我为ADFS
MFA 创建了一个自定义身份验证器。我在元数据中定义了身份验证方法:
class MyMetadata : IAuthenticationAdapterMetadata
{
public virtual string[] AuthenticationMethods
{
get { return new[] {
"http://schemas.microsoft.com/ws/2012/12/authmethod/otp" }; }
}
}
我的 TryEndAuthentication 也定义为:
public IAdapterPresentation TryEndAuthentication(IAuthenticationContext context, IProofData proofData, HttpListenerRequest request, out Claim[] claims)
{
claims = new Claim[0];
//return new MyPresentationForm();
System.Security.Claims.Claim claim = new System.Security.Claims.Claim("http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod", "http://schemas.microsoft.com/ws/2012/12/authmethod/otp");
claims = new System.Security.Claims.Claim[] { claim };
return null;
}
但我在 ADFS 日志中收到此错误:
Encountered error during federation passive request.
Additional Data
Protocol Name:
Saml
Relying Party:
gitlab-app
Exception details:
System.IO.InvalidDataException: The authentication provider returned authentication method http://schemas.microsoft.com/ws/2012/12/authmethod/otp, which is not specified as a supported authentication method in the provider's metadata.
at Microsoft.IdentityServer.Web.Authentication.External.ExternalAuthenticationHandler.ValidateAdapterClaims(IAuthenticationContext authContext, ICollection`1 claims, Int32 responseLcid)
at Microsoft.IdentityServer.Web.Authentication.External.ExternalAuthenticationHandler.ProcessAdapterClaims(ICollection`1 claims, AuthenticationContext authContext, ProtocolContext context, IAccountStoreUserData userData)
at Microsoft.IdentityServer.Web.Authentication.External.ExternalAuthenticationHandler.Process(ProtocolContext context)
at Microsoft.IdentityServer.Web.Authentication.AuthenticationOptionsHandler.Process(ProtocolContext context)
at Microsoft.IdentityServer.Web.PassiveProtocolListener.OnGetContext(WrappedHttpListenerContext context)