我正在尝试将Django应用连接到AD FS。注意:所有域名均使用伪造/内部名称
我可以正常登录(/adfs/ls/idpinitiatedSignOn.aspx
)但未与应用集成后]
使用的连接器库:django-saml2-auth https://github.com/fangli/django-saml2-auth
当我尝试登录时,我被重定向到
https://win-sh2hfr5t2r9.dtest.com/adfs/ls/?SAMLRequest=nZLNTsMwEIRfJfI9cWL112oqFaqKSAWiJlQVF%2BQmLrGU2MW7Ke3b46TAgUMP3Lzrmc%2BzK880hHzRYqU38qOVgN65qTVw145JazU3ApQrRSOBY8GzxeOasyDkR2vQFKYmv4botkEASIvKaOItfo73RkPbSJtJe1KFfNmsY1IhHjml0ZQF0WgSRMGYTyIKoqnZm3BBqSiAEm%2FpsiotOsrVA870qbQPFasOdojMToMSnSooTENFeQBad8ZkGRNV%2Bsddyvan1R522TjfnjcuVgLQykQDCo0xYSEL%2FZD5bJJHQz4Y8cH0lXjp99h3SpdKv98eeX8VAX%2FI89RPn7OceFtpoc%2FsBGQ%2Bc2vj%2FbvWWxnbCLxN7Dou%2FKGXcqlR4YV4tOOE%2FMldJsvU1Kq4%2FIOGVmhQjtkD6d%2BPMf8C
下面的AD FS错误日志
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="AD FS" Guid="{2FFB687A-1571-4ACE-8550-47AB5CCAE2BC}" />
<EventID>364</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000001</Keywords>
<TimeCreated SystemTime="2020-02-28T16:10:03.589483500Z" />
<EventRecordID>63</EventRecordID>
<Correlation ActivityID="{00000000-0000-0000-9500-0080010000D0}" />
<Execution ProcessID="4064" ThreadID="3820" />
<Channel>AD FS/Admin</Channel>
<Computer>WIN-SH2HFR5T2R9.dtest.com</Computer>
<Security UserID="S-1-5-21-2884057814-3114364144-2287182707-1113" />
</System>
<UserData>
<Event xmlns="http://schemas.microsoft.com/ActiveDirectoryFederationServices/2.0/Events">
<EventData>
<Data />
<Data />
<Data>System.Xml.XmlException: ID4125: An error occurred reading XML data. ---> System.ArgumentNullException: Value cannot be null. Parameter name: value at Microsoft.IdentityModel.Tokens.Saml2.Saml2NameIdentifier.set_Value(String value) at Microsoft.IdentityModel.Tokens.Saml2.Saml2SecurityTokenHandler.ReadNameIDType(XmlReader reader) --- End of inner exception stack trace --- at Microsoft.IdentityModel.Tokens.Saml2.Saml2SecurityTokenHandler.ReadNameIDType(XmlReader reader) at Microsoft.IdentityServer.Protocols.Saml.Saml2AssertionSerializer.ReadIssuer(XmlReader reader) at Microsoft.IdentityServer.Protocols.Saml.SamlProtocolSerializer.ReadCommonElements(XmlReader reader, SamlMessage message) at Microsoft.IdentityServer.Protocols.Saml.SamlProtocolSerializer.ReadAuthnRequest(XmlReader reader) at Microsoft.IdentityServer.Protocols.Saml.HttpSamlBindingSerializer.ReadProtocolMessage(String encodedSamlMessage) at Microsoft.IdentityServer.Protocols.Saml.HttpSamlBindingSerializer.CreateFromNameValueCollection(Uri baseUrl, NameValueCollection collection) at Microsoft.IdentityServer.Protocols.Saml.HttpRedirectSamlBindingSerializer.ReadMessage(Uri requestUrl, NameValueCollection form) at Microsoft.IdentityServer.Web.Protocols.Saml.HttpSamlMessageFactory.CreateMessage(WrappedHttpListenerRequest httpRequest) at Microsoft.IdentityServer.Web.Protocols.Saml.SamlContextFactory.CreateProtocolContextFromRequest(WrappedHttpListenerRequest request, ProtocolContext& protocolContext) at Microsoft.IdentityServer.Web.Protocols.Saml.SamlProtocolHandler.CreateProtocolContext(WrappedHttpListenerRequest request) at Microsoft.IdentityServer.Web.PassiveProtocolListener.GetProtocolHandler(WrappedHttpListenerRequest request, ProtocolContext& protocolContext, PassiveProtocolHandler& protocolHandler) at Microsoft.IdentityServer.Web.PassiveProtocolListener.OnGetContext(WrappedHttpListenerContext context) System.ArgumentNullException: Value cannot be null. Parameter name: value at Microsoft.IdentityModel.Tokens.Saml2.Saml2NameIdentifier.set_Value(String value) at Microsoft.IdentityModel.Tokens.Saml2.Saml2SecurityTokenHandler.ReadNameIDType(XmlReader reader)</Data>
</EventData>
</Event>
</UserData>
</Event>
问题似乎出在您的服务提供商元数据上。检查您的实体ID,名称ID格式和安全性数组是否正确。由于日志表明问题出在您的xml数据上,因此IDP和SP端存在一些不匹配。