所以对于初学者来说,这是我的环境:
- 共享点 2010
- Windows Server 2008 标准版
- 这是我本地机器上的 VHD
- 我已连接到我的工作域 我也已连接到
- VPN 也是因为我需要的一些资源需要它
所以我在 SharePoint 中有一个用于 SSO 的 STS
STS 是通过 PowerShell cmdlet 创建的:
$cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2("c:\IdentityServer.cer")
$map1 = New-SPClaimTypeMapping -IncomingClaimType "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" -IncomingClaimTypeDisplayName "EmailAddress" –SameAsIncoming
# $map2 ... $mapN
$realm = "urn:mycompany:software"
$signinurl = "https://somesignin.com/FederationProvider/"
$ap = New-SPTrustedIdentityTokenIssuer -Name "MyFederationProvider" -Description "My Fed Provider" -Realm $realm -UseWReply -ImportTrustCertificate $cert -ClaimsMappings $map1 -SignInUrl $signinurl -IdentifierClaim $map1.InputClaimType
对于我的 SharePoint 网站的 Internet 区域,我将上面创建的受信任身份提供程序作为声明身份验证类型。
当我登录时一切顺利,直到我在代码中点击这一行,FederatedPassiveSecurityTokenServiceOperations.ProcessSignInResponse(signInResponseMessage, Response);
The error I get is:
Exception information:
Exception type: SecurityTokenException
Exception message: The issuer of the token is not a trusted issuer.
Request information:
Request URL: https://mySharePointSite.com:443/_trust/default.aspx
Request path: /_trust/default.aspx
User host address: 127.0.0.1
User:
Is authenticated: False
Authentication Type:
Thread account name: MyDomain\ThreadAccount
Thread information:
Thread ID: 10
Thread account name: MyDomain\ThreadAccount
Is impersonating: False
Stack trace: at Microsoft.SharePoint.IdentityModel.SPTrustedIssuerNameRegistry`1.GetIssuerName(SecurityToken securityToken)
at Microsoft.SharePoint.IdentityModel.SPPassiveIssuerNameRegistry.GetIssuerName(SecurityToken securityToken)
at Microsoft.IdentityModel.Tokens.Saml11.Saml11SecurityTokenHandler.CreateClaims(SamlSecurityToken samlSecurityToken)
at Microsoft.IdentityModel.Tokens.Saml11.Saml11SecurityTokenHandler.ValidateToken(SecurityToken token)
at Microsoft.IdentityModel.Web.TokenReceiver.AuthenticateToken(SecurityToken token, Boolean ensureBearerToken, String endpointUri)
at Microsoft.IdentityModel.Web.WSFederationAuthenticationModule.SignInWithResponseMessage(HttpRequest request)
at Microsoft.IdentityModel.Web.WSFederationAuthenticationModule.OnAuthenticateRequest(Object sender, EventArgs args)
at System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
但是,根证书位于本地计算机上计算机帐户的 MMC 证书管理单元的受信任根证书颁发机构中。同样,根证书在 SharePoint 中被认为是受信任的。我通过管理中心->安全->管理信任添加了它。
任何想法为什么我仍然会收到此错误?