C# 使用WCF或WIF从PingFederate获取轻量级SSO令牌
我正在为PingFederate提供的演示设置使用WCF编写客户端,其方式与本文()中所述的类似。 我的问题是,在第二步中,我需要将SAML令牌交换到SP上的轻量级SSO令牌。 从SP序列化响应时出现异常C# 使用WCF或WIF从PingFederate获取轻量级SSO令牌,c#,wcf,single-sign-on,ws-security,pingfederate,C#,Wcf,Single Sign On,Ws Security,Pingfederate,我正在为PingFederate提供的演示设置使用WCF编写客户端,其方式与本文()中所述的类似。 我的问题是,在第二步中,我需要将SAML令牌交换到SP上的轻量级SSO令牌。 从SP序列化响应时出现异常 ID3135: The element 'TokenType' with namespace 'http://docs.oasis-open.org/ws-sx/ws-trust/200512' has value 'BASE64BINARY' which is not an absolute
ID3135: The element 'TokenType' with namespace 'http://docs.oasis-open.org/ws-sx/ws-trust/200512' has value 'BASE64BINARY' which is not an absolute URI.
据我所知,WS2007FederationHttpBinding无法处理这种类型的令牌
我正在寻找如何处理这种情况的解释
客户端代码如下(从IDP获取SAML令牌后)
var binding = new WS2007FederationHttpBinding();
binding.Security.Mode = WSFederationHttpSecurityMode.TransportWithMessageCredential;
binding.Security.Message.IssuedKeyType = SecurityKeyType.BearerKey;
binding.Security.Message.EstablishSecurityContext = false;
var factory = new WSTrustChannelFactory(binding, new EndpointAddress(SP_EndPoint));
factory.TrustVersion = TrustVersion.WSTrust13;
factory.Credentials.SupportInteractive = false;
var rst = new RequestSecurityToken
{
RequestType = RequestTypes.Issue,
//AppliesTo = new EndpointReference(@"http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous"),
};
RequestSecurityTokenResponse rstr;
var channel = factory.CreateChannelWithIssuedToken(idpToken);
SecurityToken spToken = channel.Issue(rst, out rstr);
return spToken;