When I try to login with adfs with RP I am getting below error. Any one let us know solution.
Encountered error during federation passive request.
Additional Data
Protocol Name:
Relying Party:
Exception details: System.NotSupportedException: MSIS0023: SAML signature type ' http://www.w3.org/2000/09/xmldsig#dsa-sha1 ' is not supported by the HTTP Redirect binding serializer at this time. at Microsoft.IdentityServer.Protocols.Saml.HttpRedirectSamlBindingSerializer.CreateFromNameValueCollection(Uri baseUrl, NameValueCollection collection) at Microsoft.IdentityServer.Protocols.Saml.HttpRedirectSamlBindingSerializer.ReadMessage(Uri requestUrl, NameValueCollection form) at Microsoft.IdentityServer.Web.Protocols.Saml.HttpSamlMessageFactory.CreateMessage(WrappedHttpListenerRequest httpRequest) at Microsoft.IdentityServer.Web.Protocols.Saml.SamlContextFactory.CreateProtocolContextFromRequest(WrappedHttpListenerRequest request, ProtocolContext& protocolContext) at Microsoft.IdentityServer.Web.Protocols.Saml.SamlProtocolHandler.CreateProtocolContext(WrappedHttpListenerRequest request) at Microsoft.IdentityServer.Web.PassiveProtocolListener.GetProtocolHandler(WrappedHttpListenerRequest request, ProtocolContext& protocolContext, PassiveProtocolHandler& protocolHandler) at Microsoft.IdentityServer.Web.PassiveProtocolListener.OnGetContext(WrappedHttpListenerContext context)
It means that signature method is not supported by ADFS.
eg it supports:
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/><ds:Reference URI="#_aab2f88b-026a-4307-8a9a-1eaca6e9468d"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
It would be better to switch to SHA-256 signatures in your RP.
If this isn't possible for some reason, you can tell ADFS to accept SHA-1 signatures by specifying SHA-1 under the Advanced tab of your relying party's properties in ADFS.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.