1. 首頁
  2. 問答
  3. 無法找到「Microsoft.IdentityModel.Tokens.Saml2.Saml2SecurityToken」令牌的令牌認證器

無法找到「Microsoft.IdentityModel.Tokens.Saml2.Saml2SecurityToken」令牌的令牌認證器

2012-07-23 106 views
1

我正嘗試使用WS2007HttpRelayBinding,端到端安全模式設置爲TransportWithMessageCredential。我正在使用IssuedToken作爲憑證類型。我從ADFS 2.0獲得令牌,並調用該服務我在本地wcf跟蹤日誌中獲得以下內容無法找到「Microsoft.IdentityModel.Tokens.Saml2.Saml2SecurityToken」令牌的令牌認證器

找不到'Microsoft.IdentityModel.Tokens.Saml2.Saml2SecurityToken'令牌類型的令牌認證器。根據當前的安全設置,該類型的令牌不能被接受。

更新:
這是怎麼了配置服務主機

ServiceConfiguration serviceConfiguration = new ServiceConfiguration(); 

      serviceConfiguration.ServiceCertificate = GetServiceCertificateWithPrivateKey(); 


      serviceConfiguration.CertificateValidationMode = X509CertificateValidationMode.None; 


      serviceConfiguration.IssuerNameRegistry = new X509IssuerNameRegistry("localhost"); 


      serviceConfiguration.SaveBootstrapTokens = true; 


      serviceConfiguration.SecurityTokenHandlers.AddOrReplace(new Saml2SecurityTokenHandler()); 


      serviceConfiguration.SecurityTokenHandlers.Configuration.AudienceRestriction.AllowedAudienceUris.Add(new Uri("https://mynamespace.servicebus.windows.net/Service1/")); 



      FederatedServiceCredentials.ConfigureServiceHost(host, serviceConfiguration); 

      host.Open();

來源

2012-07-23 Ovais

回答

1

結合安全元素被設定爲尋找SAML 1.1令牌。我下面的代碼添加到服務器構建「CustomBinding」元素之後

IssuedSecurityTokenParameters issuedTokenParameters = 
      myBinding.Elements.Find<TransportSecurityBindingElement>().EndpointSupportingTokenParameters.Endorsing[0] as IssuedSecurityTokenParameters; 
     issuedTokenParameters.TokenType = "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0";

來源

2012-07-27 13:40:50 Ovais

2

你可以驗證,如果在

<securityTokenHandlers> 
    <add type="Microsoft.IdentityModel.Tokens.Saml2.Saml2SecurityTokenHandler" /> 
    </securityTokenHandlers>

編輯添加Microsoft.IdentityModel.Tokens.Saml2.Saml2SecurityTokenHandler:和也一定要驗證證書配置。

編輯:也許這也將有助於MSDN WCF forums

來源

2012-07-23 13:28:13

+0

我相信這是equalant這個代碼,我做的, serviceConfiguration.SecurityTokenHandlers.Add(新Saml2SecurityTokenHandler()); 然後我打電話給 FederatedServiceCredentials.ConfigureServiceHost(host,serviceConfiguration); – Ovais 2012-07-23 14:03:56

+0

這裏是我如何創建客戶端綁定 var binding = new WS2007HttpRelayBinding(); binding.Security.Message.ClientCredentialType = MessageCredentialType.IssuedToken; binding.Security.Message.EstablishSecurityContext = false; //binding.Security.Message.NegotiateServiceCredential = false; binding.Security.Mode = EndToEndSecurityMode.TransportWithMessageCredential; 看不到帖子中提到的問題 – Ovais 2012-07-23 14:18:11

+0

binding.Security.Message.EstablishSecurityContext = false;將其設置爲true :) – 2012-07-23 14:40:22

0

阿列克謝的答案是完美的web.config /的app.config修改。除此之外,你還可以配置在代碼中標記處理程序(從How to: Authenticate with a Username and Password to a WCF Service Protected by ACS article樣品):

// 
// This must be called after all WCF settings are set on the service host so the 
// Windows Identity Foundation token handlers can pick up the relevant settings. 
// 
ServiceConfiguration serviceConfiguration = new ServiceConfiguration(); 
serviceConfiguration.CertificateValidationMode = X509CertificateValidationMode.None; 

// Accept ACS signing certificate as Issuer. 
serviceConfiguration.IssuerNameRegistry = new X509IssuerNameRegistry(GetAcsSigningCertificate().SubjectName.Name); 

// Add the SAML 2.0 token handler. 
serviceConfiguration.SecurityTokenHandlers.AddOrReplace(new Saml2SecurityTokenHandler());

來源

2012-07-23 13:33:49

+0

Sandrino this正是我在做什麼 serviceConfiguration.SecurityTokenHandlers.Add(new Saml2SecurityTokenHandler()); 仍然出現錯誤:( – Ovais 2012-07-23 14:02:25

+0

我正在使用AddOrReplace和Add給出了一個錯誤,這意味着這個處理程序已經在集合中。 – Ovais 2012-07-23 14:05:47

相關問題

 相關問題