[英]Outlook Add-In Fails to Authenticate Against ADFS Server
環境:
問題描述:
我正在開發一個應該針對 ADFS 服務器進行身份驗證的 Outlook 加載項。
仔細按照此處列出的步驟操作后: https : //tech.greenhouse.io/2016/08/01/create-adfs-instance-on-azure-virtual-machine.html
我能夠以 ADFS 用戶身份在 Internet Explorer 和 Chrome 外部成功通過 ADFS 登錄。
但是,當嘗試使用相同的方法通過 Outlook 加載項登錄時,我得到的頁面顯示如下:
ADFS Login An error occurred An error occurred. Contact your administrator for more information. Error details © 2016 Microsoft
以下是示例日志文件。
Outlook 插件:
Add-in successfully started up. User interaction in Outlook ribbon happened. SAML SP login: https://validsslcertdomain.com/saml2/login/?idp=http://adfsserverinazurecloud.com/adfs/services/trust SAML IDP Url: https://adfsserverinazurecloud.com/adfs/ls/?SAMLRequest=jZJNTxsxEIbv/RWWLzntejcSKrWyiwJR1AhKo2RBKrfBOymWvPbWYxPCr8ebpBQuUa8z7/vM5+TipTPsGT1pZ6tRmRcjhla5Vtvf1eiumWfno4v6y4SgM72cxvBkV/gnIgWWjJbkkKh49FY6IE3SQockg5Lr6Y8bOc4LCUToQ8LzD5b+tKf3LjjlDGfTv+4rZyl26Nfon7XCu9VNxZ9C6EkKETFrqSizAJAHHcButMFcuU4MtcYCFAnOZqlrbWGA/bO+y6HdUI5AIVKujIst9H0Or9EfQENamAGzmFVct9lr2M7nv+J18RDV9a5vtilDFHFhKRFDxcdF+TUri6w8b8pSFmfy7NsDZ8vjZJfa7nd8cg2PBxHJ702zzJY/1w1n98db8STg9f4wcl/Ys7nzHYTTyCGSut/spRJtmn/H6/9dZIcBWgggJuJD4fr4HreJvZgtndFqx6bGuO2VRwhY8Q0YQv7eIGeiPhA+/1T9Bg==&RelayState=/ SAML WIA Url: https://adfsserverinazurecloud.com/adfs/ls/wia?SAMLRequest=jZJNTxsxEIbv/RWWLzntejcSKrWyiwJR1AhKo2RBKrfBOymWvPbWYxPCr8ebpBQuUa8z7/vM5+TipTPsGT1pZ6tRmRcjhla5Vtvf1eiumWfno4v6y4SgM72cxvBkV/gnIgWWjJbkkKh49FY6IE3SQockg5Lr6Y8bOc4LCUToQ8LzD5b+tKf3LjjlDGfTv+4rZyl26Nfon7XCu9VNxZ9C6EkKETFrqSizAJAHHcButMFcuU4MtcYCFAnOZqlrbWGA/bO+y6HdUI5AIVKujIst9H0Or9EfQENamAGzmFVct9lr2M7nv+J18RDV9a5vtilDFHFhKRFDxcdF+TUri6w8b8pSFmfy7NsDZ8vjZJfa7nd8cg2PBxHJ702zzJY/1w1n98db8STg9f4wcl/Ys7nzHYTTyCGSut/spRJtmn/H6/9dZIcBWgggJuJD4fr4HreJvZgtndFqx6bGuO2VRwhY8Q0YQv7eIGeiPhA+/1T9Bg==&RelayState=/&client-request-id=a1209b03-ffed-419c-4904-0080000000f4
ADFS 服務器:
錯誤 ID:364
Encountered error during federation passive request.
Additional Data
Protocol Name:
Relying Party:
Exception details:
System.FormatException: Invalid length for a Base-64 char array or string.
at System.Convert.FromBase64_Decode(Char* startInputPtr, Int32 inputLength, Byte* startDestPtr, Int32 destLength)
at System.Convert.FromBase64CharPtr(Char* inputPtr, Int32 inputLength)
at System.Convert.FromBase64String(String s)
at Microsoft.IdentityServer.Protocols.Saml.HttpSamlBindingSerializer.DecodeMessageInternal(String message)
at Microsoft.IdentityServer.Protocols.Saml.HttpSamlBindingSerializer.ReadProtocolMessage(String encodedSamlMessage)
at Microsoft.IdentityServer.Protocols.Saml.HttpSamlBindingSerializer.CreateFromNameValueCollection(Uri baseUrl, NameValueCollection collection)
at Microsoft.IdentityServer.Protocols.Saml.HttpRedirectSamlBindingSerializer.ReadMessage(Uri requestUrl, NameValueCollection form)
at Microsoft.IdentityServer.Web.Protocols.Saml.HttpSamlMessageFactory.CreateMessage(WrappedHttpListenerRequest httpRequest)
at Microsoft.IdentityServer.Web.Protocols.Saml.SamlContextFactory.CreateProtocolContextFromRequest(WrappedHttpListenerRequest request, ProtocolContext& protocolContext)
at Microsoft.IdentityServer.Web.Protocols.Saml.SamlProtocolHandler.CreateProtocolContext(WrappedHttpListenerRequest request)
at Microsoft.IdentityServer.Web.PassiveProtocolListener.GetProtocolHandler(WrappedHttpListenerRequest request, ProtocolContext& protocolContext, PassiveProtocolHandler& protocolHandler)
at Microsoft.IdentityServer.Web.PassiveProtocolListener.OnGetContext(WrappedHttpListenerContext context)
這是加載項上的示例代碼:
// String definitions
string samlAcs = Properties.Settings.Default.samlAcs;
string samlIdp = Properties.Settings.Default.samlIdp;
string serverUrl = Properties.Settings.Default.serverUrl;
string loginUrl = serverUrl + "/saml2/login/?idp=" + samlIdp;
var acsUrl = serverUrl + samlAcs;
string wiaHtmlBody = "";
HttpResponseMessage response;
try
{
response = await client.GetAsync(loginUrl);
...
try
{
response = await client.GetAsync(response.Headers.Location);
...
var wiaUrl = response.Headers.Location.ToString();
if (wiaUrl[0] == '/') wiaUrl = serverUrl + wiaUrl;
try
{
response = await client.GetAsync(wiaUrl);
response.EnsureSuccessStatusCode();
wiaHtmlBody = await response.Content.ReadAsStringAsync();
...
var wiaDoc = new XmlDocument();
try
{
wiaDoc.Load(new StringReader(wiaHtmlBody));
var samlNode = wiaDoc.DocumentElement.SelectSingleNode("//input[@name='SAMLResponse']");
string samlResponse = samlNode.Attributes["value"].Value;
...
當它期望來自服務器的 XML 文檔時拋出異常:
Exception: System.NullReferenceException: Object reference not set to an instance of an object.
類似的問題: https : //serverfault.com/questions/753149/ad-fs-3-0-event-id-364-while-creating-mfa-and-sso
問題:我必須采取哪些步驟來解決這個問題?
提前致謝。
似乎wiaUrl不是 URL 編碼的,因為您在從response.Headers.Location檢索它時將其轉換為字符串。 這將解釋為什么 base-64 解碼器失敗,因為 ADFS 首先嘗試對 SAML 請求消息進行 URL 解碼。
換句話說,您必須將 URL 編碼的字符串傳遞給client.GetAsync(wiaUrl)或URI對象。
使用外接程序中的Outlook Online令牌對用戶進行身份驗證以在線進行Exchange
[英]Authenticate user to Exchange online with Outlook online token from an add-in
我可以使用ADFS 2.0對SQL Server的某些用戶進行身份驗證嗎?
[英]Can I use ADFS 2.0 to authenticate certain users against SQL Server?
Outlook VSTO 加載項 - 無法在 Outlook 2019 上安裝加載項
[英]Outlook VSTO Add-In - Cannot install Add-In on Outlook 2019
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.