ADFS登录错误
[英]ADFS Login Error
问题描述
When I try to login with adfs with RP I am getting below error. 
当我尝试使用RP用adfs登录时,出现以下错误。 Any one let us know solution. 任何人都可以让我们知道解决方案。
Encountered error during federation passive request. 联合身份验证被动请求期间遇到错误。
Additional Data 附加数据
Protocol Name: 协议名称:
Relying Party: 依赖方:
Exception details: System.NotSupportedException: MSIS0023: SAML signature type ' http://www.w3.org/2000/09/xmldsig#dsa-sha1 ' is not supported by the HTTP Redirect binding serializer at this time. 异常详细信息:System.NotSupportedException:MSIS0023:HTTP重定向绑定序列化程序当前不支持SAML签名类型' http://www.w3.org/2000/09/xmldsig#dsa-sha1 '。 at Microsoft.IdentityServer.Protocols.Saml.HttpRedirectSamlBindingSerializer.CreateFromNameValueCollection(Uri baseUrl, NameValueCollection collection) at Microsoft.IdentityServer.Protocols.Saml.HttpRedirectSamlBindingSerializer.ReadMessage(Uri requestUrl, NameValueCollection form) at Microsoft.IdentityServer.Web.Protocols.Saml.HttpSamlMessageFactory.CreateMessage(WrappedHttpListenerRequest httpRequest) at Microsoft.IdentityServer.Web.Protocols.Saml.SamlContextFactory.CreateProtocolContextFromRequest(WrappedHttpListenerRequest request, ProtocolContext& protocolContext) at Microsoft.IdentityServer.Web.Protocols.Saml.SamlProtocolHandler.CreateProtocolContext(WrappedHttpListenerRequest request) at Microsoft.IdentityServer.Web.PassiveProtocolListener.GetProtocolHandler(WrappedHttpListenerRequest request, ProtocolContext& protocolContext, PassiveProtocolHandler& protocolHandler) at Microsoft.IdentityServer.Web.PassiveProtocolListener.OnGetContext(WrappedHttpListenerContext context) 在Microsoft.IdentityServer.SasMessage.Sales.Saml.HttpRedirectSamlBindingSerializer.CreateFromNameValueCollection(Uri baseUrl,NameValueCollection集合)处Microsoft.IdentityServer.Protocols.Saml.HttpRedirectSamlBindingSerializer.ReadMessage(Uri requestUrl,NameValueCollection形式) Microsoft.IdentityServer.Web.Protocols.Saml.SamlProtocolHandler.CreateProtocolContext(W。 Microsoft.IdentityServer.Web.PassiveProtocolListener.OnGetContext(WrappedHttpListenerContext上下文)上的Web.PassiveProtocolListener.GetProtocolHandler(WrappedHttpListenerRequest请求,ProtocolContext&protocolContext,PassiveProtocolHandler&protocolHandler)
2 个解决方案
解决方案1
0 2017-11-09 18:32:42
It means that signature method is not supported by ADFS. 这意味着ADFS不支持签名方法。
eg it supports: 例如,它支持:
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/><ds:Reference URI="#_aab2f88b-026a-4307-8a9a-1eaca6e9468d"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
解决方案2
0 2017-11-09 23:01:10
It would be better to switch to SHA-256 signatures in your RP. 最好在RP中切换到SHA-256签名。
If this isn't possible for some reason, you can tell ADFS to accept SHA-1 signatures by specifying SHA-1 under the Advanced tab of your relying party's properties in ADFS. 如果由于某些原因无法实现此目的,则可以通过在ADFS中依赖方属性的“高级”选项卡下指定SHA-1来告诉ADFS接受SHA-1签名。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.