1

我正在尝试使用 WS2007HttpRelayBinding 并将端到端安全模式设置为 TransportWithMessageCredential。我使用 IssuedToken 作为凭证​​类型。我从调用服务的 ADFS 2.0 获取令牌我在本地 wcf 跟踪日志中得到以下内容

找不到“Microsoft.IdentityModel.Tokens.Saml2.Saml2SecurityToken”令牌类型的令牌身份验证器。根据当前的安全设置,不能接受该类型的令牌。

更新:
这就是我配置服务主机的方式

ServiceConfiguration serviceConfiguration = new ServiceConfiguration();

            serviceConfiguration.ServiceCertificate = GetServiceCertificateWithPrivateKey();


            serviceConfiguration.CertificateValidationMode = X509CertificateValidationMode.None;


            serviceConfiguration.IssuerNameRegistry = new X509IssuerNameRegistry("localhost");


            serviceConfiguration.SaveBootstrapTokens = true;


            serviceConfiguration.SecurityTokenHandlers.AddOrReplace(new Saml2SecurityTokenHandler());


            serviceConfiguration.SecurityTokenHandlers.Configuration.AudienceRestriction.AllowedAudienceUris.Add(new Uri("https://mynamespace.servicebus.windows.net/Service1/"));



            FederatedServiceCredentials.ConfigureServiceHost(host, serviceConfiguration);

            host.Open();
4

3 回答 3

3

您能否验证是否添加了 Microsoft.IdentityModel.Tokens.Saml2.Saml2SecurityTokenHandler 

  <securityTokenHandlers>
    <add type="Microsoft.IdentityModel.Tokens.Saml2.Saml2SecurityTokenHandler" />
  </securityTokenHandlers>

编辑:并且还要确保验证证书配置。

编辑:也许这也将有助于MSDN WCF 论坛

于 2012-07-23T13:28:13.910 回答
1

Alexey 的回答非常适合 web.config/app.config 修改。除此之外,您还可以在代码中配置令牌处理程序(示例来自如何:使用用户名和密码对受 ACS 保护的 WCF 服务进行身份验证文章 (docs.microsoft.com) - 如何:使用用户名和密码进行身份验证):

//
// This must be called after all WCF settings are set on the service host so the
// Windows Identity Foundation token handlers can pick up the relevant settings.
//
ServiceConfiguration serviceConfiguration = new ServiceConfiguration();
serviceConfiguration.CertificateValidationMode = X509CertificateValidationMode.None;

// Accept ACS signing certificate as Issuer.
serviceConfiguration.IssuerNameRegistry = new X509IssuerNameRegistry( GetAcsSigningCertificate().SubjectName.Name );

// Add the SAML 2.0 token handler.
serviceConfiguration.SecurityTokenHandlers.AddOrReplace( new Saml2SecurityTokenHandler() );
于 2012-07-23T13:33:49.133 回答
1

绑定安全元素设置为查找 SAML 1.1 令牌。在构建“CustomBinding”元素后,我将以下代码添加到服务器

IssuedSecurityTokenParameters issuedTokenParameters = 
            myBinding.Elements.Find<TransportSecurityBindingElement>().EndpointSupportingTokenParameters.Endorsing[0] as IssuedSecurityTokenParameters;
        issuedTokenParameters.TokenType = "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0";
于 2012-07-27T13:40:50.033 回答