1. 首頁
  2. 問答
  3. 活動客戶端 - 使用idp令牌從資源合作伙伴adfs獲取令牌

活動客戶端 - 使用idp令牌從資源合作伙伴adfs獲取令牌

2013-05-02 120 views
1

我正嘗試使用以下方案編寫控制檯應用程序: 客戶端首先請求來自身份提供者的令牌,然後使用此令牌從一個請求中獲取新令牌資源STS 使用以下鏈接:http://leastprivilege.com/2010/10/28/wif-adfs-2-and-wcfpart-6-chaining-multiple-token-services/活動客戶端 - 使用idp令牌從資源合作伙伴adfs獲取令牌

我管理從Idp獲取令牌,但未管理從資源STS獲取令牌。

這是我的代碼:

string RPRealm = "https://service.contoso.com/"; 
    string RSTSRealm = "http://fsweb.contoso.com/adfs/services/trust"; 
    string IdPstsEndpoint = "https://IdpAdfs.domain.com/adfs/services/trust/13/kerberosmixed"; 
    string RSTSEndpoint = "https://fsweb.contoso.com/adfs/services/trust/13/IssuedTokenMixedSymmetricBasic256"; 

    private static SecurityToken GetIdPToken(string rstsRealm, string IdPstsEndpoint) 
    { 
     using (var factory = new WSTrustChannelFactory(
       new KerberosWSTrustBinding(SecurityMode.TransportWithMessageCredential), 
       new EndpointAddress(new Uri(IdPstsEndpoint)))) 
     { 
      WSTrustChannel channel = null; 
      factory.TrustVersion = TrustVersion.WSTrust13; 
      try 
      { 
       var rst = new RequestSecurityToken 
       { 
        RequestType = WSTrust13Constants.RequestTypes.Issue, 
        AppliesTo = new EndpointAddress(rstsRealm), 
        KeyType = WSTrust13Constants.KeyTypes.Bearer, 
       }; 

       channel = (WSTrustChannel)factory.CreateChannel(); 
       RequestSecurityTokenResponse rstr; 
       SecurityToken token = channel.Issue(rst, out rstr); 
       return token; 
      } 
      finally 
      { 
       if (channel != null) 
       { 
        channel.Abort(); 
       } 

       factory.Abort(); 
      } 
     } 
    } 


private static SecurityToken GetRSTSToken(SecurityToken IdPToken, string RSTSEndpoint, string RPRealm) 
{ 
    var binding = new WS2007FederationHttpBinding(); 
    binding.Security.Message.IssuedKeyType = SecurityKeyType.BearerKey; 
    binding.Security.Message.EstablishSecurityContext = false; 
    binding.Security.Mode = WSFederationHttpSecurityMode.TransportWithMessageCredential; 

    using (var factory = new WSTrustChannelFactory(
      binding, 
      new EndpointAddress(new Uri(RSTSEndpoint)))) 
    { 
     var rst = new RequestSecurityToken 
     { 
      RequestType = WSTrust13Constants.RequestTypes.Issue, 
      AppliesTo = new EndpointAddress(RPRealm), 
      KeyType = WSTrust13Constants.KeyTypes.Bearer, 
     }; 
     factory.Credentials.ServiceCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.None; 
     factory.TrustVersion = TrustVersion.WSTrust13; 
     factory.Credentials.SupportInteractive = false; 
     factory.ConfigureChannelFactory(); 


     var channel = factory.CreateChannelWithIssuedToken(IdPToken); 
     RequestSecurityTokenResponse rstr; 
     SecurityToken token = channel.Issue(rst, out rstr); 
     return token; 
    } 
}

我得到這個錯誤: 所述響應消息不匹配的結合(應用/肥皂+ XML的內容類型的內容類型text/html;字符集= utf-8) 什麼是我的代碼worng? 在此先感謝

來源

2013-05-02 user1551454

+0

嘗試在Thinktecture.IdentityModel中使用WSTrust-Bindings - 例如對於第二跳使用IssuedTokenWSTrustBinding。 – leastprivilege 2013-05-05 14:49:06

+0

如果我使用IssuedTokenWSTrustBinding,我得到錯誤: 的簽署標記通用XML標記: validFrom:2013年5月5日14時51分22秒 validTo:2013年5月5日十五點51分22秒 InternalTokenReference:SamlAssertionKeyIdentifierClause(AssertionId ='_29979767-107a-4c16-b59b-4a9462edfea3') ExternalTokenReference:SamlAssertionKeyIdentifierClause(AssertionId ='_29979767-107a-4c16-b59b-4a9462edfea3') 令牌元素:(EncryptedData,http://www.w3.org/2001/04/xmlenc#) 沒有密鑰。安全令牌用於上下文中,要求它執行加密操作,但該令牌不包含加密密鑰... – user1551454 2013-05-05 14:55:45

回答

2

ADFS不支持其聯合會節點上的承載令牌。換句話說,在你的第一跳上,你需要在RST上指定一個KeyTypes.Symmetric。

來源

2013-05-06 06:33:53 leastprivilege

+1

謝謝!我改變密鑰類型,現在它工作 – user1551454 2013-05-06 08:28:03

相關問題

 相關問題