此联合命名空间不允许直接登录到WLID [英] Direct login to WLID is not allowed for this federated namespace

问题描述

我们有第三方应用程序从Microsoft在线安全令牌服务（STS）检索访问令牌，但得到"此联合命名空间不允许直接登录到WLID"。错误。

使用相同的用户名（< user> @ abc.com）并登录Office 365门户（https://login.microsoftonline.com/），用户可以成功登录。什么似乎是问题？  




Microsoft在线安全令牌服务（STS）：

https://login.microsoftonline.com/extSTS.srf




SAML：

<？xml version =" 1.0" encoding =" UTF-8"？>

< s：Envelope xmlns：s =" http：//www.w3.org/2003/05/soap-envelope"的xmlns：A =" HTTP：//www.w3.org/2005/08/addressing" xmlns：u =" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">

  &NBSP; < s：Header>

      < a：行动s：mustUnderstand =" 1"> http：//schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue< / a：行动>

&NBSP;&NBSP;&NBSP;&NBSP;&NBSP; < a：回复>&
         < a：地址> http：//www.w3.org/2005/08/addressing/anonymous< / a：地址>

      < / a：ReplyTo>

      < a：至s：mustUnderstand =" 1"> https：//login.microsoftonline.com/extSTS.srf< / a：To>

     &NBSP; < o：安全xmlns：o =" http：//docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" s：mustUnderstand =" 1">

         < o：UsernameToken>

            < o：用户名> < user> @ abc.com < / o：用户名>

        &NBSP;&NBSP;&NBSP;&NBSP; < o：密码> < password123> < / o：密码>

         < / o：UsernameToken>

      < / o：安全>

   < / s：标题>

   < s：正文>

      < t：RequestSecurityToken xmlns：t =" http：//schemas.xmlsoap.org/ws/2005/02/trust">

       ;&NBSP;&NBSP; < wsp：AppliesTo xmlns：wsp =" http：//schemas.xmlsoap.org/ws/2004/09/policy">

       ;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP; < a：EndpointReference>

               < a：地址> https://abc-my.sharepoint.com/personal/<user> < / a：地址>

   &NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP; < / a：EndpointReference>

         < / wsp：AppliesTo>

         < t：KeyType> http：//schemas.xmlsoap.org/ws/2005/05/identity/NoProofKey< / t：KeyType>

        ;&NBSP;&NBSP; < t：RequestType> http：//schemas.xmlsoap.org/ws/2005/02/trust/Issue< / t：RequestType>

       ;&NBSP;&NBSP; < t：TokenType> urn：oasis：names：tc：SAML：1.0：assertion< / t：TokenType>

      < / t：RequestSecurityToken>

   < / s：正文>

< / s：信封>

解决方案

尝试将内容类型设置为  application / x-www-form-urlencoded < span style ="color：＃1F497D">并检查。

你可以尝试下面的Joseph Velliah分享的步骤。

https://blog.sprider.org/2016/09/15/access-sharepoint-online-rest-api-via -google-postman-with-user-context /

 

如果问题存在，请尝试使用c＃解决方案。

https://github.com/sprider/wordpress/tree/master/Samples/ SPOL_REST_Test

 

最好的问候，

利

We have 3rd party application that retrieves access token from Microsoft Online Security Token Service (STS) but got "Direct login to WLID is not allowed for this federated namespace" error.
Using the same username(<user>@abc.com) and logging in on Office 365 portal(https://login.microsoftonline.com/), the user can log in successfully. What seems to be the problem?  


Microsoft Online Security Token Service (STS):
https://login.microsoftonline.com/extSTS.srf


SAML:
<?xml version="1.0" encoding="UTF-8"?>
<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
   <s:Header>
      <a:Action s:mustUnderstand="1">http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue</a:Action>
      <a:ReplyTo>
         <a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address>
      </a:ReplyTo>
      <a:To s:mustUnderstand="1">https://login.microsoftonline.com/extSTS.srf</a:To>
      <o:Security xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" s:mustUnderstand="1">
         <o:UsernameToken>
            <o:Username><user>@abc.com</o:Username>
            <o:Password><password123></o:Password>
         </o:UsernameToken>
      </o:Security>
   </s:Header>
   <s:Body>
      <t:RequestSecurityToken xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">
         <wsp:AppliesTo xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
            <a:EndpointReference>
               <a:Address>https://abc-my.sharepoint.com/personal/<user></a:Address>
            </a:EndpointReference>
         </wsp:AppliesTo>
         <t:KeyType>http://schemas.xmlsoap.org/ws/2005/05/identity/NoProofKey</t:KeyType>
         <t:RequestType>http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</t:RequestType>
         <t:TokenType>urn:oasis:names:tc:SAML:1.0:assertion</t:TokenType>
      </t:RequestSecurityToken>
   </s:Body>
</s:Envelope>

解决方案

Hi,

Try to Set Content-Type to application/x-www-form-urlencoded and check.

You could try with the steps shared by Joseph Velliah below.

https://blog.sprider.org/2016/09/15/access-sharepoint-online-rest-api-via-google-postman-with-user-context/

 

If the issue exists, try to use c# solution instead.

https://github.com/sprider/wordpress/tree/master/Samples/SPOL_REST_Test

 

Best Regards,

Lee

这篇关于此联合命名空间不允许直接登录到WLID的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！