0

I am trying to locate some documentation or help on this error I have encountered:

ID4453: The SAML service 'SingleLogoutServices' has endpoint with location or response location 'https://<server>/saml/' that is outside of application path '/SAML'.

[InvalidOperationException: ID4453: The SAML service 'SingleLogoutServices' has endpoint with location or response location 'https://<server>/saml/' that is outside of application path '/SAML'.]
Microsoft.IdentityModel.Web.Saml2AuthenticationModule.ValidatePathCasing(ServiceProviderSingleSignOnDescriptor serviceProviderDescriptor) +657
Microsoft.IdentityModel.Web.Saml2AuthenticationModule.ReadSelfMetadata(Stream stream, String fileName, String& entityId, EndpointConfiguration& endpointConfiguration, Boolean& signAuthenticationRequests, X509Certificate2& signingCertificate) +219
Microsoft.IdentityModel.Web.Saml2AuthenticationModule..ctor() +265

The web.config of the site is:

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
  <configSections>
    <section name="microsoft.identityModel" type="Microsoft.IdentityModel.Configuration.MicrosoftIdentityModelSection, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
    <section name="microsoft.identityModel.saml" type="Microsoft.IdentityModel.Web.Configuration.MicrosoftIdentityModelSamlSection, Microsoft.IdentityModel.Protocols" />
  </configSections>
  <connectionStrings>
    <add name="..." connectionString="..." providerName="System.Data.SqlClient" />
  </connectionStrings>
  <appSettings>
    <add key="AppPath" value="https://<server>/login.aspx" />
  </appSettings>
  <system.web>
    <authorization>
      <deny users="?" />
    </authorization>
    <compilation debug="true" targetFramework="4.0">
      <assemblies>
        <add assembly="Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
      </assemblies>
    </compilation>
    <authentication mode="Windows" />
    <httpModules>
      <add name="Saml2AuthenticationModule" type="Microsoft.IdentityModel.Web.Saml2AuthenticationModule" />
      <add name="SessionAuthenticationModule" type="Microsoft.IdentityModel.Web.SessionAuthenticationModule" />
    </httpModules>
  </system.web>
  <system.webServer>
    <validation validateIntegratedModeConfiguration="false" />
    <modules>
      <add name="Saml2AuthenticationModule" type="Microsoft.IdentityModel.Web.Saml2AuthenticationModule" />
      <add name="SessionAuthenticationModule" type="Microsoft.IdentityModel.Web.SessionAuthenticationModule" />
    </modules>
  </system.webServer>
  <microsoft.identityModel>
    <service>
      <audienceUris>
        <add value="https://<server>/saml/" />
      </audienceUris>
      <certificateValidation certificateValidationMode="None" />
      <issuerNameRegistry type="Microsoft.IdentityModel.Tokens.ConfigurationBasedIssuerNameRegistry">
        <trustedIssuers>
          <add name="http://<ADFS server>/adfs/services/trust" thumbprint="...." />
        </trustedIssuers>
      </issuerNameRegistry>
      <serviceTokenResolver type="Microsoft.IdentityModel.Tokens.X509CertificateStoreTokenResolver" />
      <securityTokenHandlers>
        <securityTokenHandlerConfiguration saveBootstrapTokens="true">
        </securityTokenHandlerConfiguration>
      </securityTokenHandlers>
    </service>
  </microsoft.identityModel>
  <microsoft.identityModel.saml metadata="myconfig.xml">
    <identityProviders>
      <metadata file="partner-metadata.xml" />
    </identityProviders>
  </microsoft.identityModel.saml>
</configuration>

I am just unable to find any supporting doco or web ref that could point me in the right direction.

All help appreciated.

4

1 回答 1

0

仅供参考 - 对于那些可能遇到此问题的人,路径区分大小写。所以关键是:

https://<server>/saml/' that is outside of application path '/SAML'.

我的网站是大写的,但我使用的链接是小写的:

<add value="https://<server>/saml/" />

匹配了案例,它解决了问题。

于 2013-05-13T06:20:00.610 回答