0

我正在为一个似乎适用于 IE 和 Chrome 的特殊问题而摸不着头脑。

我们有一个为 RP 服务的定制被动 STS。一切都很好,直到我通过我的自定义身份验证服务进行身份验证,然后 STS 返回我可以在我的临时文件夹中看到的令牌。然后发送 SAML 1.0 令牌的 POST 操作挂起并静默死亡,而不是取回通常会重定向我 RP 的 FedAuth cookie

注意:RP 和 IP 托管在反向代理服务器 (Nginx) 后面的 Web 服务器上。反向代理通过 SSL 托管,所有往返代理服务器和网络服务器的流量都是非 SSL

以下内容登录网络服务器

Event code: 3005 
Event message: An unhandled exception has occurred. 
Event time: 12/11/2013 5:16:33 PM 
Event time (UTC): 12/11/2013 5:16:33 PM 
Event ID: eef80ad2bffe425780dd46e5f28c0306 
Event sequence: 2 
Event occurrence: 1 
Event detail code: 0 


Exception information: 
Exception type: XmlException 
Exception message: **Unexpected end of file. Following elements are not closed:   RequestedUnattachedReference, RequestSecurityTokenResponse,** RequestSecurityTokenResponseCollection. Line 1, position 5852.

at System.Xml.XmlExceptionHelper.ThrowXmlException(XmlDictionaryReader reader, String res, String arg1, String arg2, String arg3)
at System.Xml.XmlExceptionHelper.ThrowUnexpectedEndOfFile(XmlDictionaryReader reader)
at System.Xml.XmlBufferReader.GetByteHard()
at System.Xml.XmlBufferReader.GetByte()
at System.Xml.XmlUTF8TextReader.ReadStartElement()
at System.Xml.XmlUTF8TextReader.Read()
at System.Xml.XmlBaseReader.ReadEndElement()
at   Microsoft.IdentityModel.Protocols.WSTrust.WSTrustSerializationHelper.ReadRSTRXml(XmlReader reader, RequestSecurityTokenResponse rstr, WSTrustSerializationContext context, WSTrustConstantsAdapter trustConstants)
at Microsoft.IdentityModel.Protocols.WSTrust.WSTrust13ResponseSerializer.ReadXmlElement(XmlReader reader, RequestSecurityTokenResponse rstr, WSTrustSerializationContext context)
at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustSerializationHelper.CreateResponse(XmlReader reader, WSTrustSerializationContext context, WSTrustResponseSerializer responseSerializer, WSTrustConstantsAdapter trustConstants)
at Microsoft.IdentityModel.Protocols.WSTrust.WSTrust13ResponseSerializer.ReadXml(XmlReader reader, WSTrustSerializationContext context)
at Microsoft.IdentityModel.Protocols.WSFederation.WSFederationSerializer.CreateResponse(WSFederationMessage message, WSTrustSerializationContext context)
at Microsoft.IdentityModel.Web.WSFederationAuthenticationModule.GetXmlTokenFromMessage(SignInResponseMessage message, WSFederationSerializer federationSerializer)
at Microsoft.IdentityModel.Web.WSFederationAuthenticationModule.GetXmlTokenFromMessage(SignInResponseMessage message)
at Microsoft.IdentityModel.Web.WSFederationAuthenticationModule.GetXmlTokenFromMessage(SignInResponseMessage message, WSFederationSerializer federationSerializer)
at Microsoft.IdentityModel.Web.WSFederationAuthenticationModule.GetSecurityToken(SignInResponseMessage message)
at Microsoft.IdentityModel.Web.WSFederationAuthenticationModule.GetSecurityToken(HttpRequest request)
at Microsoft.IdentityModel.Web.WSFederationAuthenticationModule.SignInWithResponseMessage(HttpRequest request)
at Microsoft.IdentityModel.Web.WSFederationAuthenticationModule.OnAuthenticateRequest(Object sender, EventArgs args)
at System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)

我不明白为什么只是为了 FF 我会遇到这个问题。FF 标头中发送的内容大小是否有限制?

另一个问题是:我已经安装了两个不同的证书,一个在代理服务器(SSL)上,一个在网络服务器(STS)上,用于签署令牌。我可以使用相同的证书吗?我是不是该?

4

1 回答 1

0

根据Can HTTP headers be too big for a browser问题的最高投票答案,Firefox 确实具有最低的单个标头大小(或者至少在 FF3.6 中确实如此)。接受的答案可能会对您有所帮助,因为您已经提到您在代理后面。

于 2014-03-07T09:16:38.237 回答