ADFS 2.0 错误 ID4175:IssuerNameRegistry 无法识别安全令牌的颁发者 [英] ADFS 2.0 Error ID4175: The issuer of the security token was not recognized by the IssuerNameRegistry

问题描述

错误:

ID4175:证券发行人令牌未被识别发行人名称注册表.接受安全来自这个发行者的令牌，配置IssuerNameRegistry 返回一个有效的此发行人的名称.

ID4175: The issuer of the security token was not recognized by the IssuerNameRegistry. To accept security tokens from this issuer, configure the IssuerNameRegistry to return a valid name for this issuer.

情况:我有 3 或 4 个 asp.net 应用程序在单个 IIS 服务器(我的 QA 环境)上运行，今天早上开始返回此错误.我从匿名站点开始，单击指向安全部分的链接，重定向到我的联邦服务代理，进行身份验证，然后重定向回我的安全页面，但出现此错误.

The situation: I have 3 or 4 asp.net apps running on a single IIS server (my QA environment), that this morning began returning this error. I start out on an anonymous site, click a link to a secure section, get redirected to my federation services proxy, authenticate, and am redirected back to my secure page, but this error appears.

此链接和其他一些链接表明我的 web.config 中的指纹是错误的，但我可以证明(通过 TFS 中的历史记录)我的 web.config 文件中的指纹没有改变.

This link and a bunch of others indicate that the thumbprint in my web.config is wrong, but I can prove (via history in TFS) that the thumbprint in my web.config file has not changed.

我已经尝试重新运行 fedutil，但仍然得到相同的消息(尽管出现了不同的指纹).有什么想法吗?

I've tried re-running the fedutil, but still get the same message (though that comes up with a different thumbprint). Any ideas?

推荐答案

不想回答我自己的问题，但看起来我被AutoCertificateRollover 因为它有效，然后我们重新部署，替换 web.config 并破坏身份验证.

Hate to answer my own question, but it looks like I got bit by AutoCertificateRollover because it worked, and we then re-deployed, replacing the web.config and breaking the authentication.

这实际上是一件好事，因为我们的生产证书将在大约 6 周后到期，并且生产没有启用自动翻转 - 我会在生产中遇到一些严重的问题，这永远不会好.

This was actually a good thing, because our production cert expires in about 6 weeks, and production doesn't have auto rollover enabled - I would have had some serious issues in production and that's never good.

这篇关于ADFS 2.0 错误 ID4175:IssuerNameRegistry 无法识别安全令牌的颁发者的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！