测试联合服务 [英] Testing Federation Services

问题描述

我们目前正在测试AD FS 2.0，并且拥有当前的测试设计。

联合服务器和运行在同一个盒子上的WIF Sample app。

运行测试域的VM尝试访问WIF样本。似乎所有内容都使用SSL证书进行检查，但在尝试从测试域进行身份验证时，FS上会生成以下错误。

< span lang ="EN">

联邦被动请求期间遇到错误。

其他数据

异常详细信息：

Microsoft.IdentityServer.Web.AuthenticationFailedException：ID3034：身份验证失败。

  在Microsoft.IdentityServer.Web.FederationPassiveAuthentication.SubmitRequest（MSISRequestSecurityToken请求）

  在Microsoft.IdentityServer.Web.FederationPassiveAuthentication.RequestBearerToken（MSISSignInRequestMessage signInRequest，SecurityTokenElement onBehalfOf，SecurityToken primaryAuthToken，String desiredTokenType，Uri& replyTo）

  在Microsoft.IdentityServer.Web.FederationPassiveAuthentication.BuildSignInResponseCoreWithSecurityToken（SecurityToken securityToken，WSFederationMessage incomingMessage）

  在Microsoft.IdentityServer.Web.FederationPassiveAuthentication.BuildSignInResponseForProtocolRequest（FederationPassiveContext federationPassiveContext，SecurityToken securityToken）

  在Microsoft.IdentityServer.Web.FederationPassiveAuthentication.BuildSignInResponse（SecurityToken securityToken）

______________________________________________________

联合服务在处理WS-Trust请求时遇到错误。

请求类型：http：//schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue

其他数据

异常详细信息：

Microsoft.IdentityModel.SecurityTokenService.FailedAuthenticationException：MSIS3019：身份验证失败。 ---> System.IdentityModel.Tokens.SecurityTokenValidationException：ID4063："管理员"用户的LogonUser失败。确保用户
具有有效的Windows帐户。 ---> System.ComponentModel.Win32Exception：服务器上的安全数据库没有此工作站信任关系的计算机帐户

   ---内部异常堆栈跟踪结束---

  在Microsoft.IdentityModel.Tokens.WindowsUserNameSecurityTokenHandler.ValidateToken（SecurityToken令牌）

  在Microsoft.IdentityServer.Service.Tokens.MSISWindowsUserNameSecurityTokenHandler.ValidateToken（SecurityToken令牌）

  在Microsoft.IdentityModel.Tokens.SecurityTokenElement.GetSubject（）

  在Microsoft.IdentityServer.Service.SecurityTokenService.MSISSecurityTokenService.GetOnBehalfOfPrincipal（RequestSecurityToken request，IClaimsPrincipal callerPrincipal）

   ---内部异常堆栈跟踪结束---

  在Microsoft.IdentityServer.Service.SecurityTokenService.MSISSecurityTokenService.GetOnBehalfOfPrincipal（RequestSecurityToken request，IClaimsPrincipal callerPrincipal）

  在Microsoft.IdentityServer.Service.SecurityTokenService.MSISSecurityTokenService.BeginGetScope（IClaimsPrincipal principal，RequestSecurityToken请求，AsyncCallback回调，对象状态）

  在Microsoft.IdentityModel.SecurityTokenService.SecurityTokenService.BeginIssue（IClaimsPrincipal principal，RequestSecurityToken请求，AsyncCallback回调，对象状态）

  在Microsoft.IdentityModel.Protocols.WSTrust.WSTrustServiceContract.DispatchRequestAsyncResult..ctor（DispatchContext dispatchContext，AsyncCallback asyncCallback，Object asyncState）

  在Microsoft.IdentityModel.Protocols.WSTrust.WSTrustServiceContract.BeginDispatchRequest（DispatchContext dispatchContext，AsyncCallback asyncCallback，Object asyncState）

  在Microsoft.IdentityModel.Protocols.WSTrust.WSTrustServiceContract.ProcessCoreAsyncResult..ctor（WSTrustServiceContract contract，DispatchContext dispatchContext，MessageVersion messageVersion，WSTrustResponseSerializer responseSerializer，WSTrustSerializationContext
serializationContext，AsyncCallback asyncCallback，Object asyncState）

&NBSP;&NBSP;在Microsoft.IdentityModel.Protocols.WSTrust.WSTrustServiceContract.BeginProcessCore（消息requestMessage，WSTrustRequestSerializer requestSerializer，WSTrustResponseSerializer responseSerializer，String requestAction，String responseAction，
String trustNamespace，AsyncCallback callback，Object state）

System.IdentityModel.Tokens.SecurityTokenValidationException：ID4063："管理员"用户的LogonUser失败。确保用户具有有效的Windows帐户。 ---> System.ComponentModel.Win32Exception：服务器上的安全数据库执行
没有此工作站信任关系的计算机帐户

   ---内部异常堆栈跟踪结束---

  在Microsoft.IdentityModel.Tokens.WindowsUserNameSecurityTokenHandler.ValidateToken（SecurityToken令牌）

  在Microsoft.IdentityServer.Service.Tokens.MSISWindowsUserNameSecurityTokenHandler.ValidateToken（SecurityToken令牌）

  在Microsoft.IdentityModel.Tokens.SecurityTokenElement.GetSubject（）

   at Microsoft.IdentityServer.Service.SecurityTokenService.MSISSecurityTokenService.GetOnBehalfOfPrincipal（RequestSecurityToken request，IClaimsPrincipal callerPrincipal）

System.ComponentModel.Win32Exception：服务器上的安全数据库没有此计算机帐户工作站信任关系

解决方案

< blockquote>

请使用AD FS论坛并提出您的问题： http://social.msdn.microsoft。 com /论坛/ zh /日内瓦/
$


有关证书的详细信息，安全论坛是更好的地方：
http://social.technet.microsoft.com/Forums/en/winserversecurity/threads

We are currently testing AD FS 2.0 and have the current test design.

Federation server and WIF Sample app running on the same box.

VM running a test domain trying to access the WIF sample. Everything seems to check out with the SSL certs but when trying to authenticate from the test domain the following errors are generated on the FS.

Encountered error during federation passive request.

Additional Data

Exception details:

Microsoft.IdentityServer.Web.AuthenticationFailedException: ID3034: Authentication failed.

   at Microsoft.IdentityServer.Web.FederationPassiveAuthentication.SubmitRequest(MSISRequestSecurityToken request)

   at Microsoft.IdentityServer.Web.FederationPassiveAuthentication.RequestBearerToken(MSISSignInRequestMessage signInRequest, SecurityTokenElement onBehalfOf, SecurityToken primaryAuthToken, String desiredTokenType, Uri& replyTo)

   at Microsoft.IdentityServer.Web.FederationPassiveAuthentication.BuildSignInResponseCoreWithSecurityToken(SecurityToken securityToken, WSFederationMessage incomingMessage)

   at Microsoft.IdentityServer.Web.FederationPassiveAuthentication.BuildSignInResponseForProtocolRequest(FederationPassiveContext federationPassiveContext, SecurityToken securityToken)

   at Microsoft.IdentityServer.Web.FederationPassiveAuthentication.BuildSignInResponse(SecurityToken securityToken)

______________________________________________________

The Federation Service encountered an error while processing the WS-Trust request.

Request type: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue

Additional Data

Exception details:

Microsoft.IdentityModel.SecurityTokenService.FailedAuthenticationException: MSIS3019: Authentication failed. ---> System.IdentityModel.Tokens.SecurityTokenValidationException: ID4063: LogonUser failed for the 'administrator' user. Ensure that the user has a valid Windows account. ---> System.ComponentModel.Win32Exception: The security database on the server does not have a computer account for this workstation trust relationship

   --- End of inner exception stack trace ---

   at Microsoft.IdentityModel.Tokens.WindowsUserNameSecurityTokenHandler.ValidateToken(SecurityToken token)

   at Microsoft.IdentityServer.Service.Tokens.MSISWindowsUserNameSecurityTokenHandler.ValidateToken(SecurityToken token)

   at Microsoft.IdentityModel.Tokens.SecurityTokenElement.GetSubject()

   at Microsoft.IdentityServer.Service.SecurityTokenService.MSISSecurityTokenService.GetOnBehalfOfPrincipal(RequestSecurityToken request, IClaimsPrincipal callerPrincipal)

   --- End of inner exception stack trace ---

   at Microsoft.IdentityServer.Service.SecurityTokenService.MSISSecurityTokenService.GetOnBehalfOfPrincipal(RequestSecurityToken request, IClaimsPrincipal callerPrincipal)

   at Microsoft.IdentityServer.Service.SecurityTokenService.MSISSecurityTokenService.BeginGetScope(IClaimsPrincipal principal, RequestSecurityToken request, AsyncCallback callback, Object state)

   at Microsoft.IdentityModel.SecurityTokenService.SecurityTokenService.BeginIssue(IClaimsPrincipal principal, RequestSecurityToken request, AsyncCallback callback, Object state)

   at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustServiceContract.DispatchRequestAsyncResult..ctor(DispatchContext dispatchContext, AsyncCallback asyncCallback, Object asyncState)

   at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustServiceContract.BeginDispatchRequest(DispatchContext dispatchContext, AsyncCallback asyncCallback, Object asyncState)

   at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustServiceContract.ProcessCoreAsyncResult..ctor(WSTrustServiceContract contract, DispatchContext dispatchContext, MessageVersion messageVersion, WSTrustResponseSerializer responseSerializer, WSTrustSerializationContext serializationContext, AsyncCallback asyncCallback, Object asyncState)

   at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustServiceContract.BeginProcessCore(Message requestMessage, WSTrustRequestSerializer requestSerializer, WSTrustResponseSerializer responseSerializer, String requestAction, String responseAction, String trustNamespace, AsyncCallback callback, Object state)

System.IdentityModel.Tokens.SecurityTokenValidationException: ID4063: LogonUser failed for the 'administrator' user. Ensure that the user has a valid Windows account. ---> System.ComponentModel.Win32Exception: The security database on the server does not have a computer account for this workstation trust relationship

   --- End of inner exception stack trace ---

   at Microsoft.IdentityModel.Tokens.WindowsUserNameSecurityTokenHandler.ValidateToken(SecurityToken token)

   at Microsoft.IdentityServer.Service.Tokens.MSISWindowsUserNameSecurityTokenHandler.ValidateToken(SecurityToken token)

   at Microsoft.IdentityModel.Tokens.SecurityTokenElement.GetSubject()

   at Microsoft.IdentityServer.Service.SecurityTokenService.MSISSecurityTokenService.GetOnBehalfOfPrincipal(RequestSecurityToken request, IClaimsPrincipal callerPrincipal)

System.ComponentModel.Win32Exception: The security database on the server does not have a computer account for this workstation trust relationship

解决方案

Please use AD FS forum and ask your question:http://social.msdn.microsoft.com/Forums/en/Geneva/

For details about Certificates,the Security forum is the better place: http://social.technet.microsoft.com/Forums/en/winserversecurity/threads

这篇关于测试联合服务的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！