[英]AD FS custom authentication provider did not return an authentication method claim
我為 AD FS MFA 創建了一個自定義身份驗證提供程序。
我在元數據中定義了一個身份驗證方法聲明:
public string[] AuthenticationMethods
{
get { return new string[] { "https://schemas.microsoft.com/ws/2012/12/authmethod/otp" }; }
}
我還有一個 TryEndAuthentication 方法(這僅用於實驗室目的,一旦這部分工作,我將更改硬編碼的引腳):
public IAdapterPresentation TryEndAuthentication(IAuthenticationContext context, IProofData proofData, System.Net.HttpListenerRequest request, out System.Security.Claims.Claim[] claims)
{
claims = null;
IAdapterPresentation result = null;
string pin = proofData.Properties["pin"].ToString();
if (pin == "12345")
{
System.Security.Claims.Claim claim = new System.Security.Claims.Claim("https://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod", "https://schemas.microsoft.com/ws/2012/12/authmethod/otp");
claims = new System.Security.Claims.Claim[] { claim };
}
else
{
result = new AdapterPresentation("Authentication failed.", false);
}
return result;
}
但是當我在我的 AD FS 中部署它時,當我正確登錄時它會給我這個錯誤:
有誰知道出了什么問題?
我想到了。 schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod 聲明的 URI 應使用 http。 不是 https。
你應該改變下面的行
if (pin == "12345")
{
System.Security.Claims.Claim claim = new System.Security.Claims.Claim("https://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod", "https://schemas.microsoft.com/ws/2012/12/authmethod/otp");
claims = new System.Security.Claims.Claim[] { claim };
}
到
if (pin == "12345")
{
System.Security.Claims.Claim claim = new System.Security.Claims.Claim("http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod", "https://schemas.microsoft.com/ws/2012/12/authmethod/otp");
claims = new System.Security.Claims.Claim[] { claim };
}
然后它會起作用。
當我從https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/development/ad-fs-build-custom-auth-method復制示例適配器代碼時,我犯了同樣的錯誤
我已經在 github 上提交了https://github.com/MicrosoftDocs/windowsserverdocs/pull/4165更正,應該很快就會提交。
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.