1
要根據ADFS進行身份驗證並檢查我希望從adfs服務器獲取安全令牌的聲明。但是,我使用的示例代碼在請求令牌時始終會生成錯誤。示例代碼如下:從adfs服務器獲取安全令牌時出錯
private static SecurityToken RequestSamlToken()
{
var factory = new WSTrustChannelFactory(
new UserNameWSTrustBinding(SecurityMode.TransportWithMessageCredential),
new EndpointAddress(adfsEndpoint));
factory.TrustVersion = TrustVersion.WSTrust13;
factory.Credentials.UserName.UserName = username;
factory.Credentials.UserName.Password = password;
var rst = new RequestSecurityToken
{
RequestType = RequestTypes.Issue,
KeyType = KeyTypes.Bearer,
AppliesTo = new EndpointReference(realm)
};
return factory.CreateChannel().Issue(rst);
}
我得到以下錯誤:
類型「System.ServiceModel.FaultException」的未處理的異常發生在System.ServiceModel.dll 其他信息:ID3082 :請求範圍無效或不受支持。
ADFS服務器中是否缺少任何配置不允許服務令牌?另一個使用IdpInitiated Logon的代碼片段用於生成SAML令牌。 ADFS的特性如下 -
AcceptableIdentifiers : {}
AddProxyAuthorizationRules : exists([Type ==
"http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid", Value
== "S-1-5-32-544", Issuer =~ "^AD AUTHORITY$"]) => issue(Type =
"http://schemas.microsoft.com/authorization/claims/permit", Value =
"true");
c:[Type ==
"http://schemas.microsoft.com/ws/2008/06/identity/claims/primarysid",
Issuer =~ "^AD AUTHORITY$" ]
=> issue(store="_ProxyCredentialStore",types=("http
://schemas.microsoft.com/authorization/claims/permit"),query="isProxyTrust
ManagerSid({0})", param=c.Value);
c:[Type ==
"http://schemas.microsoft.com/ws/2008/06/identity/claims/proxytrustid",
Issuer =~ "^SELF AUTHORITY$" ]
=> issue(store="_ProxyCredentialStore",types=("http
://schemas.microsoft.com/authorization/claims/permit"),query="isProxyTrust
Provisioned({0})", param=c.Value);
ArtifactDbConnection : Data Source=np:\\.\pipe\microsoft##wid\tsql\query;Initial
Catalog=AdfsArtifactStore;Integrated Security=True
AuthenticationContextOrder : {urn:oasis:names:tc:SAML:2.0:ac:classes:Password,
urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport,
urn:oasis:names:tc:SAML:2.0:ac:classes:TLSClient,
urn:oasis:names:tc:SAML:2.0:ac:classes:X509...}
AutoCertificateRollover : True
CertificateCriticalThreshold : 2
CertificateDuration : 365
CertificateGenerationThreshold : 20
CertificatePromotionThreshold : 5
CertificateRolloverInterval : 720
CertificateSharingContainer : CN=6b987b00-35ce-44d9-97c8-561b6f1ac3dd,CN=ADFS,CN=Microsoft,CN=Program
Data,DC=sciemetricdev,DC=com
CertificateThresholdMultiplier : 1440
ClientCertRevocationCheck : None
ContactPerson :
DisplayName : ADFS
IntranetUseLocalClaimsProvider : False
ExtendedProtectionTokenCheck : Allow
FederationPassiveAddress : /adfs/ls/
HostName : *************.com
HttpPort : 80
HttpsPort : 443
TlsClientPort : 49443
Identifier : http://*******.com/adfs/services/trust
InstalledLanguage : en-US
LogLevel : {Errors, Information, Verbose, Warnings}
MonitoringInterval : 1440
NetTcpPort : 1501
NtlmOnlySupportedClientAtProxy : False
OrganizationInfo :
PreventTokenReplays : False
ProxyTrustTokenLifetime : 21600
ReplayCacheExpirationInterval : 60
SignedSamlRequestsRequired : False
SamlMessageDeliveryWindow : 5
SignSamlAuthnRequests : False
SsoLifetime : 480
PersistentSsoLifetimeMins : 10080
KmsiLifetimeMins : 1440
PersistentSsoEnabled : True
PersistentSsoCutoffTime : 1/1/0001 12:00:00 AM
KmsiEnabled : False
LoopDetectionEnabled : True
LoopDetectionTimeIntervalInSeconds : 20
LoopDetectionMaximumTokensIssuedInInterval : 5
PasswordValidationDelayInMinutes : 60
SendClientRequestIdAsQueryStringParameter : False
WIASupportedUserAgents : {MSAuthHost/1.0/In-Domain, MSIE 6.0, MSIE 7.0, MSIE 8.0...}
ExtranetLockoutThreshold : 2147483647
ExtranetLockoutEnabled : False
ExtranetObservationWindow : 00:30:00
使用PowerShell,只是仔細檢查ADFS財產「AcceptableIdentifiers」。運行:'add-PSSNapin Microsoft.Adfs.PowerShell'加載管理單元。並添加命令get-adfsproperties – 2015-10-27 07:58:52
adfs屬性。不知道它是否有幫助! – TrustyCoder