0

我为 AD FS MFA 创建了一个自定义身份验证提供程序。

我在元数据中定义了一个身份验证方法声明:

public string[] AuthenticationMethods
{
    get { return new string[] { "https://schemas.microsoft.com/ws/2012/12/authmethod/otp" }; }
}

我还有一个 TryEndAuthentication 方法(这仅用于实验室目的,一旦这部分工作,我将更改硬编码的 pin):

 public IAdapterPresentation TryEndAuthentication(IAuthenticationContext context, IProofData proofData, System.Net.HttpListenerRequest request, out System.Security.Claims.Claim[] claims)
    {
        claims = null;
        IAdapterPresentation result = null;
        string pin = proofData.Properties["pin"].ToString();
        if (pin == "12345")
        {
            System.Security.Claims.Claim claim = new System.Security.Claims.Claim("https://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod", "https://schemas.microsoft.com/ws/2012/12/authmethod/otp");
            claims = new System.Security.Claims.Claim[] { claim };
        }
        else
        {
            result = new AdapterPresentation("Authentication failed.", false);
        }
        return result;
    }

但是当我在我的 AD FS 中部署它时,当我正确登录时它会给我这个错误: 身份验证提供程序未返回身份验证方法声明

有谁知道出了什么问题?

4

1 回答 1

0

我想到了。schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod 声明的 URI 应使用 http。不是https。

您应该更改以下行

if (pin == "12345")
        {
            System.Security.Claims.Claim claim = new System.Security.Claims.Claim("https://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod", "https://schemas.microsoft.com/ws/2012/12/authmethod/otp");
            claims = new System.Security.Claims.Claim[] { claim };
        }


if (pin == "12345")
        {
            System.Security.Claims.Claim claim = new System.Security.Claims.Claim("http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod", "https://schemas.microsoft.com/ws/2012/12/authmethod/otp");
            claims = new System.Security.Claims.Claim[] { claim };
        }

然后它将起作用。

当我从https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/development/ad-fs-build-custom-auth-method复制示例适配器代码时,我犯了同样的错误

我已经在 github 上提交了https://github.com/MicrosoftDocs/windowsserverdocs/pull/4165更正,应该很快就会提交。

于 2020-04-10T18:05:50.050 回答