英文:
Sharepoint 2019 OnPremise and Active Directory Federation Services SecurityTokenResolver key error
问题
我试图为Sharepoint设置ADFS身份验证,但已经快要把我逼疯了。我遇到的错误是:
确保SecurityTokenResolver中包含所需的密钥
这个错误是由/_trust/default.aspx引发的,这是ADFS在成功登录后重定向的终点,明确说明我用来创建New-SPTrustedIdentityTokenIssuer并导入为整个Sharepoint的SPTrustedRootAuthority的证书与ADFS用于Token-Signing和Token-Decrypting机制的证书不受信任。
我已尝试使用自己从CA到AD注册的证书以及商业证书。我已验证在双方,SPTrustedIdentityTokenIssuer/SPTrustedRootAuthority和ADFS方面,指纹对应。
在我完全疯掉之前,需要一些帮助。
非常感谢。
英文:
I'm becoming mad trying to set up ADFS authentication for Sharepoint. The error I'm getting is:
Ensure that the SecurityTokenResolver is populated with the required key
The error is thrown by /_trust/default.aspx that is the endpoint where ADFS redirects after successful login and clearly states that the certificate I've used to create New-SPTrustedIdentityTokenIssuer and also imported as SPTrustedRootAuthority for the whole Sharepoint is not trusted by the certificate used by ADFS for Token-Signing and Token-Decrypting mechanism.
I've tried with my own certificates from a CA enroled to AD and with a commercial one. I've verified that thumbrints correspond in both sides, SPTrustedIdentityTokenIssuer/SPTrustedRootAuthority and ADFS side.
Need some help here before going completely crazy.
Many thanks.
答案1
得分: 0
已解决。
证书必须从ADFS Token-Signing导出。这是你想要用于客户端的证书。在这种情况下,是Sharepoint的SPTrustedIdentityTokenIssuer。
英文:
Resolved.
The certificate must be exported from ADFS Token-Signing one. This is the one you want to use for the client side. In this case Sharepoint SPTrustedIdentityTokenIssuer.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论