C# 活动客户端-使用idp令牌从资源伙伴ADF获取令牌
我正在尝试使用以下场景编写控制台应用程序: 客户端首先从身份提供者请求令牌,然后使用该令牌从资源提供者请求新令牌 使用以下链接: 我设法从Idp获取令牌,但没有设法从资源STS获取令牌 这是我的代码:C# 活动客户端-使用idp令牌从资源伙伴ADF获取令牌,c#,wcf,saml,claims-based-identity,adfs2.0,C#,Wcf,Saml,Claims Based Identity,Adfs2.0,我正在尝试使用以下场景编写控制台应用程序: 客户端首先从身份提供者请求令牌,然后使用该令牌从资源提供者请求新令牌 使用以下链接: 我设法从Idp获取令牌,但没有设法从资源STS获取令牌 这是我的代码: string RPRealm = "https://service.contoso.com/"; string RSTSRealm = "http://fsweb.contoso.com/adfs/services/trust"; string IdPstsEndpoint
string RPRealm = "https://service.contoso.com/";
string RSTSRealm = "http://fsweb.contoso.com/adfs/services/trust";
string IdPstsEndpoint = "https://IdpAdfs.domain.com/adfs/services/trust/13/kerberosmixed";
string RSTSEndpoint = "https://fsweb.contoso.com/adfs/services/trust/13/IssuedTokenMixedSymmetricBasic256";
private static SecurityToken GetIdPToken(string rstsRealm, string IdPstsEndpoint)
{
using (var factory = new WSTrustChannelFactory(
new KerberosWSTrustBinding(SecurityMode.TransportWithMessageCredential),
new EndpointAddress(new Uri(IdPstsEndpoint))))
{
WSTrustChannel channel = null;
factory.TrustVersion = TrustVersion.WSTrust13;
try
{
var rst = new RequestSecurityToken
{
RequestType = WSTrust13Constants.RequestTypes.Issue,
AppliesTo = new EndpointAddress(rstsRealm),
KeyType = WSTrust13Constants.KeyTypes.Bearer,
};
channel = (WSTrustChannel)factory.CreateChannel();
RequestSecurityTokenResponse rstr;
SecurityToken token = channel.Issue(rst, out rstr);
return token;
}
finally
{
if (channel != null)
{
channel.Abort();
}
factory.Abort();
}
}
}
private static SecurityToken GetRSTSToken(SecurityToken IdPToken, string RSTSEndpoint, string RPRealm)
{
var binding = new WS2007FederationHttpBinding();
binding.Security.Message.IssuedKeyType = SecurityKeyType.BearerKey;
binding.Security.Message.EstablishSecurityContext = false;
binding.Security.Mode = WSFederationHttpSecurityMode.TransportWithMessageCredential;
using (var factory = new WSTrustChannelFactory(
binding,
new EndpointAddress(new Uri(RSTSEndpoint))))
{
var rst = new RequestSecurityToken
{
RequestType = WSTrust13Constants.RequestTypes.Issue,
AppliesTo = new EndpointAddress(RPRealm),
KeyType = WSTrust13Constants.KeyTypes.Bearer,
};
factory.Credentials.ServiceCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.None;
factory.TrustVersion = TrustVersion.WSTrust13;
factory.Credentials.SupportInteractive = false;
factory.ConfigureChannelFactory();
var channel = factory.CreateChannelWithIssuedToken(IdPToken);
RequestSecurityTokenResponse rstr;
SecurityToken token = channel.Issue(rst, out rstr);
return token;
}
}
我得到这个错误:
响应消息的内容类型text/html与绑定的内容类型不匹配(application/soap+xml;charset=utf-8)
我的代码出了什么问题?
提前感谢ADFS不支持其联盟内点上的承载令牌。换句话说,在第一个跃点上,您需要在RST上指定一个KeyTypes.Symmetric。尝试使用Thinktecture.IdentityModel中的WSTrust绑定-例如,对于第二个跃点,使用IssuedTokenStrustBinding。如果我使用IssuedTokenStrustBinding,我得到错误:签名令牌通用XML令牌:validFrom:05/05/2013 14:51:22 validTo:05/05/2013 15:51:22 InternalTokenReference:SamlasertionKeyIdentifierClause(AssertionId='_299797979797-107a-4c16-b59b-4a9462edfea3')外部令牌引用:SamlasertionKeyIdentifierClause(AssertionId='_2997979797979797-107a-4c16-b59b-4a9462edfea3')令牌元素:(EncryptedData,)没有密钥。安全令牌用于要求其执行加密操作的上下文中,但该令牌不包含加密。。。