ADFS 2.0 RC上的声明提供程序信任问题 [英] Trouble with Claims Provider Trust on ADFS 2.0 RC

问题描述

我使用测试网站作为RP实现了自定义STS。 它主要基于Matias Woloski的 OpenID协议转换STS 示例....除了我使用最新版本的FedUtil重新实现它。 无论如何，RP网站获得了索赔和各种工作。

现在我想将此STS用作ADFS 2.0 RC中的声明提供程序。 但是，当我完成对OpenID的身份验证后，我不断被重定向到：http：//server.com/adfs/services/trust，并且该过程因"HTTP 503：服务不可用"而死亡。 br />我是否错误配置了联合身份验证服务标识符？ 我在这里做些傻瓜吗？ 我可以提供可能需要的任何额外细节。

谢谢！

:: Travis

I have a custom STS implemented with a test web site as an RP.  It's largely based on Matias Woloski's OpenID protocol transition STS example....except I re-implemented it using the latest version of FedUtil.  Anyhow, the RP web site gets the claims and everyting works.

Now I'd like to use this STS as a Claims Provider in ADFS 2.0 RC.  However, when I finish authenticating to OpenID I keep getting redirected to: http://server.com/adfs/services/trust and the process just dies with a "HTTP 503: The service is unavailable".

Do I have the Federation Service Identifier mis-configured?  Am I doing someting boneheaded here?  I can provde any extra details that might be required.

Thanks!

:: Travis

推荐答案

所以看起来我遇到与此主题。 在我的例子中，RP是SharePoint 2010.

这很好用：RP - >  ADFS 2.0  - > RP
我通过Windows登录验证ADFS 2.0并使用声明进入SharePoint 2010。 一切都很好。

但是，我真正想要的是：RP - > ADFS 2.0 - > OpenID STS-> OpenID登录 - > RP
......或类似的东西。 我知道OpenID STS在与标准ASP.NET网页一起使用时工作正常。
在ADFS 2.0中，我使用声明提供程序信任，将OpenID STS配置为WS-Federation被动端点  Open ID STS提供名称，角色和身份验证（http://schemas.xmlsoap.org/ws/2005/05/identity/claims/authentication）声明。

这将是一个有点常见情况，不是吗？原始线程从未被解决，所以也许没有...·
谢谢，

:: Travis

So it looks like I'm having the exact same problem as with this thread.  In my case, the RP is SharePoint 2010.

This works great: RP -> ADFS 2.0 -> RP
I auth to ADFS 2.0 via Windows Login and get into SharePoint 2010 with claims.  All is well.

However, what I really want is this: RP -> ADFS 2.0 -> OpenID STS-> OpenID Login -> RP
...or something similar.  I know the OpenID STS works fine when used with a standard ASP.NET web page.

In ADFS 2.0, I'm using a claim provider trust with the OpenID STS configured as a WS-Federation passive endpoint.  The Open ID STS is providing Name, Role, and Authentication (http://schemas.xmlsoap.org/ws/2005/05/identity/claims/authentication) claims.

This would be a somewhat common scenario, no? The original thread was never resolved so perhaps not...

Thanks,

:: Travis

这篇关于ADFS 2.0 RC上的声明提供程序信任问题的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！