stackoom
  简体   繁体   中英

ADFS Login Error

 原文  2017-11-09 10:56:00       java/ spring/ saml/ adfs

Question

When I try to login with adfs with RP I am getting below error. Any one let us know solution.

Encountered error during federation passive request.

Additional Data

Protocol Name:

Relying Party:

Exception details: System.NotSupportedException: MSIS0023: SAML signature type ' http://www.w3.org/2000/09/xmldsig#dsa-sha1 ' is not supported by the HTTP Redirect binding serializer at this time. at Microsoft.IdentityServer.Protocols.Saml.HttpRedirectSamlBindingSerializer.CreateFromNameValueCollection(Uri baseUrl, NameValueCollection collection) at Microsoft.IdentityServer.Protocols.Saml.HttpRedirectSamlBindingSerializer.ReadMessage(Uri requestUrl, NameValueCollection form) at Microsoft.IdentityServer.Web.Protocols.Saml.HttpSamlMessageFactory.CreateMessage(WrappedHttpListenerRequest httpRequest) at Microsoft.IdentityServer.Web.Protocols.Saml.SamlContextFactory.CreateProtocolContextFromRequest(WrappedHttpListenerRequest request, ProtocolContext& protocolContext) at Microsoft.IdentityServer.Web.Protocols.Saml.SamlProtocolHandler.CreateProtocolContext(WrappedHttpListenerRequest request) at Microsoft.IdentityServer.Web.PassiveProtocolListener.GetProtocolHandler(WrappedHttpListenerRequest request, ProtocolContext& protocolContext, PassiveProtocolHandler& protocolHandler) at Microsoft.IdentityServer.Web.PassiveProtocolListener.OnGetContext(WrappedHttpListenerContext context)

2 answers

solution1
 0  2017-11-09 18:32:42

It means that signature method is not supported by ADFS.

eg it supports: 

xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/><ds:Reference URI="#_aab2f88b-026a-4307-8a9a-1eaca6e9468d"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>

solution2
 0  2017-11-09 23:01:10

It would be better to switch to SHA-256 signatures in your RP.

If this isn't possible for some reason, you can tell ADFS to accept SHA-1 signatures by specifying SHA-1 under the Advanced tab of your relying party's properties in ADFS.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question adfs login authentication on android application Liferay/Java Custom Login through ADFS how to verify if user already login to ADFS Angular login with azure adfs and springboot api While login ADFS getting Error- System.FormatException: Index (zero based) must be greater than or equal to zero and less than the size Login adfs in java and get assertion from saml response Error in response while using SAML oneLogin code to connect to ADFS as iDP ADFS COnfiguration Issue - an error occurred during an attempt to set the spn for the specified service account Java dashboard login error JAAS Error: Login failed
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM