我正嘗試使用以下方案編寫控制檯應用程序: 客戶端首先請求來自身份提供者的令牌,然後使用此令牌從一個請求中獲取新令牌資源STS 使用以下鏈接:http://leastprivilege.com/2010/10/28/wif-adfs-2-and-wcfpart-6-chaining-multiple-token-services/活動客戶端 - 使用idp令牌從資源合作伙伴adfs獲取令牌
我管理從Idp獲取令牌,但未管理從資源STS獲取令牌。
這是我的代碼:
string RPRealm = "https://service.contoso.com/";
string RSTSRealm = "http://fsweb.contoso.com/adfs/services/trust";
string IdPstsEndpoint = "https://IdpAdfs.domain.com/adfs/services/trust/13/kerberosmixed";
string RSTSEndpoint = "https://fsweb.contoso.com/adfs/services/trust/13/IssuedTokenMixedSymmetricBasic256";
private static SecurityToken GetIdPToken(string rstsRealm, string IdPstsEndpoint)
{
using (var factory = new WSTrustChannelFactory(
new KerberosWSTrustBinding(SecurityMode.TransportWithMessageCredential),
new EndpointAddress(new Uri(IdPstsEndpoint))))
{
WSTrustChannel channel = null;
factory.TrustVersion = TrustVersion.WSTrust13;
try
{
var rst = new RequestSecurityToken
{
RequestType = WSTrust13Constants.RequestTypes.Issue,
AppliesTo = new EndpointAddress(rstsRealm),
KeyType = WSTrust13Constants.KeyTypes.Bearer,
};
channel = (WSTrustChannel)factory.CreateChannel();
RequestSecurityTokenResponse rstr;
SecurityToken token = channel.Issue(rst, out rstr);
return token;
}
finally
{
if (channel != null)
{
channel.Abort();
}
factory.Abort();
}
}
}
private static SecurityToken GetRSTSToken(SecurityToken IdPToken, string RSTSEndpoint, string RPRealm)
{
var binding = new WS2007FederationHttpBinding();
binding.Security.Message.IssuedKeyType = SecurityKeyType.BearerKey;
binding.Security.Message.EstablishSecurityContext = false;
binding.Security.Mode = WSFederationHttpSecurityMode.TransportWithMessageCredential;
using (var factory = new WSTrustChannelFactory(
binding,
new EndpointAddress(new Uri(RSTSEndpoint))))
{
var rst = new RequestSecurityToken
{
RequestType = WSTrust13Constants.RequestTypes.Issue,
AppliesTo = new EndpointAddress(RPRealm),
KeyType = WSTrust13Constants.KeyTypes.Bearer,
};
factory.Credentials.ServiceCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.None;
factory.TrustVersion = TrustVersion.WSTrust13;
factory.Credentials.SupportInteractive = false;
factory.ConfigureChannelFactory();
var channel = factory.CreateChannelWithIssuedToken(IdPToken);
RequestSecurityTokenResponse rstr;
SecurityToken token = channel.Issue(rst, out rstr);
return token;
}
}
我得到這個錯誤: 所述響應消息不匹配的結合(應用/肥皂+ XML的內容類型的內容類型text/html;字符集= utf-8) 什麼是我的代碼worng? 在此先感謝
嘗試在Thinktecture.IdentityModel中使用WSTrust-Bindings - 例如對於第二跳使用IssuedTokenWSTrustBinding。 – leastprivilege 2013-05-05 14:49:06
如果我使用IssuedTokenWSTrustBinding,我得到錯誤: 的簽署標記通用XML標記: validFrom:2013年5月5日14時51分22秒 validTo:2013年5月5日十五點51分22秒 InternalTokenReference:SamlAssertionKeyIdentifierClause(AssertionId ='_29979767-107a-4c16-b59b-4a9462edfea3') ExternalTokenReference:SamlAssertionKeyIdentifierClause(AssertionId ='_29979767-107a-4c16-b59b-4a9462edfea3') 令牌元素:(EncryptedData,http://www.w3.org/2001/04/xmlenc#) 沒有密鑰。安全令牌用於上下文中,要求它執行加密操作,但該令牌不包含加密密鑰... – user1551454 2013-05-05 14:55:45