意外的IE凭证协商:IE可以运行,但Firefox,Chrome,Safari不会通过STS进行身份验证 [英] Unexpected IE credential negotiation: IE works but Firefox, Chrome, Safari won't authenticate with STS
问题描述
我已经启动STS并运行
https://sts1.dcpromo.com/default。 ASPX 功能我还有一个RP 位于 https://ssoclient1.dcpromo.com/default.aspx
I have an STS up and running at https://sts1.dcpromo.com/default.aspx I also have a RP located at https://ssoclient1.dcpromo.com/default.aspx
我可以使用IE进行身份验证,但*不能*使用任何其他浏览器进行身份验证。 此外,当涉及小提琴手时IE不起作用。 IE处于"互联网"状态。模式。 IIS仅设置为匿名。
I am able to authenticate using IE, but *not* with any other browser. In addition IE doesn't work when fiddler is involved. IE is in "internet" mode. IIS is set to anonymous only.
web.config的相关部分是:
The relevant parts of web.config are:
<
身份验证
模式 = " 无 " />
authentication mode="None"/>
和:
<microsoft.identityModel>
<service>
<applicationService>
<claimTypeRequired>
<!--Following are the claims offered by STS 'urn:federation:sts1.dcpromo.com'. Add or uncomment claims that you require by your application and then update the federation metadata of this application.-->
<claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" optional="true"/>
<claimType type="http://schemas.microsoft.com/ws/2008/06/identity/claims/role" optional="true"/>
</claimTypeRequired>
</applicationService>
<certificateValidation certificateValidationMode="None"/>
<audienceUris>
<!--<add value="urn:LamontConsulting:A-String-Of-Characters-That-Uniquely-Define-My-WebApplication/"/>-->
<add value="https://ssoclient1.dcpromo.com/"/>
</audienceUris>
<federatedAuthentication>
<wsFederation passiveRedirectEnabled="true"
issuer="https://sts1.dcpromo.com/adfs/ls/"
realm="https://SSOClient1.dcpromo.com"
requireHttps="true"/>
<cookieHandler requireSsl="true"/>
</federatedAuthentication>
<!--<issuerNameRegistry type="TrustedIssuerNameRegistry" />-->
<issuerNameRegistry type="Microsoft.IdentityModel.Tokens.ConfigurationBasedIssuerNameRegistry, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35">
<trustedIssuers>
<add thumbprint="3EE5761FA347167369D49FAF4FD576ABCBF1412D" name="urn:federation:sts1.dcpromo.com"/>
</trustedIssuers>
</issuerNameRegistry>
</service>
</microsoft.identityModel>
推荐答案
您使用的是Windows吗?整合的Authenticatin?
Are you using Windows Integrated Authenticatin?
这听起来像扩展保护 - 看看
这里提供一般信息。
This sounds like Extended Protection - look here for general information.
这篇关于意外的IE凭证协商:IE可以运行,但Firefox,Chrome,Safari不会通过STS进行身份验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!