我正在尝试使用此处的 Microsoft 文档将 AD LDS 设置为 ADFS 中的声明提供程序。但我无法让它工作。当我为我的应用程序而不是 AD 选择 LDS 选项时,我收到以下错误。
发生错误。有关详细信息,请联系您的管理员
如果我在 ADFS 服务器的事件查看器中检查错误日志,我可以看到以下详细信息。
Encountered error during federation passive request.
Additional Data
Protocol Name:
OAuthAuthorizationProtocol
Relying Party:
<My-Relying-Party>
Exception details:
Microsoft.IdentityServer.RequestFailedException: No authentication provider could be found that supports the authentication methods specified in the '<My-Identifier>' claims provider trust.
at Microsoft.IdentityServer.Web.Authentication.GlobalAuthenticationPolicyEvaluator.FilterAuthMethodsByAccountStoreV2(ProtocolContext protocolContext, GlobalAuthenticationPolicy& globalPolicy)
at Microsoft.IdentityServer.Web.Authentication.GlobalAuthenticationPolicyEvaluator.EvaluatePolicyV2(IList`1 mappedRequestedAuthMethods, IList`1 mappedRequestedACRAuthProviders, AccessLocation location, ProtocolContext context, HashSet`1 authProvidersInToken, Boolean isOnWiaEndpoint, Boolean& validAuthProvidersInToken)
at Microsoft.IdentityServer.Web.Authentication.AuthenticationPolicyEvaluator.RetrieveFirstStageAuthenticationDomainV2(Boolean& validAuthProvidersInToken)
at Microsoft.IdentityServer.Web.Authentication.AuthenticationPolicyEvaluator.EvaluatePolicy(Boolean& isLastStage, AuthenticationStage& currentStage, Boolean& strongAuthRequried)
at Microsoft.IdentityServer.Web.PassiveProtocolListener.GetAuthMethodsFromAuthPolicyRules(PassiveProtocolHandler protocolHandler, ProtocolContext protocolContext)
at Microsoft.IdentityServer.Web.PassiveProtocolListener.GetAuthenticationMethods(PassiveProtocolHandler protocolHandler, ProtocolContext protocolContext)
at Microsoft.IdentityServer.Web.PassiveProtocolListener.OnGetContext(WrappedHttpListenerContext context)
编辑:
另请注意,添加的声明提供程序信任在 AD FS 管理控制台的 GUI 中不可见。使用的服务器是 Windows Server 2016 Datacenter。