AD FS 自定义身份验证提供程序没有 return 身份验证方法声明
AD FS custom authentication provider did not return an authentication method claim
我已经为 AD FS MFA 创建了自定义身份验证提供程序。
我在元数据中定义了身份验证方法声明:
public string[] AuthenticationMethods
{
get { return new string[] { "https://schemas.microsoft.com/ws/2012/12/authmethod/otp" }; }
}
我还有一个 TryEndAuthentication 方法(这仅用于实验目的,一旦这部分起作用,我将更改硬编码的 pin):
public IAdapterPresentation TryEndAuthentication(IAuthenticationContext context, IProofData proofData, System.Net.HttpListenerRequest request, out System.Security.Claims.Claim[] claims)
{
claims = null;
IAdapterPresentation result = null;
string pin = proofData.Properties["pin"].ToString();
if (pin == "12345")
{
System.Security.Claims.Claim claim = new System.Security.Claims.Claim("https://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod", "https://schemas.microsoft.com/ws/2012/12/authmethod/otp");
claims = new System.Security.Claims.Claim[] { claim };
}
else
{
result = new AdapterPresentation("Authentication failed.", false);
}
return result;
}
但是当我在我的 AD FS 中部署它时,当我正确登录时它会给我这个错误:
有人知道哪里出了问题吗?
我明白了。 schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod 声明的 URI 应使用 http。不是 https.
你应该改变下面的行
if (pin == "12345")
{
System.Security.Claims.Claim claim = new System.Security.Claims.Claim("https://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod", "https://schemas.microsoft.com/ws/2012/12/authmethod/otp");
claims = new System.Security.Claims.Claim[] { claim };
}
至
if (pin == "12345")
{
System.Security.Claims.Claim claim = new System.Security.Claims.Claim("http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod", "https://schemas.microsoft.com/ws/2012/12/authmethod/otp");
claims = new System.Security.Claims.Claim[] { claim };
}
然后就可以了。
复制示例适配器代码时犯了同样的错误
我已经提交了关于 github 的 https://github.com/MicrosoftDocs/windowsserverdocs/pull/4165 更正,应该很快就会提交。
我已经为 AD FS MFA 创建了自定义身份验证提供程序。
我在元数据中定义了身份验证方法声明:
public string[] AuthenticationMethods
{
get { return new string[] { "https://schemas.microsoft.com/ws/2012/12/authmethod/otp" }; }
}
我还有一个 TryEndAuthentication 方法(这仅用于实验目的,一旦这部分起作用,我将更改硬编码的 pin):
public IAdapterPresentation TryEndAuthentication(IAuthenticationContext context, IProofData proofData, System.Net.HttpListenerRequest request, out System.Security.Claims.Claim[] claims)
{
claims = null;
IAdapterPresentation result = null;
string pin = proofData.Properties["pin"].ToString();
if (pin == "12345")
{
System.Security.Claims.Claim claim = new System.Security.Claims.Claim("https://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod", "https://schemas.microsoft.com/ws/2012/12/authmethod/otp");
claims = new System.Security.Claims.Claim[] { claim };
}
else
{
result = new AdapterPresentation("Authentication failed.", false);
}
return result;
}
但是当我在我的 AD FS 中部署它时,当我正确登录时它会给我这个错误:
有人知道哪里出了问题吗?
我明白了。 schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod 声明的 URI 应使用 http。不是 https.
你应该改变下面的行
if (pin == "12345")
{
System.Security.Claims.Claim claim = new System.Security.Claims.Claim("https://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod", "https://schemas.microsoft.com/ws/2012/12/authmethod/otp");
claims = new System.Security.Claims.Claim[] { claim };
}
至
if (pin == "12345")
{
System.Security.Claims.Claim claim = new System.Security.Claims.Claim("http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod", "https://schemas.microsoft.com/ws/2012/12/authmethod/otp");
claims = new System.Security.Claims.Claim[] { claim };
}
然后就可以了。
复制示例适配器代码时犯了同样的错误我已经提交了关于 github 的 https://github.com/MicrosoftDocs/windowsserverdocs/pull/4165 更正,应该很快就会提交。