【问题标题】:Cannot find a token authenticator for the 'Microsoft.IdentityModel.Tokens.Saml2.Saml2SecurityToken' token找不到“Microsoft.IdentityModel.Tokens.Saml2.Saml2SecurityToken”令牌的令牌身份验证器
【发布时间】:2012-07-21 17:47:30
【问题描述】:

我正在尝试使用 WS2007HttpRelayBinding 并将端到端安全模式设置为 TransportWithMessageCredential。我使用 IssuedToken 作为凭证​​类型。我从调用服务的 ADFS 2.0 获取令牌我在本地 wcf 跟踪日志中得到以下信息

找不到“Microsoft.IdentityModel.Tokens.Saml2.Saml2SecurityToken”令牌类型的令牌身份验证器。根据当前的安全设置,该类型的令牌不能被接受。

更新:
这就是我配置服务主机的方式

ServiceConfiguration serviceConfiguration = new ServiceConfiguration();

            serviceConfiguration.ServiceCertificate = GetServiceCertificateWithPrivateKey();


            serviceConfiguration.CertificateValidationMode = X509CertificateValidationMode.None;


            serviceConfiguration.IssuerNameRegistry = new X509IssuerNameRegistry("localhost");


            serviceConfiguration.SaveBootstrapTokens = true;


            serviceConfiguration.SecurityTokenHandlers.AddOrReplace(new Saml2SecurityTokenHandler());


            serviceConfiguration.SecurityTokenHandlers.Configuration.AudienceRestriction.AllowedAudienceUris.Add(new Uri("https://mynamespace.servicebus.windows.net/Service1/"));



            FederatedServiceCredentials.ConfigureServiceHost(host, serviceConfiguration);

            host.Open();

【问题讨论】:

    标签: wcf azure wif


    【解决方案1】:

    能否验证一下是否添加了 Microsoft.IdentityModel.Tokens.Saml2.Saml2SecurityTokenHandler

      <securityTokenHandlers>
        <add type="Microsoft.IdentityModel.Tokens.Saml2.Saml2SecurityTokenHandler" />
      </securityTokenHandlers>
    

    编辑:还要确保验证证书配置。

    编辑:也许这也有助于MSDN WCF forums

    【讨论】:

    • 我相信这与我正在执行的代码相同,serviceConfiguration.SecurityTokenHandlers.Add(new Saml2SecurityTokenHandler());然后我调用 FederatedServiceCredentials.ConfigureServiceHost(host, serviceConfiguration);
    • 这是我创建客户端绑定的方式 var binding = new WS2007HttpRelayBinding(); binding.Security.Message.ClientCredentialType = MessageCredentialType.IssuedToken; binding.Security.Message.EstablishSecurityContext = false; //binding.Security.Message.NegotiateServiceCredential = false; binding.Security.Mode = EndToEndSecurityMode.TransportWithMessageCredential;看不到帖子中提到的问题
    • binding.Security.Message.EstablishSecurityContext = false;将此设置为 true :)
    • 不,我遇到了其他问题,我设置为 false 以解决我之前遇到的许多其他问题。
    • 加上阅读描述我无法弄清楚它将如何解决我的问题。
    【解决方案2】:

    Alexey 的回答非常适合 web.config/app.config 修改。除此之外,您还可以在代码中配置令牌处理程序(示例来自 How to: Authenticate with a Username and Password to a WCF Service Protected by ACS article (docs.microsoft.com) - How to: Authenticate with a User Name and Password):

    //
    // This must be called after all WCF settings are set on the service host so the
    // Windows Identity Foundation token handlers can pick up the relevant settings.
    //
    ServiceConfiguration serviceConfiguration = new ServiceConfiguration();
    serviceConfiguration.CertificateValidationMode = X509CertificateValidationMode.None;
    
    // Accept ACS signing certificate as Issuer.
    serviceConfiguration.IssuerNameRegistry = new X509IssuerNameRegistry( GetAcsSigningCertificate().SubjectName.Name );
    
    // Add the SAML 2.0 token handler.
    serviceConfiguration.SecurityTokenHandlers.AddOrReplace( new Saml2SecurityTokenHandler() );
    

    【讨论】:

    • Sandrino 这正是我正在做的事情 serviceConfiguration.SecurityTokenHandlers.Add(new Saml2SecurityTokenHandler());仍然收到错误:(
    • 我正在使用 AddOrReplace 并且 Add 给出了一个错误,这意味着这个处理程序已经在集合中。
    【解决方案3】:

    绑定安全元素设置为查找 SAML 1.1 令牌。我在构造“CustomBinding”元素后将以下代码添加到服务器

    IssuedSecurityTokenParameters issuedTokenParameters = 
                myBinding.Elements.Find<TransportSecurityBindingElement>().EndpointSupportingTokenParameters.Endorsing[0] as IssuedSecurityTokenParameters;
            issuedTokenParameters.TokenType = "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0";
    

    【讨论】:

      猜你喜欢
      • 2012-09-20
      • 2011-02-18
      • 1970-01-01
      • 2020-03-06
      • 1970-01-01
      • 1970-01-01
      • 2017-06-13
      • 1970-01-01
      • 1970-01-01
      相关资源
      最近更新 更多