无法找到“Microsoft.IdentityModel.Tokens.Saml2.Saml2SecurityToken”令牌的令牌身份验证器

Question

我正在尝试使用WS2007HttpRelayBinding，并将端到端安全模式设置为TransportWithMessageCredential。我使用IssuedToken作为凭据类型。我从一个调用服务的ADFS 2.0获取令牌我在内部wcf跟踪日志中获得以下内容

无法找到“Microsoft.IdentityModel.Tokens.Saml2.Saml2SecurityToken”令牌类型的令牌身份验证器。根据当前的安全设置，不能接受该类型的标记。

更新：
这就是我配置服务主机的方式

ServiceConfiguration serviceConfiguration = new ServiceConfiguration();

            serviceConfiguration.ServiceCertificate = GetServiceCertificateWithPrivateKey();


            serviceConfiguration.CertificateValidationMode = X509CertificateValidationMode.None;


            serviceConfiguration.IssuerNameRegistry = new X509IssuerNameRegistry("localhost");


            serviceConfiguration.SaveBootstrapTokens = true;


            serviceConfiguration.SecurityTokenHandlers.AddOrReplace(new Saml2SecurityTokenHandler());


            serviceConfiguration.SecurityTokenHandlers.Configuration.AudienceRestriction.AllowedAudienceUris.Add(new Uri("https://mynamespace.servicebus.windows.net/Service1/"));



            FederatedServiceCredentials.ConfigureServiceHost(host, serviceConfiguration);

            host.Open();

Answer 1

您可以验证是否已添加Microsoft.IdentityModel.Tokens.Saml2.Saml2SecurityTokenHandler

  <securityTokenHandlers>
    <add type="Microsoft.IdentityModel.Tokens.Saml2.Saml2SecurityTokenHandler" />
  </securityTokenHandlers>

编辑：还要确保验证证书配置。

编辑：也许这也有助于MSDN WCF forums

Answer 2

绑定安全元素设置为查找SAML 1.1令牌。在构造'CustomBinding'元素

之后，我将以下代码添加到服务器

IssuedSecurityTokenParameters issuedTokenParameters = 
            myBinding.Elements.Find<TransportSecurityBindingElement>().EndpointSupportingTokenParameters.Endorsing[0] as IssuedSecurityTokenParameters;
        issuedTokenParameters.TokenType = "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0";

Answer 3

Alexey的答案非常适合web.config / app.config修改。除此之外，您还可以在代码中配置令牌处理程序（来自How to: Authenticate with a Username and Password to a WCF Service Protected by ACS article的示例）：

//
// This must be called after all WCF settings are set on the service host so the
// Windows Identity Foundation token handlers can pick up the relevant settings.
//
ServiceConfiguration serviceConfiguration = new ServiceConfiguration();
serviceConfiguration.CertificateValidationMode = X509CertificateValidationMode.None;

// Accept ACS signing certificate as Issuer.
serviceConfiguration.IssuerNameRegistry = new X509IssuerNameRegistry( GetAcsSigningCertificate().SubjectName.Name );

// Add the SAML 2.0 token handler.
serviceConfiguration.SecurityTokenHandlers.AddOrReplace( new Saml2SecurityTokenHandler() );