none
SAML Claim ADFS Event ID 364 and 184 RRS feed

  • Общие обсуждения

  • Добрый день всем!!!!Настроил для веб приложения SharePoint 2010 SAML при помощи AD FS2.

    При входе на сайт https://tshp1/sites/gor     пишет Error: Access Denied

    Если использую NTLM то захожу на сайт без проблем

    В логах на AD FS есть ошибки Event ID 364  and 184


    Log Name:      AD FS 2.0/Admin
    Source:        AD FS 2.0
    Date:          7/5/2012 3:26:19 PM
    Event ID:      364
    Task Category: None
    Level:         Error
    Keywords:      AD FS
    User:          NETWORK SERVICE
    Computer:      ADFS1
    Description:
    Encountered error during federation passive request.

    Additional Data

    Exception details:
    Microsoft.IdentityServer.Web.InvalidScopeException: MSIS7007: The requested relying party trust 'urn:tshp1:sharepoint' is unspecified or unsupported. If a relying party trust was specified, it is possible that you do not have permission to access the trust relying party. Contact your administrator for details.
       at Microsoft.IdentityServer.Web.FederationPassiveAuthentication.SubmitRequest(MSISRequestSecurityToken request)
       at Microsoft.IdentityServer.Web.FederationPassiveAuthentication.RequestBearerToken(MSISSignInRequestMessage signInRequest, SecurityTokenElement onBehalfOf, SecurityToken primaryAuthToken, String desiredTokenType, Uri& replyTo)
       at Microsoft.IdentityServer.Web.FederationPassiveAuthentication.RequestBearerToken(MSISSignInRequestMessage signInRequest, SecurityTokenElement onBehalfOf, SecurityToken primaryAuthToken, String desiredTokenType, MSISSession& session)
       at Microsoft.IdentityServer.Web.FederationPassiveAuthentication.BuildSignInResponseCoreWithSerializedToken(String signOnToken, WSFederationMessage incomingMessage)
       at Microsoft.IdentityServer.Web.FederationPassiveAuthentication.BuildSignInResponseCoreWithSecurityToken(SecurityToken securityToken, WSFederationMessage incomingMessage)
       at Microsoft.IdentityServer.Web.FederationPassiveAuthentication.BuildSignInResponseForProtocolRequest(FederationPassiveContext federationPassiveContext, SecurityToken securityToken)
       at Microsoft.IdentityServer.Web.FederationPassiveAuthentication.BuildSignInResponse(SecurityToken securityToken)


    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="AD FS 2.0" Guid="{20E25DDB-09E5-404B-8A56-EDAE2F12EE81}" />
        <EventID>364</EventID>
        <Version>0</Version>
        <Level>2</Level>
        <Task>0</Task>
        <Opcode>0</Opcode>
        <Keywords>0x8000000000000001</Keywords>
        <TimeCreated SystemTime="2012-07-05T11:26:19.249383600Z" />
        <EventRecordID>69</EventRecordID>
        <Correlation ActivityID="{DB62BFC0-8C8B-4DD3-B24B-4B79FA0A294C}" />
        <Execution ProcessID="1696" ThreadID="1240" />
        <Channel>AD FS 2.0/Admin</Channel>
        <Computer>ADFS1</Computer>
        <Security UserID="S-1-5-20" />
      </System>
      <UserData>
        <Event xmlns:auto-ns2="http://schemas.microsoft.com/win/2004/08/events" xmlns="http://schemas.microsoft.com/ActiveDirectoryFederationServices/2.0/Events">
          <EventData>
            <Data>Microsoft.IdentityServer.Web.InvalidScopeException: MSIS7007: The requested relying party trust 'urn:tshp1:sharepoint' is unspecified or unsupported. If a relying party trust was specified, it is possible that you do not have permission to access the trust relying party. Contact your administrator for details.
       at Microsoft.IdentityServer.Web.FederationPassiveAuthentication.SubmitRequest(MSISRequestSecurityToken request)
       at Microsoft.IdentityServer.Web.FederationPassiveAuthentication.RequestBearerToken(MSISSignInRequestMessage signInRequest, SecurityTokenElement onBehalfOf, SecurityToken primaryAuthToken, String desiredTokenType, Uri&amp; replyTo)
       at Microsoft.IdentityServer.Web.FederationPassiveAuthentication.RequestBearerToken(MSISSignInRequestMessage signInRequest, SecurityTokenElement onBehalfOf, SecurityToken primaryAuthToken, String desiredTokenType, MSISSession&amp; session)
       at Microsoft.IdentityServer.Web.FederationPassiveAuthentication.BuildSignInResponseCoreWithSerializedToken(String signOnToken, WSFederationMessage incomingMessage)
       at Microsoft.IdentityServer.Web.FederationPassiveAuthentication.BuildSignInResponseCoreWithSecurityToken(SecurityToken securityToken, WSFederationMessage incomingMessage)
       at Microsoft.IdentityServer.Web.FederationPassiveAuthentication.BuildSignInResponseForProtocolRequest(FederationPassiveContext federationPassiveContext, SecurityToken securityToken)
       at Microsoft.IdentityServer.Web.FederationPassiveAuthentication.BuildSignInResponse(SecurityToken securityToken)

    </Data>
          </EventData>
        </Event>
      </UserData>
    </Event>



    -------------------------------


    Log Name:      AD FS 2.0/Admin
    Source:        AD FS 2.0
    Date:          7/5/2012 3:26:19 PM
    Event ID:      184
    Task Category: None
    Level:         Error
    Keywords:      AD FS
    User:          NETWORK SERVICE
    Computer:      ADFS1
    Description:
    A token request was received for a relying party identified by the key 'urn:tshp1:sharepoint', but the request could not be fulfilled because the key does not identify any known relying party trust.
    Key: urn:tshp1:sharepoint

    This request failed.

    User Action
    If this key represents a URI for which a token should be issued, verify that its prefix matches the relying party trust that is configured in the AD FS configuration database.
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="AD FS 2.0" Guid="{20E25DDB-09E5-404B-8A56-EDAE2F12EE81}" />
        <EventID>184</EventID>
        <Version>0</Version>
        <Level>2</Level>
        <Task>0</Task>
        <Opcode>0</Opcode>
        <Keywords>0x8000000000000001</Keywords>
        <TimeCreated SystemTime="2012-07-05T11:26:19.246462500Z" />
        <EventRecordID>68</EventRecordID>
        <Correlation ActivityID="{DB62BFC0-8C8B-4DD3-B24B-4B79FA0A294C}" />
        <Execution ProcessID="3332" ThreadID="2568" />
        <Channel>AD FS 2.0/Admin</Channel>
        <Computer>ADFS1</Computer>
        <Security UserID="S-1-5-20" />
      </System>
      <UserData>
        <Event xmlns:auto-ns2="http://schemas.microsoft.com/win/2004/08/events" xmlns="http://schemas.microsoft.com/ActiveDirectoryFederationServices/2.0/Events">
          <EventData>
            <Data>urn:tshp1:sharepoint</Data>
          </EventData>
        </Event>
      </UserData>
    </Event>

    --------------------------------

    Error: Access Denied

    Current User
    You are currently signed in as:user @domain.local
     

    Как победить данную проблему?






    5 июля 2012 г. 11:37

Все ответы

  • Добрый день всем!!!!Настроил для веб приложения SharePoint 2010 SAML при помощи AD FS2.

    При входе на сайт https://tshp1/sites/gor     пишет Error: Access Denied

    Если использую NTLM то захожу на сайт без проблем

    В логах на AD FS есть ошибки Event ID 364  and 184


    Log Name:      AD FS 2.0/Admin
    Source:        AD FS 2.0
    Date:          7/5/2012 3:26:19 PM
    Event ID:      364
    Task Category: None
    Level:         Error
    Keywords:      AD FS
    User:          NETWORK SERVICE
    Computer:      ADFS1
    Description:
    Encountered error during federation passive request.

    Additional Data

    Exception details:
    Microsoft.IdentityServer.Web.InvalidScopeException: MSIS7007: The requested relying party trust 'urn:tshp1:sharepoint' is unspecified or unsupported. If a relying party trust was specified, it is possible that you do not have permission to access the trust relying party. Contact your administrator for details.
       at Microsoft.IdentityServer.Web.FederationPassiveAuthentication.SubmitRequest(MSISRequestSecurityToken request)
       at Microsoft.IdentityServer.Web.FederationPassiveAuthentication.RequestBearerToken(MSISSignInRequestMessage signInRequest, SecurityTokenElement onBehalfOf, SecurityToken primaryAuthToken, String desiredTokenType, Uri& replyTo)
       at Microsoft.IdentityServer.Web.FederationPassiveAuthentication.RequestBearerToken(MSISSignInRequestMessage signInRequest, SecurityTokenElement onBehalfOf, SecurityToken primaryAuthToken, String desiredTokenType, MSISSession& session)
       at Microsoft.IdentityServer.Web.FederationPassiveAuthentication.BuildSignInResponseCoreWithSerializedToken(String signOnToken, WSFederationMessage incomingMessage)
       at Microsoft.IdentityServer.Web.FederationPassiveAuthentication.BuildSignInResponseCoreWithSecurityToken(SecurityToken securityToken, WSFederationMessage incomingMessage)
       at Microsoft.IdentityServer.Web.FederationPassiveAuthentication.BuildSignInResponseForProtocolRequest(FederationPassiveContext federationPassiveContext, SecurityToken securityToken)
       at Microsoft.IdentityServer.Web.FederationPassiveAuthentication.BuildSignInResponse(SecurityToken securityToken)


    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="AD FS 2.0" Guid="{20E25DDB-09E5-404B-8A56-EDAE2F12EE81}" />
        <EventID>364</EventID>
        <Version>0</Version>
        <Level>2</Level>
        <Task>0</Task>
        <Opcode>0</Opcode>
        <Keywords>0x8000000000000001</Keywords>
        <TimeCreated SystemTime="2012-07-05T11:26:19.249383600Z" />
        <EventRecordID>69</EventRecordID>
        <Correlation ActivityID="{DB62BFC0-8C8B-4DD3-B24B-4B79FA0A294C}" />
        <Execution ProcessID="1696" ThreadID="1240" />
        <Channel>AD FS 2.0/Admin</Channel>
        <Computer>ADFS1</Computer>
        <Security UserID="S-1-5-20" />
      </System>
      <UserData>
        <Event xmlns:auto-ns2="http://schemas.microsoft.com/win/2004/08/events" xmlns="http://schemas.microsoft.com/ActiveDirectoryFederationServices/2.0/Events">
          <EventData>
            <Data>Microsoft.IdentityServer.Web.InvalidScopeException: MSIS7007: The requested relying party trust 'urn:tshp1:sharepoint' is unspecified or unsupported. If a relying party trust was specified, it is possible that you do not have permission to access the trust relying party. Contact your administrator for details.
       at Microsoft.IdentityServer.Web.FederationPassiveAuthentication.SubmitRequest(MSISRequestSecurityToken request)
       at Microsoft.IdentityServer.Web.FederationPassiveAuthentication.RequestBearerToken(MSISSignInRequestMessage signInRequest, SecurityTokenElement onBehalfOf, SecurityToken primaryAuthToken, String desiredTokenType, Uri&amp; replyTo)
       at Microsoft.IdentityServer.Web.FederationPassiveAuthentication.RequestBearerToken(MSISSignInRequestMessage signInRequest, SecurityTokenElement onBehalfOf, SecurityToken primaryAuthToken, String desiredTokenType, MSISSession&amp; session)
       at Microsoft.IdentityServer.Web.FederationPassiveAuthentication.BuildSignInResponseCoreWithSerializedToken(String signOnToken, WSFederationMessage incomingMessage)
       at Microsoft.IdentityServer.Web.FederationPassiveAuthentication.BuildSignInResponseCoreWithSecurityToken(SecurityToken securityToken, WSFederationMessage incomingMessage)
       at Microsoft.IdentityServer.Web.FederationPassiveAuthentication.BuildSignInResponseForProtocolRequest(FederationPassiveContext federationPassiveContext, SecurityToken securityToken)
       at Microsoft.IdentityServer.Web.FederationPassiveAuthentication.BuildSignInResponse(SecurityToken securityToken)

    </Data>
          </EventData>
        </Event>
      </UserData>
    </Event>



    -------------------------------


    Log Name:      AD FS 2.0/Admin
    Source:        AD FS 2.0
    Date:          7/5/2012 3:26:19 PM
    Event ID:      184
    Task Category: None
    Level:         Error
    Keywords:      AD FS
    User:          NETWORK SERVICE
    Computer:      ADFS1
    Description:
    A token request was received for a relying party identified by the key 'urn:tshp1:sharepoint', but the request could not be fulfilled because the key does not identify any known relying party trust.
    Key: urn:tshp1:sharepoint

    This request failed.

    User Action
    If this key represents a URI for which a token should be issued, verify that its prefix matches the relying party trust that is configured in the AD FS configuration database.
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="AD FS 2.0" Guid="{20E25DDB-09E5-404B-8A56-EDAE2F12EE81}" />
        <EventID>184</EventID>
        <Version>0</Version>
        <Level>2</Level>
        <Task>0</Task>
        <Opcode>0</Opcode>
        <Keywords>0x8000000000000001</Keywords>
        <TimeCreated SystemTime="2012-07-05T11:26:19.246462500Z" />
        <EventRecordID>68</EventRecordID>
        <Correlation ActivityID="{DB62BFC0-8C8B-4DD3-B24B-4B79FA0A294C}" />
        <Execution ProcessID="3332" ThreadID="2568" />
        <Channel>AD FS 2.0/Admin</Channel>
        <Computer>ADFS1</Computer>
        <Security UserID="S-1-5-20" />
      </System>
      <UserData>
        <Event xmlns:auto-ns2="http://schemas.microsoft.com/win/2004/08/events" xmlns="http://schemas.microsoft.com/ActiveDirectoryFederationServices/2.0/Events">
          <EventData>
            <Data>urn:tshp1:sharepoint</Data>
          </EventData>
        </Event>
      </UserData>
    </Event>

    --------------------------------

    Error: Access Denied

    Current User
    You are currently signed in as:user @domain.local
     

    Как победить данную проблему?







    ?
  • Здраствуйте,
    Что прописано на ADFS Server в "Relying Party trust" ?
    10 июля 2012 г. 7:27