我目前正在为客户配置BizTalk 2010作为具有ADFS的Dynamics CRM 2011之间的中间件。
从CRM 2011接收消息到BizTalk完全没问题。
然而另一方面,我将自定义绑定配置为SendPort,似乎无法找到正确的设置来强制执行HTTPS并在ADFS服务上进行身份验证。
我想我需要在sendport中进行设置才能首先在ADFS上进行身份验证,然后对CRM 2011进行身份验证。
非常感谢有关此设置和配置的任何其他信息。
最新的sendport信息和错误:
<?xml version="1.0"?>
<configuration>
<system.serviceModel>
<client>
<remove contract="BizTalk" name="WcfSendPort_Crm" />
<endpoint address="https://crmurl/XRMServices/2011/Organization.svc" behaviorConfiguration="EndpointBehavior" binding="ws2007FederationHttpBinding" bindingConfiguration="ws2007FederationHttpBinding" contract="BizTalk" name="WcfSendPort_Crm" />
</client>
<behaviors>
<endpointBehaviors>
<remove name="EndpointBehavior" />
<behavior name="EndpointBehavior">
<soapProcessing processMessages="false" />
</behavior>
</endpointBehaviors>
</behaviors>
<bindings>
<ws2007FederationHttpBinding>
<clear />
<binding name="ws2007FederationHttpBinding">
<reliableSession enabled="true" />
<security mode="TransportWithMessageCredential">
<message issuedTokenType="http://docs.oasis-open.org/wss/v1.1/wss-v1.1-spec-pr-SAMLTokenProfile-01.html">
<issuer address="https://adfsurl/STS/Active/STS.svc" binding="ws2007HttpBinding" bindingConfiguration="stsBinding">
<identity>
<dns value="STS" />
</identity>
</issuer>
<issuerMetadata address="https://adfsurl/HRGSTS/Active/HRGSTS/mex%22" />
</message>
</security>
</binding>
</ws2007FederationHttpBinding>
</bindings>
</system.serviceModel>
</configuration>
错误:
A message sent to adapter "WCF-Custom" on send port "WcfSendPort_Crm" with URI "https://crmurl/XRMServices/2011/Organization.svc" is suspended.
Error details: System.InvalidOperationException: The channel is configured to use interactive initializer 'System.ServiceModel.Security.InfocardInteractiveChannelInitializer', but the channel was Opened without calling DisplayInitializationUI. Call DisplayInitializationUI before calling Open or other methods on this channel.
Server stack trace:
at System.ServiceModel.Channels.ServiceChannel.ThrowIfInitializationUINotCalled()
at System.ServiceModel.Channels.ServiceChannel.OnOpen(TimeSpan timeout)
at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
Exception rethrown at [0]:
at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
at System.ServiceModel.ICommunicationObject.Open()
at Microsoft.BizTalk.Adapter.Wcf.Runtime.WcfClient`2.GetChannel[TChannel](IBaseMessage bizTalkMessage, ChannelFactory`1& cachedFactory)
at Microsoft.BizTalk.Adapter.Wcf.Runtime.WcfClient`2.SendMessage(IBaseMessage bizTalkMessage)
MessageId: {337CB1AF-1C4A-484A-9CA6-7E0FD3396138}
InstanceID: {FBCDEE5C-8CA2-4C37-87A5-906448C14479}
===
<ws2007HttpBinding>
<clear />
<binding name="ws2007HttpBinding">
<security mode="TransportWithMessageCredential">
<transport clientCredentialType="None"/>
<message clientCredentialType="UserName"
establishSecurityContext="false"/>
</security>
</binding>
</ws2007HttpBinding>
答案 0 :(得分:2)
HTTPS将是Binding,CustomBindingElement,allowInsecureTransport = False
对于ADFS,您可能必须使用Ws2007HttpBinding或在您的自定义绑定中重现其设置,可能将authenticationMode设置为IssuedToken和IssuedTokenParameter,在Issuer地址中设置ADFS地址,绑定ws2007HttpBinding并设置绑定配置。
在此处查看此博客Calling a service with federated identity from BizTalk Server [2009] – Part I
答案 1 :(得分:1)
假设您添加的最后一个片段是在调用STS时使用的绑定,并且这是您在当时添加到machine.config中的位 - 绑定名称应为{{ 1}}而不是stsBinding,因为它应匹配发送端口配置中issuer元素的bindingConfiguration属性中使用的名称。