ADFS异常"在EndpointDispatcher"上的AddressFilter不匹配

时间:2014-11-19 11:49:38

标签: .net wcf single-sign-on wif adfs

我已在IP 192.168.0.200的内部网络中配置并运行ADFS 控制台应用程序应该能够从外部网络对此ADFS实例进行身份验证。 为了实现这一点,我已经配置了NAT规则如下: externaldomain.com:9443 - > 192.168.0.200:443

控制台应用程序以这种方式调用ADFS:

    string relyingPartyId = @"https://localhost:8099/";
    string adfsEndpoint = @"https://externaldomain.com:9443/adfs/services/trust/13/usernamemixed";

    var binding2 = new UserNameWSTrustBinding(SecurityMode.TransportWithMessageCredential)
        {
            ClientCredentialType = HttpClientCredentialType.None
        };

        var trustChannelFactory2 = new WSTrustChannelFactory(binding2, new EndpointAddress(adfsEndpoint))
        {
            TrustVersion = TrustVersion.WSTrust13
        };

        var channelCredentials2 = trustChannelFactory2.Credentials;
        channelCredentials2.UserName.UserName = @"user";
        channelCredentials2.UserName.Password = @"password";
        channelCredentials2.SupportInteractive = false;

        var tokenClient2 = (WSTrustChannel)trustChannelFactory2.CreateChannel();

        var rst2 = new RequestSecurityToken(RequestTypes.Issue, KeyTypes.Bearer)
        {
            AppliesTo = new EndpointReference(relyingPartyId),
            ReplyTo = relyingPartyId,
            TokenType = "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0"
        };

        SecurityToken token = tokenClient2.Issue(rst2);

ADFS崩溃异常: "收到To' https://externaldomain.com:9443/adfs/services/trust/13/usernamemixed'的邮件由于EndpointDispatcher上的AddressFilter不匹配,无法在接收器处理。检查发件人和收件人的EndpointAddresses是否一致。"

如果我关掉" usernamemixed"在ADFS配置中 - 它回复正确 - 找不到端点。我假设问题在于adfs WCF端点配置。有人可以建议如何处理吗?

还有一点需要注意,测试Web应用程序(也在外部Web服务器上运行)可以对此adfs实例进行身份验证(使用adfs登录页面),而不会出现任何问题。

0 个答案:

没有答案