我们的环境中有两台Web服务器,一台SQL服务器和四台ADFS服务器。
SQL Server时间:5.50:48 AM 两个Web服务器时间:5.50:47 AM 一个ADFS服务器时间:5.50:47 AM 其他三个ADFS服务器时间:5.50:46 AM
请在下面找到错误日志中的两个错误
2015-02-16 00:21:02,781 [62] ERROR Default [(null)] - An application error has occurred for the path, '/'
2015-02-16 00:21:02,797 [62] ERROR xxxx.Portal.Data.ErrorReporting.ErrorReporter [(null)] -
Email Address: No Email Address
Application Name: 'myApplication'
Machine Name: 'WebServer2'
Web request details:
UserAgent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_3 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B466 Safari/600.1.4
UserIdentifierCookieValue: ccc.vvv@domain.com
Referrer: https://sts.company.com/adfs/ls/?wa=wsignin1.0&wtrealm=https://xxxx.com/&wctx=rm=0&id=passive&ru=%252f&wct=2015-02-15T15:13:25Z
ApplicationPath: http://xxxx:8443/
Cookies:
__utma: 244632730.1211980567.1420546841.1423835767.1423940503.28
__utmc: 244632730
__utmv: 244632730.|1=userIdentifier=68EV%2F7agw0ewsPGC4eC5e9o4JGfDVxCQNrb4BPZrQ4pdB%2BC1OabuUdvr8aJhI9yV=1^2=culture=en=1^3=platform=mobile=1
__utmz: 244632730.1423940503.28.13.utmcsr=xxxx.com|utmccn=(referral)|utmcmd=referral|utmcct=/login.jspa
_ga: GA1.2.1211980567.1420546841
s_fid: 3FB00DAEBC126B0D-0A2E60498B449CE3
Error Message:
=================
Exception Level 1
=================
Message: ID4223: The SamlSecurityToken is rejected because the SamlAssertion.NotOnOrAfter condition is not satisfied.
NotOnOrAfter: '2/15/2015 4:13:27 PM'
Current time: '2/16/2015 12:21:02 AM'
Data: System.Collections.ListDictionaryInternal
InnerException:
TargetSite:
System.Collections.ObjectModel.ReadOnlyCollection`1[System.Security.Claims.ClaimsIdentity] ValidateToken(System.IdentityModel.Tokens.SecurityToken)
StackTrace: at System.IdentityModel.Tokens.SamlSecurityTokenHandler.ValidateToken(SecurityToken token)
at System.IdentityModel.Tokens.SecurityTokenHandlerCollection.ValidateToken(SecurityToken token)
at System.IdentityModel.Services.TokenReceiver.AuthenticateToken(SecurityToken token, Boolean ensureBearerToken, String endpointUri)
at System.IdentityModel.Services.WSFederationAuthenticationModule.SignInWithResponseMessage(HttpRequestBase request)
at System.IdentityModel.Services.WSFederationAuthenticationModule.OnAuthenticateRequest(Object sender, EventArgs args)
at System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
HelpLink:
Source: System.IdentityModel
HResult: -2146233087
2015-02-16 18:49:33,958 [71] ERROR Default [(null)] - An application error has occurred for the path, '/adfs/ls/'
2015-02-16 19:04:06,837 [54] ERROR Default [(null)] - An application error has occurred for the path, '/robots.txt'
2015-02-16 19:06:35,073 [40] ERROR Default [(null)] - An application error has occurred for the path, '/Microsoft-Server-ActiveSync'
2015-02-16 20:17:08,206 [71] ERROR Default [(null)] - An application error has occurred for the path, '/'
2015-02-16 20:17:08,206 [71] ERROR xxxx.Portal.Data.ErrorReporting.ErrorReporter [(null)] -
Email Address: No Email Address
Application Name: 'myApplication'
Machine Name: 'LO3WPMCLDWEB-4'
Web request details:
UserAgent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36
UserIdentifierCookieValue: ccc.ccc@xxxx.com
Referrer: https://xxxx.com/
ApplicationPath: http://xxxx.com:8443/
Cookies:
s_lv: 1392756755323
_ga: GA1.2.1507533975.1386273074
culture: fr
isSecurityQuestionsOrMobileRegCompleted: false
__utmt: 1
__utma: 244632730.1507533975.1386273074.1424095469.1424095486.535
__utmb: 244632730.13.9.1424117305533
__utmc: 244632730
__utmz: 244632730.1420813097.491.138.utmcsr=sts.xxxx.com|utmccn=(referral)|utmcmd=referral|utmcct=/adfs/ls/
__utmv: 244632730.|1=userIdentifier=7VQPgIcPH0ILdF%2BhUhB5udT08W6f2eDNGFq4Bs986NbeMnlT1RNBTduLchAQo9evy7TMuNHcJN6k60H7wAVzyRcuBj4wIipxzNlfeV1qBlk=1^2=culture=fr=1^3=platform=premium=1
Error Message:
=================
Exception Level 1
=================
Message: ID4223: The SamlSecurityToken is rejected because the SamlAssertion.NotOnOrAfter condition is not satisfied.
NotOnOrAfter: '2/16/2015 3:04:41 PM'
Current time: '2/16/2015 8:17:08 PM'
Data: System.Collections.ListDictionaryInternal
InnerException:
TargetSite:
System.Collections.ObjectModel.ReadOnlyCollection`1[System.Security.Claims.ClaimsIdentity] ValidateToken(System.IdentityModel.Tokens.SecurityToken)
StackTrace: at System.IdentityModel.Tokens.SamlSecurityTokenHandler.ValidateToken(SecurityToken token)
at System.IdentityModel.Tokens.SecurityTokenHandlerCollection.ValidateToken(SecurityToken token)
at System.IdentityModel.Services.TokenReceiver.AuthenticateToken(SecurityToken token, Boolean ensureBearerToken, String endpointUri)
at System.IdentityModel.Services.WSFederationAuthenticationModule.SignInWithResponseMessage(HttpRequestBase request)
at System.IdentityModel.Services.WSFederationAuthenticationModule.OnAuthenticateRequest(Object sender, EventArgs args)
at System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
HelpLink:
Source: System.IdentityModel
HResult: -2146233087
是否发生上述错误,因为ADFS和Web服务器时间未正确同步? (http://www.sharepointpals.com/post/ID4223-The-SamlSecurityToken-is-rejected-because-the-SamlAssertionNotOnOrAfter-Condition-is-not-satisfied-SharePoint-2013-with-ADFS)
如果发生登录错误,我是否需要删除会话令牌cookie? (How to avoid 'SamlAssertion.NotOnOrAfter condition is not satisfied' errors)
请提供步骤,如何重新创建“NotOnOrAfter'错误?
答案 0 :(得分:1)
SAML令牌本身显然是在不久前发布的,现在已经超过了它的生命周期。因此,发出SAML令牌的服务器上的时间是关闭的,或者您使用的是先前获得的SAML断言,该断言不再有效,应首先获得新的断言。