Single sign on SAML工件解析服务错误
我创建了一个SSO服务,用于将我的个人SP与我在Windows Server 2012上配置的IdP交互。我可以很容易地登录到IdP,但当我的SP向IdP发送工件请求时,无法在IdP端进行处理,我收到以下错误:Single sign on SAML工件解析服务错误,single-sign-on,windows-server-2012,adfs,artifact,Single Sign On,Windows Server 2012,Adfs,Artifact,我创建了一个SSO服务,用于将我的个人SP与我在Windows Server 2012上配置的IdP交互。我可以很容易地登录到IdP,但当我的SP向IdP发送工件请求时,无法在IdP端进行处理,我收到以下错误: A SAML request for the required artifact was rejected because the artifact resolution service is not enabled. Relying party: microsoft:
A SAML request for the required artifact was rejected because the artifact resolution service is not enabled.
Relying party: microsoft:identityserver:sp.abcd.com
This request failed.
User Action
Enable the artifact resolution service.
Use the AD FS Management snap-in to configure or enable the SAML artifact resolution endpoint.
然后在ADFS管理中,我启用了工件解析端点服务,但仍然无法解决这个问题。如果我缺少任何配置,请提出建议
我还得到了以下例外情况:
Exception details:
Microsoft.IdentityServer.Service.ArtifactResolutionService.ArtifactRequestedFromDisabledServiceException: MSIS3114: SAML request for relying party trust 'microsoft:identityserver:sp.abcd.com' required artifact and was rejected because artifact service is not enabled.
at Microsoft.IdentityServer.Service.SamlProtocol.EndpointResolver.FindSamlResponseEndpointForAuthenticationRequest(Boolean artifactEnabled, AuthenticationRequest request, ScopeDescription scopeDescription)
at Microsoft.IdentityServer.Web.Protocols.Saml.SamlProtocolManager.GetResponseEndpointFromRequest(SamlRequest request, Boolean isUrlTranslationNeeded, ScopeDescription scope)
at Microsoft.IdentityServer.Web.Protocols.Saml.SamlProtocolManager.Issue(HttpSamlRequestMessage httpSamlRequestMessage, SecurityTokenElement onBehalfOf, String sessionState, String relayState, String& newSamlSession, String& samlpAuthenticationProvider, Boolean isUrlTranslationNeeded, WrappedHttpListenerContext context, Boolean isKmsiRequested)
at Microsoft.IdentityServer.Web.Protocols.Saml.SamlProtocolHandler.RequestBearerToken(WrappedHttpListenerContext context, HttpSamlRequestMessage httpSamlRequest, SecurityTokenElement onBehalfOf, String relyingPartyIdentifier, Boolean isKmsiRequested, Boolean isApplicationProxyTokenRequired, String& samlpSessionState, String& samlpAuthenticationProvider)
at Microsoft.IdentityServer.Web.Protocols.Saml.SamlProtocolHandler.BuildSignInResponseCoreWithSerializedToken(HttpSamlRequestMessage httpSamlRequest, WrappedHttpListenerContext context, String relyingPartyIdentifier, SecurityTokenElement signOnTokenElement, Boolean isKmsiRequested, Boolean isApplicationProxyTokenRequired)
at Microsoft.IdentityServer.Web.Protocols.Saml.SamlProtocolHandler.BuildSignInResponseCoreWithSecurityToken(SamlSignInContext context, SecurityToken securityToken, SecurityToken deviceSecurityToken)
at Microsoft.IdentityServer.Web.Protocols.Saml.SamlProtocolHandler.Process(ProtocolContext context)
at Microsoft.IdentityServer.Web.PassiveProtocolListener.ProcessProtocolRequest(ProtocolContext protocolContext, PassiveProtocolHandler protocolHandler)
at Microsoft.IdentityServer.Web.PassiveProtocolListener.OnGetContext(WrappedHttpListenerContext context)