</a:ReplyTo> 
<a:To s:mustUnderstand="1">https://10.11.71.151/soap/RegistryStoredQuery</a:To> 
<o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> 
<u:Timestamp u:Id="_0"> 
    <u:Created>2011-10-28T07:27:50.097Z</u:Created> 
    <u:Expires>2011-10-28T07:32:50.097Z</u:Expires> 
</u:Timestamp> 
<Assertion> .... </Assertion> 

<Signature xmlns="http://www.w3.org/2000/09/xmldsig#"> 
... 
</Signature> 
</o:Security> 
</s:Header> 
<s:Body> 
    <t:RequestSecurityToken xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust"> 
    <t:TokenType>http://schemas.xmlsoap.org/ws/2005/02/sc/sct</t:TokenType> 
    <t:RequestType>http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</t:RequestType> 
    <t:Entropy> 
    <t:BinarySecret u:Id="uuid-d1ed3eb6-d7f6-4d2b-ab7e-a6c60d899bad-3" Type="http://schemas.xmlsoap.org/ws/2005/02/trust/Nonce">iRqJf4/sY1yiu7Vh1eTGeAWJi7o0gxnhS6A2YvJQ6kI=</t:BinarySecret> 
    </t:Entropy> 
<t:KeySize>256</t:KeySize> 
</t:RequestSecurityToken> 
</s:Body> 
</s:Envelope> 

任何想法會觸發這種行爲？

最好的問候。

Answer 1

wsFederationHttpBinding默認安全會話設置爲true。 You'll need to clone a custom binding and set this to false.