Single sign on ADFS登录时出现错误Microsoft.IdentityServer.Web.UnsupportedSamlRequestException_Single Sign On_Adfs_Windows Server 2012 R2_Adfs3.0

Single sign on ADFS登录时出现错误Microsoft.IdentityServer.Web.UnsupportedSamlRequestException

single-sign-on

Single sign on ADFS登录时出现错误Microsoft.IdentityServer.Web.UnsupportedSamlRequestException,single-sign-on,adfs,windows-server-2012-r2,adfs3.0,Single Sign On,Adfs,Windows Server 2012 R2,Adfs3.0,我正在尝试将gitlab连接到ADFS以进行单点登录（SSO） assertion_consumer_service_url:'https://myhost/users/auth/saml/callback', idp_cert_fingerprint: '', idp_sso_target_url: 'https://myadfshost/adfs/ls', issuer: 'https://myhost', 我在ADF中添加了依赖方信任。并在广告中添加了一个用户进行授权。当我进入时

我正在尝试将gitlab连接到ADFS以进行单点登录（SSO）

assertion_consumer_service_url:'https://myhost/users/auth/saml/callback',
 idp_cert_fingerprint: '',
 idp_sso_target_url: 'https://myadfshost/adfs/ls',
 issuer: 'https://myhost',

我在ADF中添加了依赖方信任。并在广告中添加了一个用户进行授权。当我进入时。我获得带有登录选项的ADFS页面。输入用户密码后，我被重定向到gitlab登录页面，出现以下错误：

Could not authenticate you from SAML because "The status code of the response was not success, was responder".

当我检查ADFS的事件日志时，我得到以下错误：

Could not authenticate you from SAML because "The status code of the response was not success, was responder".

联合被动请求期间遇到错误

Additional Data 

Protocol Name: 
Saml 

Relying Party:

https://mygitlabhost 

Exception details: 
Microsoft.IdentityServer.Web.UnsupportedSamlRequestException: MSIS7076: The configured passive endpoint 'https://win-i52r11kn5sa.rohit.local/adfs/ls/' is not a prefix of the incoming SAML message Destination URI 'https://myadfshost/adfs/ls'.
   at Microsoft.IdentityServer.Web.Protocols.Saml.SamlProtocolManager.ValidateIncomingSamlMessage(SamlMessage samlMessage)
   at Microsoft.IdentityServer.Web.Protocols.Saml.SamlProtocolManager.Issue(HttpSamlRequestMessage httpSamlRequestMessage, SecurityTokenElement onBehalfOf, String sessionState, String relayState, String& newSamlSession, String& samlpAuthenticationProvider, Boolean isUrlTranslationNeeded, WrappedHttpListenerContext context, Boolean isKmsiRequested)
   at Microsoft.IdentityServer.Web.Protocols.Saml.SamlProtocolHandler.RequestBearerToken(WrappedHttpListenerContext context, HttpSamlRequestMessage httpSamlRequest, SecurityTokenElement onBehalfOf, String relyingPartyIdentifier, Boolean isKmsiRequested, Boolean isApplicationProxyTokenRequired, String& samlpSessionState, String& samlpAuthenticationProvider)
   at Microsoft.IdentityServer.Web.Protocols.Saml.SamlProtocolHandler.BuildSignInResponseCoreWithSerializedToken(HttpSamlRequestMessage httpSamlRequest, WrappedHttpListenerContext context, String relyingPartyIdentifier, SecurityTokenElement signOnTokenElement, Boolean isKmsiRequested, Boolean isApplicationProxyTokenRequired)
   at Microsoft.IdentityServer.Web.Protocols.Saml.SamlProtocolHandler.BuildSignInResponseCoreWithSecurityToken(SamlSignInContext context, SecurityToken securityToken, SecurityToken deviceSecurityToken)
   at Microsoft.IdentityServer.Web.Protocols.Saml.SamlProtocolHandler.Process(ProtocolContext context)
   at Microsoft.IdentityServer.Web.PassiveProtocolListener.ProcessProtocolRequest(ProtocolContext protocolContext, PassiveProtocolHandler protocolHandler)
   at Microsoft.IdentityServer.Web.PassiveProtocolListener.OnGetContext(WrappedHttpListenerContext context)

这可能是因为配置错误的ssl证书吗？如果不是，wat可能是问题所在？

这可能是因为元数据或配置

您是否将ADFS元数据URL发送到SAML端

SAML端配置为发送到

配置的ADFS端点为

所以SAML一方应该发送到