如何配置对备用ADFS20登录页面的被动联合访问? [英] How do you configure passive federation access to alternative ADFS20 login pages?
问题描述
我一直在尝试查找文档,说明如何使用备用登录页面配置ASP.NET依赖方对标准ADFS 2.0服务器进行身份验证。
默认ADFS20登录网站安装在 http:// {dns_name} / adfs / ls 。当我使用FedUtil配置web.config STS引用时,web.confg最终会得到以下设置:
< federatedAuthentication>
&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP; < wsFederation passiveRedirectEnabled = QUOT;真"
&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP ;&NBSP;&NBSP; issuer =" https://sts.one.dom/adfs/ls/ "
&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP; realm =" https://myaspnetwebapp.one.dom/ "
&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP; requireHttps = QUOT;真" />
&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP; < cookieHandler requireSsl =" true" />
&NBSP;&NBSP;&NBSP;&NBSP;&NBSP; < / federatedAuthentication>
这对STS有效,但默认提示用户名&密码。
我一直在尝试访问身份服务器配置文件中指定的其他登录方法
< microsoft.identityServer.web>
&NBSP;&NBSP;&NBSP; < authenticationTypes>
&NBSP;&NBSP;&NBSP;&NBSP;&NBSP; < add name =" IssuedTokenViaSelector"页= QUOT; AutoLogon.aspx" />
&NBSP;&NBSP;&NBSP;&NBSP;&NBSP; < add name =" IssuedTokenViaPassive"页= QUOT; HomeRealmDiscovery.aspx" />
&NBSP;&NBSP;&NBSP;&NBSP;&NBSP; < add name =" Integrated"页= QUOT; AUTH /集成的/" />
&NBSP;&NBSP;&NBSP;&NBSP;&NBSP; < add name =" Forms"页= QUOT; FormsSignIn.aspx" />
&NBSP;&NBSP;&NBSP;&NBSP;&NBSP; < add name =" TlsClient"页= QUOT; AUTH / sslclient /" />
&NBSP;&NBSP;&NBSP;&NBSP;&NBSP; < add name =" Basic"页= QUOT; auth /中基本/" />
&NBSP;&NBSP;&NBSP; < / authenticationTypes>
&NBSP;&NBSP;&NBSP; < context hidden =" true" />
&NBSP;&NBSP;&NBSP; < commonDomainCookie writer =""读者= QUOT;" />
&NBSP;&NBSP;&NBSP; < error page =" Error.aspx" />
&NBSP;&NBSP;&NBSP; < persistIdentityProviderInformation enabled =" true" lifetimeInDays = QUOT; 30英寸; />
&NBSP;&NBSP;&NBSP; < securityTokenService samlProtocolEndpoint =" net.tcp:// localhost / samlprotocol"
wsTrustEndpoint = QUOT;的net.tcp://本地主机/ ADFS /服务/ trusttcp /窗口" />
&NBSP;&NBSP;&NBSP; < singleSignOn enabled =" true" />
&NBSP; < /microsoft.identityServer.web>
但当我改为这样的事物时
< federatedAuthentication>
&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP; < wsFederation passiveRedirectEnabled = QUOT;真"
&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP ;&NBSP;&NBSP; issuer =" https://sts.one.dom/adfs/ls/autologon.aspx " ;
&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP; realm =" https://myaspnetwebapp.one.dom/ "
&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP; requireHttps = QUOT;真" />
&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP; < cookieHandler requireSsl =" true" />
&NBSP;&NBSP;&NBSP;&NBSP;&NBSP; < / federatedAuthentication>
我收到以下错误
错误
sts.one.dom
在处理请求期间发生错误。<登记/> MSIS7000:在请求标识是不符合于WS联盟语言用于网络浏览器的客户端或SAML 2.0协议WebSSO轮廓
附加信息:49e0c51a-cd1f-4f3c-B757-be156a191f23
是否有任何人可以为我指出有用的文档,详细说明所需的设置,或者另一个已经回答的帖子(我找不到),或者可能告诉我在网络上需要更改的内容.config
感谢
看看这里:
http: //msdn.microsoft.com/en-us/library/ee895355.aspx
I have been trying to find documentation that shows how to configure an ASP.NET relying party to authenticate against a standard ADFS 2.0 server, using alternative login pages.
The default ADFS20 login web site is installed at http://{dns_name}/adfs/ls. WhenI use FedUtil to configure the web.config STS reference, the web.confg ends up with the following settings:
<federatedAuthentication>
<wsFederation passiveRedirectEnabled="true"
issuer="https://sts.one.dom/adfs/ls/"
realm="https://myaspnetwebapp.one.dom/"
requireHttps="true" />
<cookieHandler requireSsl="true" />
</federatedAuthentication>
This works against the STS ok, but defaults to prompting for Username & Password.
I have been trying to access the other login methods specfied in the identity servers config file
<microsoft.identityServer.web>
<authenticationTypes>
<add name="IssuedTokenViaSelector" page="AutoLogon.aspx" />
<add name="IssuedTokenViaPassive" page="HomeRealmDiscovery.aspx" />
<add name="Integrated" page="auth/integrated/" />
<add name="Forms" page="FormsSignIn.aspx" />
<add name="TlsClient" page="auth/sslclient/" />
<add name="Basic" page="auth/basic/" />
</authenticationTypes>
<context hidden="true" />
<commonDomainCookie writer="" reader="" />
<error page="Error.aspx" />
<persistIdentityProviderInformation enabled="true" lifetimeInDays="30" />
<securityTokenService samlProtocolEndpoint="net.tcp://localhost/samlprotocol"
wsTrustEndpoint="net.tcp://localhost/adfs/services/trusttcp/windows" />
<singleSignOn enabled="true" />
</microsoft.identityServer.web>
but when I change to something like this
<federatedAuthentication>
<wsFederation passiveRedirectEnabled="true"
issuer="https://sts.one.dom/adfs/ls/autologon.aspx"
realm="https://myaspnetwebapp.one.dom/"
requireHttps="true" />
<cookieHandler requireSsl="true" />
</federatedAuthentication>
I get the following error
Error
sts.one.dom
An error occurred during processing of the request.
MSIS7000: The sign in request is not compliant to the WS-Federation language for web browser clients or the SAML 2.0 protocol WebSSO profile.
Additional data: 49e0c51a-cd1f-4f3c-b757-be156a191f23
Is there anyone that can please point me to useful documentation detailing the settings required, or another thread that has already been answered (i can't find one), or possibly tell me what I need to change in my web.config
Thanks解决方案Have a look here:http://msdn.microsoft.com/en-us/library/ee895355.aspx
这篇关于如何配置对备用ADFS20登录页面的被动联合访问?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
