我使用Spring-Security-Saml示例应用程序作为SP,使用ADFS 2.0作为IdP。我按照这里描述的说明http://docs.spring.io/autorepo/docs/spring-security-saml/1.0.x-SNAPSHOT/reference/htmlsingle/。设置后,我可以登录到系统,但是在全局注销时,ADFS会抛出NullRecentceException(事件ID 303):
System.NullReferenceException: Object reference not set to an instance of an object.
at Microsoft.IdentityServer.Service.SamlProtocol.SingleLogoutService.LogoutNextSessionParticipant()
at Microsoft.IdentityServer.Service.SamlProtocol.SingleLogoutService.ProcessLogoutRequest(LogoutRequest logoutRequest, Boolean& validLogoutRequest)
at Microsoft.IdentityServer.Service.SamlProtocol.SingleLogoutService.ProcessMessage(SamlMessage samlMessage, BindingInformation bindingInformation, Boolean validResponseMessage, Boolean& validLogoutRequest)
我遇到了同样的问题,除了在我的情况下,我使用的是ADFS 3.0。告诉Spring SecuritySAML对注销响应进行签名为我解决了这个问题。这是通过在ExtendedMetadata bean上将要求注销响应签名设置为true来配置的。
空引用错误消息不是很有帮助。当我在C:\Windows\ADFS\Microsoft. Device注册.ServiceHost.exe.config文件中启用跟踪时,我在事件查看器的跟踪日志中收到了以下错误消息。
Microsoft.IdentityServer.Protocols.Saml.SamlProtocolSignatureVerificationException: MSIS7074: SAML authentication request for the WebSSO profile must specify an issuer with no NameQualifier, SPNameQualifier or SPProvidedId properties.
at Microsoft.IdentityServer.Web.Protocols.Saml.SamlProtocolManager.ValidateSignatureRequirements(SamlMessage samlMessage)
at Microsoft.IdentityServer.Web.Protocols.Saml.SamlProtocolManager.Logout(HttpSamlMessage logoutMessage, String sessionState, String logoutState, Boolean partialLogout, Boolean isUrlTranslationNeeded, HttpSamlMessage& newLogoutMessage, String& newSessionState, String& newLogoutState)
搜索它会给出一些更有帮助的结果。
SLOADFS上的MSIS7074错误
https://social.msdn.microsoft.com/Forums/vstudio/en-US/85b1a66f-ca0b-4ed6-a32f-c8dca4fdd6c7/slo-error-msis7074-on-adfs?forum=Geneva
