Azure B2C达到了'20'的时间限制错误

时间:2018-09-25 13:29:53

标签: saml azure-ad-b2c

我使用Azure B2C作为SAML令牌发行者,使用ADFS作为SAML IdP进行设置。

Application (service provider) -(SAML2)-> B2C (security token service relying party) -(SAML2)-> ADFS (identity provider)

每次我尝试从B2C登录时都会收到以下错误消息(不会进一步进入ADFS):

FatalException

类型'Microsoft.Cpim.StateMachine.EventInstance'的while限制已达到'20'。

在B2C中是什么意思?我在Azure B2C SAML颁发者配置中缺少什么吗?这是我的登录政策

<RelyingParty>
<DefaultUserJourney ReferenceId="SignUpOrSignInFmdClient" />
<UserJourneyBehaviors>
  <SingleSignOn Scope="Application" />
      <SessionExpiryType>Absolute</SessionExpiryType>
  <SessionExpiryInSeconds>900</SessionExpiryInSeconds>
  <JourneyInsights TelemetryEngine="ApplicationInsights" InstrumentationKey="4f5ac312-eb9d-4395-b89d-ec6a6095b23e" DeveloperMode="true" ClientEnabled="false" ServerEnabled="true" TelemetryVersion="1.0.0" />
</UserJourneyBehaviors>
<TechnicalProfile Id="PolicyProfile">
  <DisplayName>PolicyProfile</DisplayName>
  <Protocol Name="SAML2" />

  <Metadata>
    <Item Key="PartnerEntity"><![CDATA[
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" entityID="urn:itfoxtec:identity:saml2:testwebapp" validUntil="2026-12-27T23:42:22.079Z" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<md:SPSSODescriptor WantAssertionsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</md:NameIDFormat>
<md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location=https://localhost:8080" index="0" isDefault="true"/> </md:SPSSODescriptor> </md:EntityDescriptor>
]]>
    </Item>
    <Item Key="KeyEncryptionMethod">Rsa15</Item>
    <Item Key="DataEncryptionMethod">Aes256</Item>
    <Item Key="XmlSignatureAlgorithm">Sha256</Item>
  </Metadata>

  <OutputClaims>
    <OutputClaim ClaimTypeReferenceId="socialIdpUserId" />
    <OutputClaim ClaimTypeReferenceId="IdpUserGroups" />
    <OutputClaim ClaimTypeReferenceId="IdpUserName"/>        
    <OutputClaim ClaimTypeReferenceId="identityProvider" />
    <OutputClaim ClaimTypeReferenceId="userPrincipalName" PartnerClaimType="userPrincipalName" />
    <OutputClaim ClaimTypeReferenceId="objectId"/>
  </OutputClaims>

  <!-- <SubjectNamingInfo ClaimType="userPrincipalName" /> -->
  <!-- <SubjectNamingInfo ClaimType="http://schemas.microsoft.com/identity/claims/objectidentifier" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" ExcludeAsClaim="true"/> -->
  <SubjectNamingInfo ClaimType="userPrincipalName" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" ExcludeAsClaim="false"/>
</TechnicalProfile>

这是我发送的Saml Auth请求:

<samlp:AuthnRequest 
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" 
ID="_b2d1a96864951d1d555e" 
Version="2.0" 
IssueInstant="2018-09-25T13:13:35.125Z" 
ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" 
AssertionConsumerServiceURL="https://localhost:5000/auth/login" 
Destination="https://login.microsoftonline.com    /te/fmdclientsandbox.onmicrosoft.com/B2C_1A_SignUpOrSignInFmdClient/samlp/sso/login">
    <saml:Issuer     xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">21d60a4b-6e33-4e22-b618-586882744560</saml:Issuer>
<samlp:NameIDPolicy xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" AllowCreate="true"/>
<samlp:RequestedAuthnContext xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" Comparison="exact">
    <saml:AuthnContextClassRef xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">http://schemas.microsoft.com/ws/2008/06/identity/authenticationmethod/windows</saml:AuthnContextClassRef>
</samlp:RequestedAuthnContext>

`

这是App Insights捕获的来自B2C的更详细的错误消息{ ""Kind"": ""Action"", ""Content"": ""Web.TPEngine.StateMachineHandlers.WarningExceptionTraceHandler"" }, { ""Kind"": ""HandlerResult"", ""Content"": { ""Result"": true } }, { ""Kind"": ""Action"", ""Content"": ""Web.TPEngine.SSO.SSOSessionEndHandler"" }, { ""Kind"": ""HandlerResult"", ""Content"": { ""Result"": true } }, { ""Kind"": ""Action"", ""Content"": ""Web.TPEngine.StateMachineHandlers.SendErrorHandler"" }, { ""Kind"": ""HandlerResult"", ""Content"": { ""Result"": true, ""PredicateResult"": ""True"" } }, { ""Kind"": ""Transition"", ""Content"": { ""EventName"": ""Global"", ""StateName"": ""Microsoft.Cpim.Common.PolicyException"" } }, { ""Kind"": ""Predicate"", ""Content"": ""Web.TPEngine.StateMachineHandlers.NoOpHandler"" }, { ""Kind"": ""HandlerResult"", ""Content"": { ""Result"": true, ""PredicateResult"": ""True"" } }, { ""Kind"": ""Action"", ""Content"": ""Web.TPEngine.StateMachineHandlers.WarningExceptionTraceHandler"" }, { ""Kind"": ""HandlerResult"", ""Content"": { ""Result"": true } }, { ""Kind"": ""Action"", ""Content"": ""Web.TPEngine.SSO.SSOSessionEndHandler"" }, { ""Kind"": ""HandlerResult"", ""Content"": { ""Result"": true } }, { ""Kind"": ""Action"", ""Content"": ""Web.TPEngine.StateMachineHandlers.SendErrorHandler"" }, { ""Kind"": ""HandlerResult"", ""Content"": { ""Result"": true, ""PredicateResult"": ""True"" } }, { ""Kind"": ""FatalException"", ""Content"": { ""Time"": ""1:50 PM"", ""Exception"": { ""Kind"": ""Handled"", ""HResult"": ""80131500"", ""Message"": ""The while limit of '20' has been reached for type 'Microsoft.Cpim.StateMachine.EventInstance'. ; Diagnostics="", ""Data"": { ""Event"": ""Global"", ""MachineDefinition"": """", ""StateTable"": """", ""Limit"": ""20"", ""ProcessingHistory"": ""Event:AUTH->Event:PreStep->Event:Global->Event:Global->Event:Global->Event:Global->Event:Global->Event:Global->Event:Global->Event:Global->Event:Global->Event:Global->Event:Global->Event:Global->Event:Global->Event:Global->Event:Global->Event:Global->Event:Global->Event:Global"" } } } }

0 个答案:

没有答案