无法使用Azure多重身份验证服务器登录SharePoint网站 [英] Cannot login to SharePoint sites using Azure Multi-Factor Authentication Server
问题描述
最近在SharePoint 2013 WFE服务器上实现的Azure多重身份验证.
无法使用基于表单/HTTP身份验证的方法登录到SharePoint网站.
得到错误:例如在使用基于表单的身份验证时被禁止使用403.以下是日志:
2017-11-16T12:29:04.963819Z | i | 7132 | 6236 | pfsvc |用户名'0#.f | fbamembershipprovider | aks1'不能'不能解析为SID.
2017-11-16T12:29:04.963819Z | w | 7132 | 6236 | canU,pfsvc |用户名'0#.f | fbamembershipprovider | aks1'规范化失败.
2017-11-16T12:29:04.966819Z | i | 7132 | 6236 | pfsvc |用户名'0#.f | fbamembershipprovider | aks1'不能'不能解析为SID.
2017-11-16T12:29:04.966819Z | e | 7132 | 6236 | impl_s_combinedAuth6 |找不到授权RPC调用者进行授权的理由验证电话.
2017-11-16T12:29:04.966819Z | e | 7132 | 6236 | trace | i | pfsvc || #Pfauth未针对用户'0执行#.f | fbamembershipprovider | aks1',来自192.168.169.60.
2017-11-16T12:29:04.966819Z | e | 7132 | 6236 | implPfServer |拒绝从pfsvc :: impl_s_combinedAuth6访问.
2017-11-16T12:29:06.638987Z | i | 7132 | 5892 | pfsvc |用户名'0#.f | fbamembershipprovider | aks1'不能'不能解析为SID.
2017-11-16T12:29:06.639987Z | w | 7132 | 5892 | canU,pfsvc |用户名'0#.f | fbamembershipprovider | aks1'规范化失败.
2017-11-16T12:29:06.641987Z | i | 7132 | 5892 | pfsvc |用户名'0#.f | fbamembershipprovider | aks1'不能'不能解析为SID.
2017-11-16T12:29:06.641987Z | e | 7132 | 5892 | impl_s_combinedAuth6 |找不到授权RPC调用者进行授权的理由验证电话.
2017-11-16T12:29:06.641987Z | e | 7132 | 5892 | trace | i | pfsvc || #Pfauth未针对用户'0执行#.f | fbamembershipprovider | aks1',来自192.168.169.60.
2017-11-16T12:29:06.641987Z | e | 7132 | 5892 | implPfServer |拒绝从pfsvc :: impl_s_combinedAuth6访问.
任何人都可以提出解决此问题的原因和解决方法.
谢谢
Dinesh Vashisht
Hi
MFA服务器尝试对该用户名执行主要身份验证失败了.它无法从用户名中删除该前缀 才能完成这项工作.唯一的选择是将基于声明的身份验证配置为使用ADFS进行身份验证,您可以在其中使用MFA服务器的ADFS适配器为该依赖方执行MFA.
Hi,
Recently Implemented Azure Multi-Factor Authentication on SharePoint 2013 WFE server.
Cannot login to SharePoint sites using either Forms Based / HTTP Authentication methods.
Getting error: 403 FORBIDDEN for example while using Forms Based Authentication. Following are the logs:
2017-11-16T12:29:04.963819Z|i|7132|6236|pfsvc|Username '0#.f|fbamembershipprovider|aks1' couldn't be resolved to a SID.
2017-11-16T12:29:04.963819Z|w|7132|6236|canU,pfsvc|Username '0#.f|fbamembershipprovider|aks1' failed canonicalization.
2017-11-16T12:29:04.966819Z|i|7132|6236|pfsvc|Username '0#.f|fbamembershipprovider|aks1' couldn't be resolved to a SID.
2017-11-16T12:29:04.966819Z|e|7132|6236|impl_s_combinedAuth6|Couldn't find a reason to authorize the RPC caller to make an auth call.
2017-11-16T12:29:04.966819Z|e|7132|6236|trace|i|pfsvc||#Pfauth not performed for user '0#.f|fbamembershipprovider|aks1' from 192.168.169.60.
2017-11-16T12:29:04.966819Z|e|7132|6236|implPfServer|Denying access from pfsvc::impl_s_combinedAuth6.
2017-11-16T12:29:06.638987Z|i|7132|5892|pfsvc|Username '0#.f|fbamembershipprovider|aks1' couldn't be resolved to a SID.
2017-11-16T12:29:06.639987Z|w|7132|5892|canU,pfsvc|Username '0#.f|fbamembershipprovider|aks1' failed canonicalization.
2017-11-16T12:29:06.641987Z|i|7132|5892|pfsvc|Username '0#.f|fbamembershipprovider|aks1' couldn't be resolved to a SID.
2017-11-16T12:29:06.641987Z|e|7132|5892|impl_s_combinedAuth6|Couldn't find a reason to authorize the RPC caller to make an auth call.
2017-11-16T12:29:06.641987Z|e|7132|5892|trace|i|pfsvc||#Pfauth not performed for user '0#.f|fbamembershipprovider|aks1' from 192.168.169.60.
2017-11-16T12:29:06.641987Z|e|7132|5892|implPfServer|Denying access from pfsvc::impl_s_combinedAuth6.
Can anyone suggest a reason and workaround to solve this issue.
Thank You,
Dinesh Vashisht
Hi
The MFA Server attempts to perform primary authentication for that username which fails. it doesn't have the ability to strip that prefix from the username which would be required to make this work. The only alternative is to configure the claims-based authentication to authenticate with ADFS where you can use the MFA Server's ADFS adapter to perform MFA for that relying party.
这篇关于无法使用Azure多重身份验证服务器登录SharePoint网站的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
