有人能帮我使用 ADFS 吗?这是我第一次使用它,因为我正在设置 Microsoft Dynamics。我收到以下错误消息:
Encountered error during federation passive request.
Additional Data
Protocol Name:
wsfed
Relying Party:
https://dynamics01.starlighthosting.net:5555/
Exception details:
Microsoft.IdentityServer.RequestFailedException: MSIS7012: An error occurred while processing the request. Contact your administrator for details. ---> Microsoft.IdentityServer.Service.SecurityTokenService.ADAccountValidationException: MSIS3173: Active Directory account validation failed. ---> Microsoft.IdentityServer.ClaimsPolicy.Engine.AttributeStore.Ldap.AttributeStoreDSGetDCFailedException: Exception of type 'Microsoft.IdentityServer.ClaimsPolicy.Engine.AttributeStore.Ldap.AttributeStoreDSGetDCFailedException' was thrown.
at Microsoft.IdentityServer.ClaimsPolicy.Engine.AttributeStore.Ldap.EnterpriseLdapAttributeStore.GetLdapAttributeStoreForDomain(String domainFlatName)
at Microsoft.IdentityServer.ClaimsPolicy.Engine.AttributeStore.Ldap.EnterpriseLdapAttributeStore.ReaderFactory(String userName)
at Microsoft.IdentityServer.ClaimsPolicy.Engine.AttributeStore.Ldap.LdapAttributeStore.BeginExecuteQuery(String query, String[] parameters, AsyncCallback callback, Object state)
at Microsoft.IdentityServer.Service.Configuration.ADAttributeStoreLookupUtility.BeginQuery(String query, String[] queryParameters, AsyncCallback callback, Object state)
at Microsoft.IdentityServer.Service.SecurityTokenService.ADAccountLookup.RetrieveAdAttributes(String query, IEnumerable`1 queryParameters)
--- End of inner exception stack trace ---
at Microsoft.IdentityServer.Service.SecurityTokenService.ADAccountLookup.RetrieveAdAttributes(String query, IEnumerable`1 queryParameters)
at Microsoft.IdentityServer.Service.SecurityTokenService.ADAccountLookup.GetUserUpns(IClaimsIdentity identity)
at Microsoft.IdentityServer.Service.SecurityTokenService.MSISSecurityTokenService.UpdatePrincipalWithUpn(IClaimsPrincipal principal)
at Microsoft.IdentityServer.Service.SecurityTokenService.MSISSecurityTokenService.BeginGetScope(IClaimsPrincipal principal, RequestSecurityToken request, AsyncCallback callback, Object state)
at Microsoft.IdentityModel.SecurityTokenService.SecurityTokenService.BeginIssue(IClaimsPrincipal principal, RequestSecurityToken request, AsyncCallback callback, Object state)
at Microsoft.IdentityServer.Web.WSTrust.SecurityTokenServiceManager.Issue(RequestSecurityToken request, IList`1& identityClaimSet)
at Microsoft.IdentityServer.Web.Protocols.PassiveProtocolHandler.SubmitRequest(MSISRequestSecurityToken request, IList`1& identityClaimCollection)
at Microsoft.IdentityServer.Web.Protocols.PassiveProtocolHandler.RequestBearerToken(MSISRequestSecurityToken signInRequest, Uri& replyTo, IList`1& identityClaimCollection)
at Microsoft.IdentityServer.Web.Protocols.PassiveProtocolHandler.RequestSingleSingOnToken(ProtocolContext context, SecurityToken securityToken, SecurityToken deviceSecurityToken)
at Microsoft.IdentityServer.Web.Protocols.WSFederation.WSFederationProtocolHandler.BuildSsoSecurityToken(WSFederationSignInContext context, SecurityToken securityToken, SecurityToken deviceSecurityToken, SecurityToken& ssoSecurityToken)
at Microsoft.IdentityServer.Web.Protocols.WSFederation.WSFederationProtocolHandler.BuildSignInResponseCoreWithSecurityToken(WSFederationSignInContext context, SecurityToken securityToken, SecurityToken deviceSecurityToken)
at Microsoft.IdentityServer.Web.Protocols.WSFederation.WSFederationProtocolHandler.BuildSignInResponse(WSFederationSignInContext federationPassiveContext, SecurityToken securityToken, SecurityToken deviceSecurityToken)
--- End of inner exception stack trace ---
at Microsoft.IdentityServer.Web.Protocols.WSFederation.WSFederationProtocolHandler.BuildSignInResponse(WSFederationSignInContext federationPassiveContext, SecurityToken securityToken, SecurityToken deviceSecurityToken)
at Microsoft.IdentityServer.Web.Protocols.WSFederation.WSFederationProtocolHandler.Process(ProtocolContext context)
at Microsoft.IdentityServer.Web.PassiveProtocolListener.ProcessProtocolRequest(ProtocolContext protocolContext, PassiveProtocolHandler protocolHandler)
at Microsoft.IdentityServer.Web.PassiveProtocolListener.OnGetContext(WrappedHttpListenerContext context)
Microsoft.IdentityServer.Service.SecurityTokenService.ADAccountValidationException: MSIS3173: Active Directory account validation failed. ---> Microsoft.IdentityServer.ClaimsPolicy.Engine.AttributeStore.Ldap.AttributeStoreDSGetDCFailedException: Exception of type 'Microsoft.IdentityServer.ClaimsPolicy.Engine.AttributeStore.Ldap.AttributeStoreDSGetDCFailedException' was thrown.
at Microsoft.IdentityServer.ClaimsPolicy.Engine.AttributeStore.Ldap.EnterpriseLdapAttributeStore.GetLdapAttributeStoreForDomain(String domainFlatName)
at Microsoft.IdentityServer.ClaimsPolicy.Engine.AttributeStore.Ldap.EnterpriseLdapAttributeStore.ReaderFactory(String userName)
at Microsoft.IdentityServer.ClaimsPolicy.Engine.AttributeStore.Ldap.LdapAttributeStore.BeginExecuteQuery(String query, String[] parameters, AsyncCallback callback, Object state)
at Microsoft.IdentityServer.Service.Configuration.ADAttributeStoreLookupUtility.BeginQuery(String query, String[] queryParameters, AsyncCallback callback, Object state)
at Microsoft.IdentityServer.Service.SecurityTokenService.ADAccountLookup.RetrieveAdAttributes(String query, IEnumerable`1 queryParameters)
--- End of inner exception stack trace ---
at Microsoft.IdentityServer.Service.SecurityTokenService.ADAccountLookup.RetrieveAdAttributes(String query, IEnumerable`1 queryParameters)
at Microsoft.IdentityServer.Service.SecurityTokenService.ADAccountLookup.GetUserUpns(IClaimsIdentity identity)
at Microsoft.IdentityServer.Service.SecurityTokenService.MSISSecurityTokenService.UpdatePrincipalWithUpn(IClaimsPrincipal principal)
at Microsoft.IdentityServer.Service.SecurityTokenService.MSISSecurityTokenService.BeginGetScope(IClaimsPrincipal principal, RequestSecurityToken request, AsyncCallback callback, Object state)
at Microsoft.IdentityModel.SecurityTokenService.SecurityTokenService.BeginIssue(IClaimsPrincipal principal, RequestSecurityToken request, AsyncCallback callback, Object state)
at Microsoft.IdentityServer.Web.WSTrust.SecurityTokenServiceManager.Issue(RequestSecurityToken request, IList`1& identityClaimSet)
at Microsoft.IdentityServer.Web.Protocols.PassiveProtocolHandler.SubmitRequest(MSISRequestSecurityToken request, IList`1& identityClaimCollection)
at Microsoft.IdentityServer.Web.Protocols.PassiveProtocolHandler.RequestBearerToken(MSISRequestSecurityToken signInRequest, Uri& replyTo, IList`1& identityClaimCollection)
at Microsoft.IdentityServer.Web.Protocols.PassiveProtocolHandler.RequestSingleSingOnToken(ProtocolContext context, SecurityToken securityToken, SecurityToken deviceSecurityToken)
at Microsoft.IdentityServer.Web.Protocols.WSFederation.WSFederationProtocolHandler.BuildSsoSecurityToken(WSFederationSignInContext context, SecurityToken securityToken, SecurityToken deviceSecurityToken, SecurityToken& ssoSecurityToken)
at Microsoft.IdentityServer.Web.Protocols.WSFederation.WSFederationProtocolHandler.BuildSignInResponseCoreWithSecurityToken(WSFederationSignInContext context, SecurityToken securityToken, SecurityToken deviceSecurityToken)
at Microsoft.IdentityServer.Web.Protocols.WSFederation.WSFederationProtocolHandler.BuildSignInResponse(WSFederationSignInContext federationPassiveContext, SecurityToken securityToken, SecurityToken deviceSecurityToken)
Microsoft.IdentityServer.ClaimsPolicy.Engine.AttributeStore.Ldap.AttributeStoreDSGetDCFailedException: Exception of type 'Microsoft.IdentityServer.ClaimsPolicy.Engine.AttributeStore.Ldap.AttributeStoreDSGetDCFailedException' was thrown.
at Microsoft.IdentityServer.ClaimsPolicy.Engine.AttributeStore.Ldap.EnterpriseLdapAttributeStore.GetLdapAttributeStoreForDomain(String domainFlatName)
at Microsoft.IdentityServer.ClaimsPolicy.Engine.AttributeStore.Ldap.EnterpriseLdapAttributeStore.ReaderFactory(String userName)
at Microsoft.IdentityServer.ClaimsPolicy.Engine.AttributeStore.Ldap.LdapAttributeStore.BeginExecuteQuery(String query, String[] parameters, AsyncCallback callback, Object state)
at Microsoft.IdentityServer.Service.Configuration.ADAttributeStoreLookupUtility.BeginQuery(String query, String[] queryParameters, AsyncCallback callback, Object state)
at Microsoft.IdentityServer.Service.SecurityTokenService.ADAccountLookup.RetrieveAdAttributes(String query, IEnumerable`1 queryParameters)
提前致谢
答案1
我猜你没有在 AD 中正确定义站点和子网,因此无法到达 DC 来验证凭据