1. 首页
  2. 问答
  3. 无法找到“Microsoft.IdentityModel.Tokens.Saml2.Saml2SecurityToken”令牌的令牌认证器

无法找到“Microsoft.IdentityModel.Tokens.Saml2.Saml2SecurityToken”令牌的令牌认证器

2012-07-23 64 views
1

我正尝试使用WS2007HttpRelayBinding,端到端安全模式设置为TransportWithMessageCredential。我正在使用IssuedToken作为凭证类型。我从ADFS 2.0获得令牌,并调用该服务我在本地wcf跟踪日志中获得以下内容无法找到“Microsoft.IdentityModel.Tokens.Saml2.Saml2SecurityToken”令牌的令牌认证器

找不到'Microsoft.IdentityModel.Tokens.Saml2.Saml2SecurityToken'令牌类型的令牌认证器。根据当前的安全设置,该类型的令牌不能被接受。

更新:
这是怎么了配置服务主机

ServiceConfiguration serviceConfiguration = new ServiceConfiguration(); 

      serviceConfiguration.ServiceCertificate = GetServiceCertificateWithPrivateKey(); 


      serviceConfiguration.CertificateValidationMode = X509CertificateValidationMode.None; 


      serviceConfiguration.IssuerNameRegistry = new X509IssuerNameRegistry("localhost"); 


      serviceConfiguration.SaveBootstrapTokens = true; 


      serviceConfiguration.SecurityTokenHandlers.AddOrReplace(new Saml2SecurityTokenHandler()); 


      serviceConfiguration.SecurityTokenHandlers.Configuration.AudienceRestriction.AllowedAudienceUris.Add(new Uri("https://mynamespace.servicebus.windows.net/Service1/")); 



      FederatedServiceCredentials.ConfigureServiceHost(host, serviceConfiguration); 

      host.Open();

来源

2012-07-23 Ovais

回答

1

结合安全元素被设定为寻找SAML 1.1令牌。我下面的代码添加到服务器构建“CustomBinding”元素之后

IssuedSecurityTokenParameters issuedTokenParameters = 
      myBinding.Elements.Find<TransportSecurityBindingElement>().EndpointSupportingTokenParameters.Endorsing[0] as IssuedSecurityTokenParameters; 
     issuedTokenParameters.TokenType = "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0";

来源

2012-07-27 13:40:50 Ovais

2

你可以验证,如果在

<securityTokenHandlers> 
    <add type="Microsoft.IdentityModel.Tokens.Saml2.Saml2SecurityTokenHandler" /> 
    </securityTokenHandlers>

编辑添加Microsoft.IdentityModel.Tokens.Saml2.Saml2SecurityTokenHandler:和也一定要验证证书配置。

编辑:也许这也将有助于MSDN WCF forums

来源

2012-07-23 13:28:13

+0

我相信这是equalant这个代码,我做的, serviceConfiguration.SecurityTokenHandlers.Add(新Saml2SecurityTokenHandler()); 然后我打电话给 FederatedServiceCredentials.ConfigureServiceHost(host,serviceConfiguration); – Ovais 2012-07-23 14:03:56

+0

这里是我如何创建客户端绑定 var binding = new WS2007HttpRelayBinding(); binding.Security.Message.ClientCredentialType = MessageCredentialType.IssuedToken; binding.Security.Message.EstablishSecurityContext = false; //binding.Security.Message.NegotiateServiceCredential = false; binding.Security.Mode = EndToEndSecurityMode.TransportWithMessageCredential; 看不到帖子中提到的问题 – Ovais 2012-07-23 14:18:11

+0

binding.Security.Message.EstablishSecurityContext = false;将其设置为true :) – 2012-07-23 14:40:22

0

阿列克谢的答案是完美的web.config /的app.config修改。除此之外,你还可以配置在代码中标记处理程序(从How to: Authenticate with a Username and Password to a WCF Service Protected by ACS article样品):

// 
// This must be called after all WCF settings are set on the service host so the 
// Windows Identity Foundation token handlers can pick up the relevant settings. 
// 
ServiceConfiguration serviceConfiguration = new ServiceConfiguration(); 
serviceConfiguration.CertificateValidationMode = X509CertificateValidationMode.None; 

// Accept ACS signing certificate as Issuer. 
serviceConfiguration.IssuerNameRegistry = new X509IssuerNameRegistry(GetAcsSigningCertificate().SubjectName.Name); 

// Add the SAML 2.0 token handler. 
serviceConfiguration.SecurityTokenHandlers.AddOrReplace(new Saml2SecurityTokenHandler());

来源

2012-07-23 13:33:49

+0

Sandrino this正是我在做什么 serviceConfiguration.SecurityTokenHandlers.Add(new Saml2SecurityTokenHandler()); 仍然出现错误:( – Ovais 2012-07-23 14:02:25

+0

我正在使用AddOrReplace和Add给出了一个错误,这意味着这个处理程序已经在集合中。 – Ovais 2012-07-23 14:05:47

相关问题

 相关问题