[英]Shibboleth Proxy to Azure AD Validation Error on redirect with error XML element 'RequesterID' in XML namespace 'urn:oasis:names:tc:SAML:2.0:protocol'
I configured my local shibboleth IdP to proxy authentication to Azure AD but on redirect and getting an Azure error:我将本地 shibboleth IdP 配置为将身份验证代理到 Azure AD,但在重定向时出现 Azure 错误:
AADSTS7500522: XML element 'RequesterID' in XML namespace 'urn:oasis:names:tc:SAML:2.0:protocol' in the SAML message must be a URI.
My service provider that is redirecting to Shibboleth > AzureAD uses an entity ID that is just a name and not a URL which is what shows up in my saml trace back to Azure.我重定向到 Shibboleth > AzureAD 的服务提供商使用的实体 ID 只是一个名称,而不是 URL,这在我的 saml 跟踪中显示为 Azure。
<saml2p:Scoping>
<saml2p:RequesterID>EntityIDShortName</saml2p:RequesterID>
</saml2p:Scoping>
Is there a way to turn off this validation in Azure or transform / not include the requester id from shibboleth to Azure AD?有没有办法在 Azure 中关闭此验证或将请求者 ID 从 shibboleth 转换/不包含到 Azure AD?
I used this document to do the configuration: https://shibboleth.atlassian.net/wiki/spaces/KB/pages/1467056889/Using+SAML+Proxying+in+the+Shibboleth+IdP+to+connect+with+Azure+AD我使用此文档进行配置: https://shibboleth.atlassian.net/wiki/spaces/KB/pages/1467056889/Using+SAML+Proxying+in+the+Shibboleth+IdP+to+connect+with+Azure +AD
Thanks Nick谢谢尼克
FYI, just changing the entity I'd in my test provider addresses this issue.仅供参考,只需更改我在测试提供商中的实体即可解决此问题。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.