向受理信任提供商添加受众限制 [英] Adding audience restriction to claims trust provider

问题描述

如何向声明信任提供商添加受众群体限制

How do I add audience restriction to claims trust provider

管理界面中不存在

受众群体限制无效，因为此联合身份验证服务的可接受标识符列表中不存在指定的受众标识符。 

The audience restriction was not valid because the specified audience identifier is not present in the acceptable identifiers list of this Federation Service. 

 

用户操作 

User Action 

查看验证失败的受众标识符的异常详细信息。如果受众标识符标识此联合身份验证服务，请使用Windows PowerShell for AD FS将受众标识符添加到可接受的标识符列表中。  请注意，受众标识符用于验证令牌是否已发送到此联合身份验证服务。如果您认为受众标识符无法识别您的联合身份验证服务，则将其添加到可接受的标识符列表中可能会在您的系统中打开一个安全漏洞。 

See the exception details for the audience identifer that failed validation. If the audience identifier identifies this Federation Service, add the audience identifier to the acceptable identifiers list by using Windows PowerShell for AD FS.  Note that the audience identifier is used to verify whether the token was sent to this Federation Service. If you think that the audience identifier does not identify your Federation Service, adding it to the acceptable identifiers list may open a security vulnerability in your system. 

 

其他数据 

Additional Data 

 

例外详情： 

Exception details: 

ID1035 ：SAML断言不包含任何AudienceRestrictionConditions。要接受没有AudienceRestrictionConditions的断言，请将SecurityTokenHandlerConfiguration.AudienceRestriction.AudienceMode设置为AudienceUriMode.Never。

ID1035: The SAML Assertion did not contain any AudienceRestrictionConditions. To accept assertions without AudienceRestrictionConditions, set SecurityTokenHandlerConfiguration.AudienceRestriction.AudienceMode to AudienceUriMode.Never.

推荐答案

它已由在观众uri中添加/ adfs / services / trust

It was resolved by adding /adfs/services/trust in the audience uri

这篇关于向受理信任提供商添加受众限制的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！