我試圖建立一個ADFS 2.0 IDP - simplesaml SAML SP的配置,我阻塞,ADFS報告的錯誤被nowere甚至可以說在發現官方adfs文檔。 我已經成功建立了中繼方,從SP應用我重定向到IDP,我可以authentify,但在重定向到SP我得到這個:ADFS 2.0 simpleSAML問題:基於SamlNameIdentifierClaimResource不止一個要求製作
The Federation Service could not fulfill the token-issuance request.
More than one claim based on SamlNameIdentifierClaimResource was produced after the
issuance transform rules were applies for relying party 'url here'. Please see event
500 with the same instance id for claims after application of issuance transform rules.
Additional Data
Instance id: 44ef5c64-7bcb-4766-9016-75034b4fd7eb
User Action
Ensure that the issuance transform rules that are configured for the relying party do not result in multiple claims based on SamlNameIdentifierClaimResource.
此外,警告:
More information for the event entry with instance id 44ef5c64-7bcb4766-9016-75034b4fd7eb.
There may be more events with the same instance id with more information.
Instance id:
44ef5c64-7bcb-4766-9016-75034b4fd7eb
Issued identity:
http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname
user name i used
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier
user name i used
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier
CKTECHNO\user name i used
http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod
http://schemas.microsoft.com/ws/2008/06/identity/authenticationmethod/windows
http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationinstant
2013-07-08T14:30:46.465Z
這裏是我的conf:
我搜索每一個,沒有提到這種類型的錯誤。即使是500事件,我似乎沒有在MS文檔中找到。 任何幫助,不勝感激。謝謝!
嗯,我試圖只使用一個活動目錄聲明,但名稱ID導致沒有正確的格式(瞬態),這就是爲什麼我添加了另一個規則來轉換它。 據我的理解,這應該像一個鏈/管道一樣工作,每條規則都有一個輸入和一個輸出,所以最終我只有一個結果,從規則帳戶名稱到名稱ID。我錯了嗎? 謝謝! – aciobanu