Single sign on ADFS登录时出现错误Microsoft.IdentityServer.Web.UnsupportedSamlRequestException
我正在尝试将gitlab连接到ADFS以进行单点登录(SSO)Single sign on ADFS登录时出现错误Microsoft.IdentityServer.Web.UnsupportedSamlRequestException,single-sign-on,adfs,windows-server-2012-r2,adfs3.0,Single Sign On,Adfs,Windows Server 2012 R2,Adfs3.0,我正在尝试将gitlab连接到ADFS以进行单点登录(SSO) assertion_consumer_service_url:'https://myhost/users/auth/saml/callback', idp_cert_fingerprint: '', idp_sso_target_url: 'https://myadfshost/adfs/ls', issuer: 'https://myhost', 我在ADF中添加了依赖方信任。并在广告中添加了一个用户进行授权。 当我进入时
assertion_consumer_service_url:'https://myhost/users/auth/saml/callback',
idp_cert_fingerprint: '',
idp_sso_target_url: 'https://myadfshost/adfs/ls',
issuer: 'https://myhost',
我在ADF中添加了依赖方信任。并在广告中添加了一个用户进行授权。
当我进入时。我获得带有登录选项的ADFS页面。输入用户密码后,我被重定向到gitlab登录页面,出现以下错误:
Could not authenticate you from SAML because "The status code of the response was not success, was responder".
当我检查ADFS的事件日志时,我得到以下错误:
Could not authenticate you from SAML because "The status code of the response was not success, was responder".
联合被动请求期间遇到错误
Additional Data
Protocol Name:
Saml
Relying Party:
https://mygitlabhost
Exception details:
Microsoft.IdentityServer.Web.UnsupportedSamlRequestException: MSIS7076: The configured passive endpoint 'https://win-i52r11kn5sa.rohit.local/adfs/ls/' is not a prefix of the incoming SAML message Destination URI 'https://myadfshost/adfs/ls'.
at Microsoft.IdentityServer.Web.Protocols.Saml.SamlProtocolManager.ValidateIncomingSamlMessage(SamlMessage samlMessage)
at Microsoft.IdentityServer.Web.Protocols.Saml.SamlProtocolManager.Issue(HttpSamlRequestMessage httpSamlRequestMessage, SecurityTokenElement onBehalfOf, String sessionState, String relayState, String& newSamlSession, String& samlpAuthenticationProvider, Boolean isUrlTranslationNeeded, WrappedHttpListenerContext context, Boolean isKmsiRequested)
at Microsoft.IdentityServer.Web.Protocols.Saml.SamlProtocolHandler.RequestBearerToken(WrappedHttpListenerContext context, HttpSamlRequestMessage httpSamlRequest, SecurityTokenElement onBehalfOf, String relyingPartyIdentifier, Boolean isKmsiRequested, Boolean isApplicationProxyTokenRequired, String& samlpSessionState, String& samlpAuthenticationProvider)
at Microsoft.IdentityServer.Web.Protocols.Saml.SamlProtocolHandler.BuildSignInResponseCoreWithSerializedToken(HttpSamlRequestMessage httpSamlRequest, WrappedHttpListenerContext context, String relyingPartyIdentifier, SecurityTokenElement signOnTokenElement, Boolean isKmsiRequested, Boolean isApplicationProxyTokenRequired)
at Microsoft.IdentityServer.Web.Protocols.Saml.SamlProtocolHandler.BuildSignInResponseCoreWithSecurityToken(SamlSignInContext context, SecurityToken securityToken, SecurityToken deviceSecurityToken)
at Microsoft.IdentityServer.Web.Protocols.Saml.SamlProtocolHandler.Process(ProtocolContext context)
at Microsoft.IdentityServer.Web.PassiveProtocolListener.ProcessProtocolRequest(ProtocolContext protocolContext, PassiveProtocolHandler protocolHandler)
at Microsoft.IdentityServer.Web.PassiveProtocolListener.OnGetContext(WrappedHttpListenerContext context)
这可能是因为配置错误的ssl证书吗?如果不是,wat可能是问题所在?这可能是因为元数据或配置 您是否将ADFS元数据URL发送到SAML端 SAML端配置为发送到 配置的ADFS端点为 所以SAML一方应该发送到