Spring上的SAML單點登錄ADFS響應失敗，因爲狀態消息爲空

Question

我試圖在Spring的SAML擴展和ADFS服務器的幫助下爲我的web應用程序集成單點登錄，我在3個月前藉助Spring SAML示例應用程序，那個時候它完美，但現在它給我的異常以下

 
AuthNRequest;SUCCESS;111.11.11.111;https://my.domain.com:443/app/saml/metadata;http://myfedservicesserver.com/trustme;;; 
AuthNResponse;FAILURE;111.11.11.111;https://my.domain.com:443/app/saml/metadata;http://myfedservicesserver.com/trustme;;;org.opensaml.common.SAMLException: Response has invalid status code urn:oasis:names:tc:SAML:2.0:status:Responder, status message is null 
    at org.springframework.security.saml.websso.WebSSOProfileConsumerImpl.processAuthenticationResponse(WebSSOProfileConsumerImpl.java:113) 
    at org.springframework.security.saml.SAMLAuthenticationProvider.authenticate(SAMLAuthenticationProvider.java:82) 
    at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:156) 
    at org.springframework.security.saml.SAMLProcessingFilter.attemptAuthentication(SAMLProcessingFilter.java:84) 
    at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:195) 
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) 
    at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192) 
    at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:166) 
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) 
    at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87) 
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) 
    at org.springframework.security.saml.metadata.MetadataGeneratorFilter.doFilter(MetadataGeneratorFilter.java:87) 
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) 
    at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192) 
    at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:160) 

SAML 2 and ADFS 3.0 IDP - SSO Invalid Status Code First time Login - But succeeds every time after

Issues while integrating ADFS with Spring SAML Extension

我通過上面的鏈接了，但它並沒有爲我工作，我改變特里d數字簽名SHA-256到ADFS服務器中的SHA-1，但問題未解決。

Answer 1

奮鬥很多天之後，我發現我的應用程序做工精細在互聯網上，但在Intranet環境不工作，我檢查ADFS服務器日誌，然後我得到的例外下面

Microsoft.IdentityServer.Service.SecurityTokenService.RevocationValidationException: MSIS7098: The certificate identified by thumbprint '2312312213BKHDIIDHD783j3bsd' is not valid. It might indicate that the certificate has been revoked, has expired, or that the certificate chain is not trusted. 

我已經驗證了我的申請證明它是CA信任與有效的有效性，但問題仍然在企業內部網的存在，我不明白爲什麼ADFS服務器說，這是無效的證書，並在響應中返回

urn:oasis:names:tc:SAML:2.0:status:Responder 

狀態代碼，然後我殘疾人簽名證書的信任檢查ADFS服務器，然後它對我工作正常，我不知道這是有效的解決方案或不，但它爲我工作。