意外的IE凭证协商：IE可以运行，但Firefox，Chrome，Safari不会通过STS进行身份验证 [英] Unexpected IE credential negotiation: IE works but Firefox, Chrome, Safari won't authenticate with STS

问题描述

我已经启动STS并运行
https://sts1.dcpromo.com/default。 ASPX 功能我还有一个RP 位于 https://ssoclient1.dcpromo.com/default.aspx  

I have an STS up and running at https://sts1.dcpromo.com/default.aspx  I also have a RP located at https://ssoclient1.dcpromo.com/default.aspx 

我可以使用IE进行身份验证，但*不能*使用任何其他浏览器进行身份验证。 此外，当涉及小提琴手时IE不起作用。  IE处于"互联网"状态。模式。    IIS仅设置为匿名。

I am able to authenticate using IE, but *not* with any other browser.  In addition IE doesn't work when fiddler is involved.  IE is in "internet" mode.   IIS is set to anonymous only.

web.config的相关部分是：

The relevant parts of web.config are:

<

 

身份验证
模式 = " 无 " />

authentication mode="None"/>

 

 

和： 

<microsoft.identityModel>
		<service>
			<applicationService>
				<claimTypeRequired>
					<!--Following are the claims offered by STS 'urn:federation:sts1.dcpromo.com'. Add or uncomment claims that you require by your application and then update the federation metadata of this application.-->
					<claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" optional="true"/>
					<claimType type="http://schemas.microsoft.com/ws/2008/06/identity/claims/role" optional="true"/>
				</claimTypeRequired>
			</applicationService>
			<certificateValidation certificateValidationMode="None"/>
			<audienceUris>
				<!--<add value="urn:LamontConsulting:A-String-Of-Characters-That-Uniquely-Define-My-WebApplication/"/>-->
				<add value="https://ssoclient1.dcpromo.com/"/>
			</audienceUris>
			<federatedAuthentication>
				 <wsFederation passiveRedirectEnabled="true"
            issuer="https://sts1.dcpromo.com/adfs/ls/"
            realm="https://SSOClient1.dcpromo.com" 
            requireHttps="true"/> 
				<cookieHandler requireSsl="true"/>
			</federatedAuthentication>
   <!--<issuerNameRegistry type="TrustedIssuerNameRegistry" />-->

   <issuerNameRegistry type="Microsoft.IdentityModel.Tokens.ConfigurationBasedIssuerNameRegistry, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35">
				<trustedIssuers>
					<add thumbprint="3EE5761FA347167369D49FAF4FD576ABCBF1412D" name="urn:federation:sts1.dcpromo.com"/>
				</trustedIssuers>
			</issuerNameRegistry>
		</service>
	</microsoft.identityModel>

 

 

推荐答案

您使用的是Windows吗？整合的Authenticatin？

Are you using Windows Integrated Authenticatin?

这听起来像扩展保护 - 看看
这里提供一般信息。

This sounds like Extended Protection - look here for general information.

这篇关于意外的IE凭证协商：IE可以运行，但Firefox，Chrome，Safari不会通过STS进行身份验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！