我有使用SAML身份验证的应用程序,我们已经在2012 R2计算机上安装了AD FS 3.0。我认为用户确实已通过身份验证,但是随着我的应用程序返回错误,它存在问题,这是我得到的响应标头:
HTTP/1.1 200 OK
Cache-Control: no-cache,no-store
Pragma: no-cache
Content-Length: 5851
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-HTTPAPI/2.0
P3P: CP="ADFS doesn't have P3P policy, please contact your site's admin for more details."
Set-Cookie: MSISAuthenticated=OC8xOC8yMDE1IDI6NTg6MzQgUE0=; path=/adfs; HttpOnly; Secure
Set-Cookie: MSISLoopDetectionCookie=MjAxNS0wOC0xODoxNDo1ODozNFpcMQ==; path=/adfs; HttpOnly; Secure
Date: Tue, 18 Aug 2015 14:58:34 GMT
现在问题出在哪里,据我所知用户确实已通过身份验证,但我的应用程序无法继续。在Google搜索中,我找到了此link,但此KB已安装在ADFS服务器上。我相信由于P3P错误,这是失败的。有什么建议吗?
希望在一个论坛中找到它,对某些人有用:
Run theses commands (this is what ultimately worked):
On TptDevADFS1 (server with ADFS 3 installed).
Used this command file on TptDevADFS1:
SETLOCAL
SET cert_folder=%HOMEPATH%\Documents\Certificates
IF NOT EXIST "%cert_folder%" md "%cert_folder"
SET sdk_folder=C:\Program Files (x86)\Windows Kits\8.1\bin\x64
IF NOT EXIST "%sdk_folder%" ECHO SDK FOLDER %sdk_folder% NOT FOUND.
IF NOT EXIST "%sdk_folder%" EXIT
CD "%sdk_folder%"
echo makecert -r -pe -n "CN=*.TptDev.com" -ss my -sr LocalMachine -eku "1.3.6.1.5.5.7.3.1","1.3.6.1.4.1.311.10.3.12" -len 2048 -sky exchange -e "01/01/2021" "%cert_folder%\TptDev.com_%COMPUTERNAME%_wildcard_exchDocSign.cer"
ENDLOCAL
Resulted in this command and output:
C:\Program Files (x86)\Windows Kits\8.1\bin\x64>makecert -r -pe -n "CN=*.TptDev.com" -ss my -sr LocalMachine -eku "1.3.6.1.5.5.7.3.1","1.3.6.1.4.1.311.10.3.12" -len 2048 -sky exchange -e "01/01/2021" "\Users\Administrator.TPTDEV\Documents\Certificates\TptDev.com_TPTDEVADFS1_wildcard_exchDocSign.cer"
Succeeded
C:\Program Files (x86)\Windows Kits\8.1\bin\x64>
The above command imported the certificate into
(Local Computer) Personal->Certificates (aka as certificate store “My”).
Then browse to certificate file and imported it (with exportable key) to
(Local Computer) Trusted Root Certificate Authorities->Certificates
Export key in Personal store as PFX file with options:
include private key, include all certs in chain, export all extended properties.
Copy file to TptDevCRM1 (Server Dynamics CRM 2015 is installed on).
On TptDevCRM1 (server with Dynamics CRM 2015 installed)
Imported PFX certificate (file) into (Local Computer) Personal->Certificates.
Imported PFX certificate (file) into (Local Computer) Trusted Root Certificate Authorities->Certificates