0
Je crée un STS actif qui authentifie RST en utilisant des jetons émis (SAML1, SAML2) et émet des BinarySecurityTokens. Cela fonctionne correctement pour les clients .net. Cependant, RST de Java clients (code, interface utilisateur SOAP, etc.), nous get suivantes exception -WCF Active STS (WS-Trust): Accès refusé à System.ServiceModel.Dispatcher.AuthorizationBehavior.Authorize pour les clients JAVA
<ExceptionType>System.ServiceModel.FaultException, System.ServiceModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</ExceptionType>
<Message>Access is denied.</Message>
at System.ServiceModel.Dispatcher.AuthorizationBehavior.Authorize(MessageRpc&amp; rpc)
at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage11(MessageRpc&amp; rpc)
at System.ServiceModel.Dispatcher.MessageRpc.Process(Boolean isOperationContextSet)
at System.ServiceModel.Dispatcher.ChannelHandler.DispatchAndReleasePump(RequestContext request, Boolean cleanThread, OperationContext currentOperationContext)
at System.ServiceModel.Dispatcher.ChannelHandler.HandleRequest(RequestContext request, OperationContext currentOperationContext)
at System.ServiceModel.Dispatcher.ChannelHandler.AsyncMessagePump(IAsyncResult result)
at System.Runtime.Fx.AsyncThunk.UnhandledExceptionFrame(IAsyncResult result)
at System.Runtime.AsyncResult.Complete(Boolean completedSynchronously)
at System.ServiceModel.Channels.SecurityChannelListener`1.ReceiveItemAndVerifySecurityAsyncResult`2.InnerTryReceiveCompletedCallback(IAsyncResult result)
at System.Runtime.Fx.AsyncThunk.UnhandledExceptionFrame(IAsyncResult result)
at System.Runtime.AsyncResult.Complete(Boolean completedSynchronously)
at System.Runtime.InputQueue`1.AsyncQueueReader.Set(Item item)...
Je soupçonne que le problème est avec serviceAuthorization pour la liaison. Cependant, je n'ai trouvé aucune documentation sur la configuration de l'autorisation pour l'authentification basée sur les réclamations. Voici ma configuration - behavior-
<serviceBehaviors>
<behavior name="">
<serviceMetadata httpGetEnabled="false" httpsGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true" />
</behavior>
<behavior name="WSTrustServiceBehaviour">
<serviceCredentials useIdentityConfiguration="true" identityConfiguration="STSIDConfig">
<issuedTokenAuthentication audienceUriMode="Never" certificateValidationMode="None">
</issuedTokenAuthentication>
</serviceCredentials>
<serviceMetadata httpGetEnabled="false" httpsGetEnabled="true" />
<!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information -->
<serviceDebug includeExceptionDetailInFaults="true" />
<serviceAuthorization principalPermissionMode="Always" />
</behavior>
</serviceBehaviors>
liant
<ws2007FederationHttpBinding>
<clear/>
<binding name="WS2007FedttpBinding">
<security mode="TransportWithMessageCredential">
<message establishSecurityContext="false" issuedKeyType="BearerKey">
</message>
</security>
</binding>
</ws2007FederationHttpBinding>
Service-
<service behaviorConfiguration="WSTrustServiceBehaviour" name="CustomSTS">
<endpoint name="WSTrust13HttpEndpoint" address="" binding="ws2007FederationHttpBinding" bindingConfiguration="WS2007FedttpBinding" contract="System.ServiceModel.Security.IWSTrust13SyncContract" />
<endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange" />
</service>
Pls me faire savoir ce qui manque