Question

我通过wsfed获取用户的ADFS详细信息，通过： https://github.com/auth0/passport-wsfed-saml2

我只获得nameID。

metadata.xml（我的服务器地址已替换为http://localhost/app/，它以https运行）：

<?xml version="1.0" encoding="utf-8"?>
<EntityDescriptor ID="_5b6cd05c-a5e3-470d-a2fc-6c6f66633d1b" entityID="http://localhost/app/" xmlns="urn:oasis:names:tc:SAML:2.0:metadata">
    <RoleDescriptor xsi:type="fed:ApplicationServiceType" xmlns:fed="http://docs.oasis-open.org/wsfed/federation/200706" protocolSupportEnumeration="http://docs.oasis-open.org/wsfed/federation/200706" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
        <fed:ClaimTypesRequested>
            <auth:ClaimType Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" Optional="true" xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" />
            <auth:ClaimType Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/role" Optional="true" xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" />
        </fed:ClaimTypesRequested>
        <fed:TargetScopes>
            <EndpointReference xmlns="http://www.w3.org/2005/08/addressing">
                <Address>http://localhost/app/</Address>
            </EndpointReference>
        </fed:TargetScopes>
        <fed:PassiveRequestorEndpoint>
            <EndpointReference xmlns="http://www.w3.org/2005/08/addressing">
                <Address>http://localhost/app/</Address>
            </EndpointReference>
        </fed:PassiveRequestorEndpoint>
    </RoleDescriptor>
</EntityDescriptor>

即使我将“optional”替换为false，它也不会返回任何声明。有人为什么ADFS忽略我的主张？

Answer 1

您是否希望ADFS从＆＃34; ClaimTypesRequested＆＃34;中获取声明？

ADFS的工作方式是声明源自在ADFS中配置的声明规则。

您配置了哪些声明规则？

ADFS忽略了我的声明请求

1 个答案: