SAML回复缺少身份验证声明 [英] SAML reply missing authentication statement

问题描述

我的SP收到ADFS到SAML请求的成功响应，但响应中没有身份验证声明。我是否需要在ADFS端进行某种配置以指示应该发送身份验证语句？

My SP is receiving a successful response from ADFS to a SAML request but there's no authentication statement in the response. Is there some kind of configuration I need to do on the ADFS side to indicate that an authentication statement should be sent?

谢谢，

Rob

推荐答案

您好Rob，

如果您直接进行身份验证，ADFS 2.0应生成身份验证声明。您能否分享有关repro的更多信息，是从其他STS收到的令牌？通常，身份验证语句是从Active Directory发起身份验证提供的，或者如果您从身份提供者收到令牌 - 身份验证语句是从该令牌映射的。

ADFS 2.0 should generate authentication statement if you authenticate directly. Can you share more information about repro, is the token received from other STS? Normally authentication statement is provided from Active Directory originating authentication or if you received token from identity provider - authentication statement is mapped from that token.

您还可以在RP策略中生成身份验证方法声明 （ http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod ）映射到令牌中的身份验证语句。例如，此规则会将示例声明的值映射到令牌中的身份验证方法：

You can also generate authentication method claim in RP policy (http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod) that is mapped to authentication statement in the token. For example, this rule will map value of example claim to authentication method in the token:

c：[Type ==" HTTPS：//示例/认证"]
  =>问题（Type =" http://schemas.microsoft.com/ws/2008/06/ identity / claims / authenticationmethod "，Value = c.Value）;

c:[Type == "https://example/authentication"]
 => issue(Type = "http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod", Value = c.Value);

这篇关于SAML回复缺少身份验证声明的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！