我正在尝试使用Microsoft文档here在ADFS中将AD LDS设置为声明提供程序。但我无法使其正常运行。当我为应用程序而不是AD选择LDS选项时,出现以下错误。
发生错误。与管理员联系以获取更多信息
如果我在ADFS服务器的事件查看器中检查错误日志,则可以看到以下详细信息。
Encountered error during federation passive request.
Additional Data
Protocol Name:
OAuthAuthorizationProtocol
Relying Party:
<My-Relying-Party>
Exception details:
Microsoft.IdentityServer.RequestFailedException: No authentication provider could be found that supports the authentication methods specified in the '<My-Identifier>' claims provider trust.
at Microsoft.IdentityServer.Web.Authentication.GlobalAuthenticationPolicyEvaluator.FilterAuthMethodsByAccountStoreV2(ProtocolContext protocolContext, GlobalAuthenticationPolicy& globalPolicy)
at Microsoft.IdentityServer.Web.Authentication.GlobalAuthenticationPolicyEvaluator.EvaluatePolicyV2(IList`1 mappedRequestedAuthMethods, IList`1 mappedRequestedACRAuthProviders, AccessLocation location, ProtocolContext context, HashSet`1 authProvidersInToken, Boolean isOnWiaEndpoint, Boolean& validAuthProvidersInToken)
at Microsoft.IdentityServer.Web.Authentication.AuthenticationPolicyEvaluator.RetrieveFirstStageAuthenticationDomainV2(Boolean& validAuthProvidersInToken)
at Microsoft.IdentityServer.Web.Authentication.AuthenticationPolicyEvaluator.EvaluatePolicy(Boolean& isLastStage, AuthenticationStage& currentStage, Boolean& strongAuthRequried)
at Microsoft.IdentityServer.Web.PassiveProtocolListener.GetAuthMethodsFromAuthPolicyRules(PassiveProtocolHandler protocolHandler, ProtocolContext protocolContext)
at Microsoft.IdentityServer.Web.PassiveProtocolListener.GetAuthenticationMethods(PassiveProtocolHandler protocolHandler, ProtocolContext protocolContext)
at Microsoft.IdentityServer.Web.PassiveProtocolListener.OnGetContext(WrappedHttpListenerContext context)
编辑:
还要注意,添加的声明提供者信任在AD FS管理控制台的GUI中不可见。 使用的服务器是Windows Server 2016数据中心。