1. Zuhause
  2. Frage und Antwort
  3. ADFS 3.0 Abmelden mit Drupal 8 Samlauth

ADFS 3.0 Abmelden mit Drupal 8 Samlauth

2017-08-25 5 views
0

Derzeit versuche ich die Signout-Funktionalität zu implementieren, aber ich kann es nicht zum Laufen bringen. Ich bin mir ziemlich sicher, dass es etwas einfach fehlt mir ..ADFS 3.0 Abmelden mit Drupal 8 Samlauth

Dies ist die Abmeldeanforderung ich zum ADFS-Server sende:

<samlp:LogoutRequest" 
    xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" 
    xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" 
    ID="ONELOGIN_2728cdbd1adc8c59faf3c4312b8fec6d18914f9b" 
    Version="2.0" 
    IssueInstant="2017-08-23T09:37:56Z" 
    Destination="https://adfs.client.nl/adfs/ls/">" 
    <saml:Issuer>https://t-client-portal-cms.company.nl</saml:Issuer>" 
    <saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">[email protected]client.nl</saml:NameID>" 
    <samlp:SessionIndex>_7e271faa-209f-4f23-a5f6-56feaadc5f59</samlp:SessionIndex>" 
</samlp:LogoutRequest>

Die Fehler, die wir in den ADFS Fehlerprotokolle werden immer die folgenden :

Log Name:  AD FS Tracing/Debug 
Source:  AD FS Tracing 
Date:   8/23/2017 10:18:09 AM 
Event ID:  47 
Task Category: None 
Level:   Error 
Keywords:  ADFSSamlProtocol 
User:   ADS\sa_adfs 
Computer:  ADFS02.ads.local 
Description: 
Microsoft.IdentityServer.Protocols.Saml.SamlProtocolSignatureVerificationException: MSIS7074: SAML authentication request for the WebSSO profile must specify an issuer with no NameQualifier, SPNameQualifier or SPProvidedId properties. 
    at Microsoft.IdentityServer.Web.Protocols.Saml.SamlProtocolManager.ValidateSignatureRequirements(SamlMessage samlMessage) 
    at Microsoft.IdentityServer.Web.Protocols.Saml.SamlProtocolManager.Logout(HttpSamlMessage logoutMessage, String sessionState, String logoutState, Boolean partialLogout, Boolean isUrlTranslationNeeded, HttpSamlMessage& newLogoutMessage, String& newSessionState, String& newLogoutState, Boolean& validLogoutRequest) 
Event Xml: 
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> 
    <System> 
    <Provider Name="AD FS Tracing" Guid="{0457a490-4d4d-4a5b-b639-35382f1b6709}" /> 
    <EventID>47</EventID> 
    <Version>0</Version> 
    <Level>2</Level> 
    <Task>0</Task> 
    <Opcode>0</Opcode> 
    <Keywords>0x8000000000000200</Keywords> 
    <TimeCreated SystemTime="2017-08-23T08:18:09.569879000Z" /> 
    <EventRecordID>37</EventRecordID> 
    <Correlation ActivityID="{00000000-0000-0000-EF4F-0080010000B4}" /> 
    <Execution ProcessID="3320" ThreadID="3484" ProcessorID="0" KernelTime="0" UserTime="18" /> 
    <Channel>AD FS Tracing/Debug</Channel> 
    <Computer>ADFS02.ads.local</Computer> 
    <Security UserID="S-1-5-21-2632700421-2392467594-2672111853-48213" /> 
    </System> 
    <UserData> 
    <Event xmlns="http://schemas.microsoft.com/ActiveDirectoryFederationServices/2.0/Events"> 
     <EventData>Microsoft.IdentityServer.Protocols.Saml.SamlProtocolSignatureVerificationException: MSIS7074: SAML authentication request for the WebSSO profile must specify an issuer with no NameQualifier, SPNameQualifier or SPProvidedId properties. 
    at Microsoft.IdentityServer.Web.Protocols.Saml.SamlProtocolManager.ValidateSignatureRequirements(SamlMessage samlMessage) 
    at Microsoft.IdentityServer.Web.Protocols.Saml.SamlProtocolManager.Logout(HttpSamlMessage logoutMessage, String sessionState, String logoutState, Boolean partialLogout, Boolean isUrlTranslationNeeded, HttpSamlMessage&amp; newLogoutMessage, String&amp; newSessionState, String&amp; newLogoutState, Boolean&amp; validLogoutRequest)</EventData> 
    </Event> 
    </UserData> 
</Event>

und:

Log Name:  AD FS Tracing/Debug 
Source:  AD FS Tracing 
Date:   8/23/2017 10:18:09 AM 
Event ID:  153 
Task Category: None 
Level:   Error 
Keywords:  ADFSPassivePipeline 
User:   ADS\sa_adfs 
Computer:  ADFS02.ads.local 
Description: 
Exception: MSIS7054: The SAML logout did not complete properly. 
StackTrace: at Microsoft.IdentityServer.Web.Protocols.Saml.SamlProtocolHandler.BuildSamlLogoutResponse(SamlContext samlContext, Boolean partialLogout, Boolean& logoutComplete) 
    at Microsoft.IdentityServer.Web.Protocols.Saml.SamlProtocolHandler.ProcessSignOut(SamlContext samlContext, String redirectUri, List`1 iFrameUris, Boolean partialLogout) 
    at Microsoft.IdentityServer.Web.Protocols.Saml.SamlProtocolHandler.Signout(ProtocolContext context, String redirectUri, List`1 iFrameSignoutUris) 
    at Microsoft.IdentityServer.Web.PassiveProtocolListener.ProcessProtocolSignoutRequest(ProtocolContext protocolContext, PassiveProtocolHandler protocolHandler) 
    at Microsoft.IdentityServer.Web.PassiveProtocolListener.ProcessProtocolRequest(ProtocolContext protocolContext, PassiveProtocolHandler protocolHandler) 
    at Microsoft.IdentityServer.Web.PassiveProtocolListener.OnGetContext(WrappedHttpListenerContext context) 

Event Xml: 
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> 
    <System> 
    <Provider Name="AD FS Tracing" Guid="{0457a490-4d4d-4a5b-b639-35382f1b6709}" /> 
    <EventID>153</EventID> 
    <Version>0</Version> 
    <Level>2</Level> 
    <Task>0</Task> 
    <Opcode>0</Opcode> 
    <Keywords>0x8000000004000000</Keywords> 
    <TimeCreated SystemTime="2017-08-23T08:18:09.569879000Z" /> 
    <EventRecordID>38</EventRecordID> 
    <Correlation ActivityID="{00000000-0000-0000-EF4F-0080010000B4}" /> 
    <Execution ProcessID="3320" ThreadID="3484" ProcessorID="0" KernelTime="0" UserTime="18" /> 
    <Channel>AD FS Tracing/Debug</Channel> 
    <Computer>ADFS02.ads.local</Computer> 
    <Security UserID="S-1-5-21-2632700421-2392467594-2672111853-48213" /> 
    </System> 
    <UserData> 
    <Event xmlns="http://schemas.microsoft.com/ActiveDirectoryFederationServices/2.0/Events"> 
     <EventData>Exception: MSIS7054: The SAML logout did not complete properly. 
StackTrace: at Microsoft.IdentityServer.Web.Protocols.Saml.SamlProtocolHandler.BuildSamlLogoutResponse(SamlContext samlContext, Boolean partialLogout, Boolean&amp; logoutComplete) 
    at Microsoft.IdentityServer.Web.Protocols.Saml.SamlProtocolHandler.ProcessSignOut(SamlContext samlContext, String redirectUri, List`1 iFrameUris, Boolean partialLogout) 
    at Microsoft.IdentityServer.Web.Protocols.Saml.SamlProtocolHandler.Signout(ProtocolContext context, String redirectUri, List`1 iFrameSignoutUris) 
    at Microsoft.IdentityServer.Web.PassiveProtocolListener.ProcessProtocolSignoutRequest(ProtocolContext protocolContext, PassiveProtocolHandler protocolHandler) 
    at Microsoft.IdentityServer.Web.PassiveProtocolListener.ProcessProtocolRequest(ProtocolContext protocolContext, PassiveProtocolHandler protocolHandler) 
    at Microsoft.IdentityServer.Web.PassiveProtocolListener.OnGetContext(WrappedHttpListenerContext context) 
</EventData> 
    </Event> 
    </UserData> 
</Event>

ich verstehe die Fehlermeldungen nicht wir ge sind tting. Kann mir jemand dabei helfen? Was vermisse ich? Was soll ich ändern? Jede Hilfe wird sehr geschätzt.

Quelle

2017-08-25 Maarten Hartman

Antwort

0

Siehe this.

Soll die Anfrage signiert sein?

Ist die NameID die gleiche Person und das gleiche Format wie Login?

Quelle

2017-08-26 21:24:49 nzpcmad

Verwandte Themen

 Verwandte Themen