带有ADFS idp的saml.rutime错误,在非adfs idp中导入sp非签名元数据没有问题,但我在运行时遇到问题:
在idp身份验证之后,在成功身份验证上,在idp页面上我收到了如下信任错误:
The request specified an Assertion Consumer Service URL
'https://test.it/au/login' that is not configured on the relying party 'microsoft:identityserver:test.it'.
Assertion Consumer Service URL: https://test.it/au/login Relying party: microsoft:identityserver:test.it
that is a prefix match of the AssertionConsumerService URL 'https://test.it/au/login' specified by the request.
This request failed.
MY SP METADATA是这样的:
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" ID="test.it" entityID="test.it">
<md:SPSSODescriptor AuthnRequestsSigned="false"
WantAssertionsSigned="false" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<md:KeyDescriptor use="signing">
<md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
Location="https://test.it:443/au/login" index="0" isDefault="true"/>
我可以补充一下:如果我从/adfs/ls/idpinitiatedsignon.htm启动auth进程,我选择我的sp提供程序(所以我排除了saml2p上的问题:AuthnRequest),有一个帖子重定向到https://test.it/au/lo gin"我想知道我在idp上的端点是如何在它上面有空白的.
我发现这篇文章似乎解释了 http://social.technet.microsoft.com/wiki/contents/articles/4039.ad-fs-2-0-the-request-specified-an-assertion-consumer-service- url-that-not-configured-on-relying-party.aspx 简而言之,它说:
有两种选择:
配置RP,以便在AuthnRequest中未指定AssertionConsumerService
配置RP以在AuthnRequest中发送AssertionConsumerService值,该值与AD FS 2.0中RP Trust的Endpoints选项卡上的AssertionConsumerService值匹配.
你怎么看
如果我使用entityID …