Partager via

Suivi WIF

  • Article

Cette rubrique illustre comment utiliser le suivi dans Windows® Identity Foundation (WIF). Cette opération est semblable au suivi Windows Communication Foundation (WCF). Pour plus d'informations sur le suivi WCF, consultez Procédure : Activer le suivi.

Comment activer le suivi

La méthode la plus simple pour activer le suivi est dans le fichier app.config ou web.config de votre application. La configuration suivante active les traces WIF, écrites dans le fichier C:\logs\WIF.xml. Notez que le dossier dans lequel le fichier journal est écrit doit déjà exister. Les traces WIF peuvent être affichées avec svctraceviewer.exe, qui se trouve dans \Program Files\Microsoft SDKs\Windows\v6.0A\bin sur le lecteur sur lequel vous avez installé Visual Studio.

<system.diagnostics>

  <sources> <source name="Microsoft.IdentityModel" switchValue="Verbose"> <listeners> <add name="xml" type="System.Diagnostics.XmlWriterTraceListener" initializeData="C:\logs\WIF.xml" /> </listeners> </source> </sources>

  <trace autoflush="true" />

</system.diagnostics>

La configuration suivante active les traces WCF et WIF, écrites respectivement dans les fichiers C:\logs\WCF.xml et C:\logs\WIF.xml. Notez que les sources de suivi sont différenciées par l'attribut name de l'élément source.

<system.diagnostics>

  <sources>

    <source name="Microsoft.IdentityModel" switchValue="Verbose"> <listeners> <add name="wif" /> </listeners> </source>

    <source name="System.ServiceModel.MessageLogging" logKnownPii="false" switchValue="Verbose"> <listeners> <add name="wcf" /> </listeners> </source>

  </sources>

  <sharedListeners> <add name="wcf" type="System.Diagnostics.XmlWriterTraceListener" initializeData="C:\logs\WCF.xml" /> <add name="wif" type="System.Diagnostics.XmlWriterTraceListener" initializeData="C:\logs\WIF.xml" /> </sharedListeners>

  <trace autoflush="true" />

</system.diagnostics>
security Sécurité Remarque :
Le suivi WIF n'essaie pas de filtrer les informations d'identification personnelle (PII). Par conséquent, les traces WIF doivent être stockées dans un emplacement sécurisé.

Traces

Cette rubrique décrit les traces suivantes :

  • ChunkedCookieHandler

  • ClaimsPrincipal

  • DeflateCookie

  • HashTrace

  • PassiveMessage

  • Reference

  • Token

  • WsFedMessage

  • Exceptions

  • AppDomain Unloading

Les tableaux suivants montrent les traces qui sont utiles pour les différents scénarios.

Pour les développeurs STS :

Émission de jeton Scénario Trace

WS-Federation

Échec de l'émission du jeton

HashTrace

Avertissement : message WS-Federation non traité

HashTrace

Réussite

Token

RST reçu

Token

Corps POST (notamment wresult)

PassiveMessage, WsFedMessage

HashTraceRecord

HashTrace

WS-Trust

Demande ActAs dans RST

HashTrace

RSTR/RST (Traces WCF)

HashTrace

Pour les développeurs RP :

Validation de jeton Scénario Trace

WS-Federation

Échec (URI d'audience, validation de certificat)

HashTrace, Reference

Avertissement : message WS-Federation non traité

HashTrace, Reference

Réussite

Token

ClaimsPrincipal

ClaimsPrincipal

Corps POST (réponse FedPassive)

PassiveMessage, WsFedMessage

Cookie (nom)

ChunkedCookie

Autres

Autorisations

ClaimsPrincipal

Exceptions

Exception

ChunkedCookieHandler

La trace ChunkedCookieHandler contient des informations relatives au cookie : son nom, sa taille, son chemin d'accès, son domaine, son expiration, si le canal était sécurisé, et l'action entreprise (lecture, écriture ou suppression).

La trace suivante enregistre les informations relatives aux cookies écrits :

<E2ETraceEvent xmlns="https://schemas.microsoft.com/2004/06/E2ETraceEvent">

  <System xmlns="https://schemas.microsoft.com/2004/06/windows/eventlog/system"> <EventID>0</EventID> <Type>3</Type> <SubType Name="Information">0</SubType> <Level>8</Level> <TimeCreated SystemTime="2009-08-27T16:06:43.3655884Z" /> <Source Name="Microsoft.IdentityModel" /> <Correlation ActivityID="{00000000-0000-0000-5a00-0080000000f7}" /> <Execution ProcessName="w3wp" ProcessID="3412" ThreadID="4" /> <Channel/> <Computer>MyComputer</Computer> </System>

  <ApplicationData> <TraceData> <DataItem>ChunkedCookieHandler: Writing Name=FedAuth Path=/ Domain= Expires=Session Secure=True HttpOnly=True</DataItem> </TraceData> </ApplicationData>

</E2ETraceEvent>

La trace suivante enregistre les informations relatives aux cookies lus :

<E2ETraceEvent xmlns="https://schemas.microsoft.com/2004/06/E2ETraceEvent">

  <System xmlns="https://schemas.microsoft.com/2004/06/windows/eventlog/system"> <EventID>0</EventID> <Type>3</Type> <SubType Name="Information">0</SubType> <Level>8</Level> <TimeCreated SystemTime="2009-08-27T16:06:43.3812141Z" /> <Source Name="Microsoft.IdentityModel" /> <Correlation ActivityID="{00000000-0000-0000-5b00-0080000000f7}" /> <Execution ProcessName="w3wp" ProcessID="3412" ThreadID="4" /> <Channel/> <Computer>MyComputer</Computer> </System>

  <ApplicationData> <TraceData> <DataItem>ChunkedCookieHandler: Reading Name=FedAuth</DataItem> </TraceData> </ApplicationData>

</E2ETraceEvent>

ClaimsPrincipal

La trace ClaimsPrincipal contient des informations relatives à l'entité créée : son nom et toutes les identités de revendications qu'elle contient. Chaque identité de revendication a un nom, des valeurs NameClaimType, RoleClaimType, Label et Actor (peut être vide) et un jeu de revendications.

Exemple de trace ClaimsPrincipal :

<E2ETraceEvent xmlns="https://schemas.microsoft.com/2004/06/E2ETraceEvent">

  <System xmlns="https://schemas.microsoft.com/2004/06/windows/eventlog/system"> <EventID>1</EventID> <Type>3</Type> <SubType Name="Information">0</SubType> <Level>8</Level> <TimeCreated SystemTime="2009-08-28T00:37:18.9548714Z" /> <Source Name="Microsoft.IdentityModel" /> <Correlation ActivityID="{00000000-0000-0000-0000-000000000000}" /> <Execution ProcessName="ActiveStsExample.vshost" ProcessID="4380" ThreadID="11" /> <Channel/> <Computer>MyComputer</Computer> </System>

  <ApplicationData> <TraceData> <DataItem> <TraceRecord xmlns="https://schemas.microsoft.com/2009/10/IdentityModel/TraceRecord" Severity="Information">

          <Description>Définition d'une entité IClaimsPrincipal dans le contexte EvaluationContext actuel</Description>

          <AppDomain>ActiveStsExample.vshost.exe</AppDomain>

          <ClaimsPrincipalTraceRecord xmlns="https://schemas.microsoft.com/2009/06/IdentityModel/ClaimsPrincipalTraceRecord"> <ClaimsPrincipal Identity.Name="MonDomaine\MonNomUtilisateur"> <ClaimsIdentity Name="MonDomaine\MonNomUtilisateur" NameClaimType="https://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" RoleClaimType="https://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid" Label="">

                <Claim Value="MonDomaine\MonNomUtilisateur" Type="https://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" ValueType="http://www.w3.org/2001/XMLSchema#string"></Claim>

                <Claim Value="https://schemas.microsoft.com/ws/2008/06/identity/authenticationmethod/x509" Type="https://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod" ValueType="http://www.w3.org/2001/XMLSchema#string"></Claim>

              </ClaimsIdentity> </ClaimsPrincipal> </ClaimsPrincipalTraceRecord> </TraceRecord> </DataItem> </TraceData> </ApplicationData>

</E2ETraceEvent>

DeflateCookie

La trace DeflateCookie contient des informations relatives à la compression du cookie : sa taille d'origine et sa taille compressée.

Exemple de trace DeflateCookie :

<E2ETraceEvent xmlns="https://schemas.microsoft.com/2004/06/E2ETraceEvent">

  <System xmlns="https://schemas.microsoft.com/2004/06/windows/eventlog/system"> <EventID>0</EventID> <Type>3</Type> <SubType Name="Information">0</SubType> <Level>8</Level> <TimeCreated SystemTime="2009-08-27T16:06:43.0843258Z" /> <Source Name="Microsoft.IdentityModel" /> <Correlation ActivityID="{00000000-0000-0000-5a00-0080000000f7}" /> <Execution ProcessName="w3wp" ProcessID="3412" ThreadID="4" /> <Channel/> <Computer>MyComputer</Computer> </System>

  <ApplicationData> <TraceData> <DataItem>DeflateCookieTransform: BeforeDeflate=5224 AfterDeflate=2596</DataItem> </TraceData> </ApplicationData>

</E2ETraceEvent>

HashTrace

La trace HashTrace contient des informations relatives aux signatures et au code XML de signature : les octets au format Hex, les octets au format chaîne (lors de l'écriture, les PreCanonicalBytes sont inclus), la longueur et la valeur.

Exemple de trace HashTrace :

<E2ETraceEvent xmlns="https://schemas.microsoft.com/2004/06/E2ETraceEvent">

  <System xmlns="https://schemas.microsoft.com/2004/06/windows/eventlog/system"> <EventID>1</EventID> <Type>3</Type> <SubType Name="Verbose">0</SubType> <Level>16</Level> <TimeCreated SystemTime="2009-08-28T01:04:35.4997605Z" /> <Source Name="Microsoft.IdentityModel" /> <Correlation ActivityID="{00000000-0000-0000-0000-000000000000}" /> <Execution ProcessName="ActiveStsExample.vshost" ProcessID="8908" ThreadID="11" /> <Channel/> <Computer>MyComputer</Computer> </System>

  <ApplicationData> <TraceData> <DataItem> <TraceRecord xmlns="https://schemas.microsoft.com/2009/10/IdentityModel/TraceRecord" Severity="Verbose">

          <Description>Trace de diagnostic Microsoft.IdentityModel</Description>

          <AppDomain>ActiveStsExample.vshost.exe</AppDomain>

          <HashTraceRecord xmlns="https://schemas.microsoft.com/2009/06/IdentityModel/HashTraceRecord">

            <PreCanonicalBytes> <Length>3240</Length> <HexBytes>EFBBBF3C417…</HexBytes> <Encoding.UTF8>&lt;Assertion ID="_0457ef59-6994-40ee-a733-b9a1210bead3" IssueInstant="2009-08-28T01:04:27.590Z" Version="2.0" /AttributeStatement&gt;</Encoding.UTF8> </PreCanonicalBytes>

            <CanonicalBytes> <Length>3241</Length> <HexBytes>3C417373657274696F6E20</HexBytes> <Encoding.UTF8>&lt;Assertion xmlns="urn:oasis:names:tc:SAML:2.0:assertion" ID="_0457ef59-6994-40ee-a733-b9a1210bead3" …/Assertion&gt;</Encoding.UTF8> </CanonicalBytes>

            <Hash> <Length>44</Length> <Value>pBEYEHY7srohYL4L0lHWgIhxDw8YCaPyUb99OUI/OZA=</Value> </Hash>

          </HashTraceRecord> </TraceRecord> </DataItem> </TraceData> </ApplicationData>

</E2ETraceEvent>

PassiveMessage

La trace PassiveMessage contient des informations relatives à un message passif ou de connexion de STS qui a été reçu sur un site Web passif : paires nom/valeur de la requête HTTP.

Exemple de trace PassiveMessage :

<E2ETraceEvent xmlns="https://schemas.microsoft.com/2004/06/E2ETraceEvent"> <System xmlns="https://schemas.microsoft.com/2004/06/windows/eventlog/system"> <EventID>1</EventID> <Type>3</Type> <SubType Name="Information">0</SubType> <Level>8</Level> <TimeCreated SystemTime="2009-11-04T01:36:22.2657059Z" /> <Source Name="Microsoft.IdentityModel" /> <Correlation ActivityID="{00000000-0000-0000-0000-000000000000}" /> <Execution ProcessName="w3wp" ProcessID="3680" ThreadID="5" /> <Channel /> <Computer>MyComputer</Computer> </System> <ApplicationData> <TraceData> <DataItem> <TraceRecord xmlns="https://schemas.microsoft.com/2009/10/IdentityModel/TraceRecord" Severity="Information"> <Description>HttpRequest.Form dans SignInWithResponseMessage.</Description> <AppDomain>/LM/W3SVC/1/ROOT/PassiveRedirectBasedClaimsAwareWebApp-1-129017721800312308</AppDomain> <PassiveMessageTraceRecord xmlns="https://schemas.microsoft.com/2009/06/IdentityModel/PassiveMessageTraceRecord"> <Request> <wa>wsignin1.0</wa> <wresult> <trust:RequestSecurityTokenResponseCollection xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512"> <trust:RequestSecurityTokenResponse Context="rm=0&id=passive&ru=%2fPassiveRedirectBasedClaimsAwareWebApp%2fdefault.aspx"> <trust:Lifetime> <wsu:Created xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">2009-11-04T01:36:22.156Z</wsu:Created> <wsu:Expires xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">2009-11-04T02:36:22.156Z</wsu:Expires> </trust:Lifetime> <wsp:AppliesTo xmlns:wsp="https://schemas.xmlsoap.org/ws/2004/09/policy"> <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> <Address>https://localhost/PassiveRedirectBasedClaimsAwareWebApp</Address> </EndpointReference> </wsp:AppliesTo> <trust:RequestedSecurityToken> <xenc:EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"> <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"></xenc:EncryptionMethod> <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> <e:EncryptedKey xmlns:e="http://www.w3.org/2001/04/xmlenc#"> <e:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"> <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></DigestMethod> </e:EncryptionMethod> <KeyInfo> <o:SecurityTokenReference xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> <X509Data> <X509IssuerSerial> <X509IssuerName>CN=localhost</X509IssuerName> <X509SerialNumber>-46063684837087187425230596485139881026</X509SerialNumber> </X509IssuerSerial> </X509Data> </o:SecurityTokenReference> </KeyInfo> <e:CipherData> <e:CipherValue>Hjwt9Qfo/+fSaIqxy2vFIaVuPhKxHjmfYZsWLIAe8KZg4mNz4IH9j1eeMuJUdSiNY7yiv7SXVbVNmpi/lsSON8H9vVVpMgfYbr23tgbWjTKSJp59VWwzURx/MqyNOerlRc8GOSNz9S8AgVVm6twFYw/ZgScYFklYQuNKCEAYChU=</e:CipherValue> </e:CipherData> </e:EncryptedKey> </KeyInfo> <xenc:CipherData> <xenc:CipherValue>hrt5PmmAaa3frZjz928PcWhXlUf+xzsR7pUSAosRfQ4MkNvyJtC12Bf4RdEYmauF59Pi2g+5WMggZj8RHfekTzV1k87jmNPxzQ9zcN8JVuz1UsqP3ADgEZiesnhSlhpfaogD3fgmFpCBikwFLg4I60y2X/0yQt+hBHqLcvu3LKbAy81tkPPx9qJYy+1y1FBbm0Wt55GdDwo+f9akJMXJkXc0MhYbNRKIsMWuWbVo73TF3aHJ8AqYjJy7kuWXdvxqbCo6yW0SkEiid6FYAG1/Rl6tB8BOaye8YlpPJRBeFkojHaa9RohnSZ73KPFH9JbFXERQfpN9Z5I1yLvkSkWbu81O3z4epgFVBcr+ARuRc5RnVnuQg7IUMeQFm5d2HD80DuonqrUkJC7+kr3ur//Hdc5WTSxCCVRTrR/YLuFRLDKjXfJ8gYXUkTCI8Ca9yoMesjNZWAT6nf0pu3P/DHh0IczdcGhMYelZiHTY6C5au0ZqMvJudgbLyLvhkM+tTX8Nt0MZFt7FEYz/QXrBjh6t5/WbItFf+2P6ZPQuGQFCMsJo0zMonmxQzUBMJbrG1hNrb2w27+RXAh5Xhvie/4njwaAmcb3nWanohs8AEU41kODsYrjbq+7VfqyyIIWvnL+8T1QEABXuGPbme+Jkp6xHViL5FHPLsHR9l9IAQwWTn85D+/LBlmSPA/avPst1nIUk5cCkwwg06W0g+ZL4zK9w7v7xTff6sinm7cNw3UcQfWbo8/R7DTEph4KFIzHPvy5kuAFk1A13uwrGvodapoh/gDyZ6laCA53S/nDy6nFeNtr3TYer8FXlZGXXe9DglBXWtYLcOc6pEM8r3rab13sbev5KgJOPUcg/ebtH6voyF/dfvsTh+hDRMtpOS+7JTV89Bn4zcDm9/8/2DzAEDhxb28YUKwgdVM30sF4e3/4+qedafQr2OIMRJqRFMxaDD6amvXw09qmp48edKDEQRCmqKi/iGPZQUtZNxrNBld+iOj8l/53dgum5DTQgrWhioeEgueWWmhLjepSpfrxW8HgeFTQMc/Eev8ASD2f1tL7rOC3XxTkQgxvLBpNm1UucI0GC/f3u0DOwL8R6z4gG2ZF5sQy0grAxiKRQOOHslw2OdKcEJCZPx8Dt53zHN5C/MhazWZcsIXS4sBE7lafC7cPS/C/kV5rNv+hvuLSrvaT3IEGx9Bfrt391FGssaqL1f6HeFBtSk7+IuGLJIFWurZ/LuZnGBcJZ9TBB7a9dpO5yj6trn/QTuaVoE7wsYJmtCpEkg/jjlQ2/SZMZlf9zUsauebwJKlm5l7U6aIlu6lsOkTdtGsNcTE2qgmN/3vZjguDCg+0/cVDQE6iyDafpatojv9/+7JAxd/Hf2ITmYb04GRn2TqPy0HPcBj4czkwJ7+q59oj49E8leFdQx/dFRFmwHk8N4XD8/Sn1rSrc3LnDcBu//xhBKf1pUoEjq2AEDYGIiY1j1Aoa1h11DxQdEx1qc4uKoVL6PHm/NA9LA5fKtwjfCmebNaVGmFx+Oq+EcHdMnL3g8GEYWkd59u0BgRaW1XeTTdF7lksNYqtwNii8fhw50oiquGwlcADksrGCxQtzrTSLq8Zt0npiOaXe1hKGuQEAsNRm5nzu7fruf2AKkQwh9RKyU1lpAux/y2cWQcvjRqldY0ZAuim7c+YmnXoWEe/xQ3k4QHn+xSooCrRjwbrV3bbMl2JdPyC4tt2MRjF/LIsH3lNWOTAXT4saFKO6dyigZoQvW88xaDPCiOIKMbL9yy9dGp5JQnk1AQv1/4UjyVgUdVakGEep0iR7euqh9m+vu1/o8WsE+lbO2S5X2WQxFxxzTnBT24AgoK2Qy9FXfmL9VQWTcif6I0tGFwGnQpp1n0Cn+37Ta+jYXtllWg1AmX8PtE18qjW/gHGh/U1aMHOLSJ6n/VmJyk9IUmmtA2q3D1tFCSGtCjd661kipUpBvi1u8dvRXz1jhrWIu0uKZ9FhMvsR4zi/oB98ZkEUSB0aUd0dCrJe7c9FHtUdDo5g7YfHY7Ch4yLMuvhfkmQa+dddXwuQNcmHdLq27PNah3v7A9SUgqZyHi+I4efjy17K3WxqxO9DJY7iaqa2KJkJifdAZ/YNRzmiL9RO4NRnheF7vc0W9fF5Ih/r1nxwLwbjyOZwIToksEgot1C2wfJpc6ylObuTCL2+/KpYKh1NGjZHRdQtEHxAaRxPhK3WW/iKT1U1g04YluHyxdlo0fiEYXikndhbNassN7fVF27FL0uCBNv75D5W0+KlYpWlSaYnBMqXMLm2Aw5cgIQueCGzMPCZf5yapP8BZUzBrURxYOiEbPPrLDzQZnSVfGDJJ9qBMBpDgtFE7fQVp11HUwwdps4bgrn1f0uTjf9G08eFTRV9jKKrhKnBZFRqNpiM97n5w+YuzTVwV4RcgXIqanZbd0q6lstQo6Ls9sg46yUQUmage6PWf/OBRdCU+1Rk0ve7uPYHATAP0gOu4HuEYbGU9Nz0BRQfGf/+Hf5xqJp1O1MzMMXpCn5kDhqZuNJRuHN26dVgk9EgviLsYSyeHJaG/yYpk3ZtRiTQU/fOKbaX8lpgCON/0UKS1rCPrf9ub1+rsZGQOYtJOGbnXulTcY8mcb//7SXTPJxPsgA51d+yZ6EgjQLc1G1E2HWzWNLSjSkd4vICoSqgM1uCecF+uacE9u9qlqaugRqT6LH65Nw6RCOlvmyJjzNh9R2xmjOqewz0QPzeojuF0DqxHmJfgyLqhv3bUrdoo3ESQ1yJPwl9srHejn0vK8MPdKB6GOocYg/Gh4fNGqxNXTG9Kz0sAw90qKByA4AfYPH7/7sscsHg+Mr3o0Ih5AJsJ9/JUBdhqMEYAVOC9kEMNgu+5HXY1aO7CfTCD/T+EuI8qYg3Dj9yVt1G0fXmCor+u7ETD2Sq8coiYJ03uCEsNqOLvCyUmZOlcBt2ZwWeNGhWokgEm9ybXQFjLhBTQ4qNrFww70oQk7Utxxgsdq/X/TWeBKWZwXDYxwiEs0mANp+YuvrDd/IrMHinThFP5wMoMG+mGapdX8uEGu6PByfd3kwzdVLPRA/dE/qxJEvVX1U8kthcxlhR3KZtmGvBDu6RZjldNVEGkjN8k8eOxMuCdiyPHRhBFHVEhEOvxkrmPtwGURFdY/7sgCXW8wYSYxmQkOzbi+6qymtcPOGxpDPHlN6ValdZih1QCotonxTF+cFVc9i41v5/VeQ9g283ujbr9P0+gqwt89mdZjG3fLPWgp4sNf9FUKo5/oHz2wkFqkdwpakNxB6KEOFIi7KgW2QP862z40waTW8/t8U6PsaYPGt2yLyssx0rHJunI0DgpxvB3FatR7EzU4xedcvribCKkX744p+iaDtIavvmVdiAPyvdZFun8fHatWK6gB9S6asrfRAK0y0yEcAU0PuLeA+h4a5VqFaRiqRxKH4sGEaYM8bsXuZPzpDeCCq1UAiaqAELGt3DFLB0OpbO3mS4ilL9kw9P/cvz/wX/nghiPRvj6Mm9qeonm/PBBfNmsnJeidGNCP3ZUD1iFkMxNIaA3oXayXwBd4+2FwY6m/jT8Gx0YseOZ4uoAiZnOBY6rrex/1pzMH/si696NtbUzw5d0RShZ13zS5LAw76QrZDsCK0YkFOnJm3Rcf6CfNDe1Efv+rTmsGwgT3tgWXp3UEeidTFrgaeMAFIfIsjKy1BSbx9ALhmORjfafEJLmZko06TWOr6fNWHIg/gWFkdFv2KmPy6/3xrqJm4vHbWdGnRSjEgnRVDZGwqTJEv35JO+CV7K78uU14VzUakgU7thEgS00hquoysOeK6Ibw3xun4NljPdb8++8u0kFXtjjFfNjpkzF82hfzurSbeF1NCPOxsP2og9xRCCmLFPcYvuHgjGGbx997lOnffoC3rfmKKnwKe40ugD6P2/+k/KKkzU1Dao+Tz/a2at69iLNLbrn8sVjFaBRadWV8eacl/kdw9f4vTNaqj4oCzqtJRKV4GDTbSwqjAi5HKI2ZjKw4KSLDnNxU7KoAZ0FBK99MBsRjN7lG/Gfm/ymF86S91Jh3z8O/FUFoi0EK+V2Z5B9vk=</xenc:CipherValue> </xenc:CipherData> </xenc:EncryptedData> </trust:RequestedSecurityToken> <trust:RequestedAttachedReference> <o:SecurityTokenReference xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> <o:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID">_a4e312b7-af54-4623-9c36-9d1da05b16de</o:KeyIdentifier> </o:SecurityTokenReference> </trust:RequestedAttachedReference> <trust:RequestedUnattachedReference> <o:SecurityTokenReference xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> <o:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID">_a4e312b7-af54-4623-9c36-9d1da05b16de</o:KeyIdentifier> </o:SecurityTokenReference> </trust:RequestedUnattachedReference> <trust:TokenType>urn:oasis:names:tc:SAML:1.0:assertion</trust:TokenType> <trust:RequestType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue</trust:RequestType> <trust:KeyType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Bearer</trust:KeyType> </trust:RequestSecurityTokenResponse> </trust:RequestSecurityTokenResponseCollection> </wresult> <wctx>rm=0&id=passive&ru=%2fPassiveRedirectBasedClaimsAwareWebApp%2fdefault.aspx</wctx> </Request> </PassiveMessageTraceRecord> </TraceRecord> </DataItem> </TraceData> </ApplicationData> </E2ETraceEvent>

Reference

La trace Reference contient des informations relatives aux références dans SignedInfo : le ReferenceId (URI), une valeur booléenne qui indique l'égalité, le condensé calculé et le condensé de référence.

Exemple de trace Reference :

<E2ETraceEvent xmlns="https://schemas.microsoft.com/2004/06/E2ETraceEvent"> <System xmlns="https://schemas.microsoft.com/2004/06/windows/eventlog/system"> <EventID>1</EventID> <Type>3</Type> <SubType Name="Verbose">0</SubType> <Level>16</Level> <TimeCreated SystemTime="2009-11-04T01:36:22.2969573Z" /> <Source Name="Microsoft.IdentityModel" /> <Correlation ActivityID="{00000000-0000-0000-0000-000000000000}" /> <Execution ProcessName="w3wp" ProcessID="3680" ThreadID="5" /> <Channel /> <Computer>MyComputer</Computer> </System> <ApplicationData> <TraceData> <DataItem> <TraceRecord xmlns="https://schemas.microsoft.com/2009/10/IdentityModel/TraceRecord" Severity="Verbose"> <Description>Calcul et vérification des condensés de référence.</Description> <AppDomain>/LM/W3SVC/1/ROOT/PassiveRedirectBasedClaimsAwareWebApp-1-129017721800312308</AppDomain> <ReferenceTraceRecord xmlns="https://schemas.microsoft.com/2009/06/IdentityModel/ReferenceTraceRecord"> <Reference>#_a4e312b7-af54-4623-9c36-9d1da05b16de</Reference> <Equal>True</Equal> <ComputedDigestBase64>Y0WvY8uYETf/oWAYd+x6kPHxzgvH4XqcibGwt67PsZA=</ComputedDigestBase64> <ReferenceDigestBase64>Y0WvY8uYETf/oWAYd+x6kPHxzgvH4XqcibGwt67PsZA=</ReferenceDigestBase64> </ReferenceTraceRecord> </TraceRecord> </DataItem> </TraceData> </ApplicationData> </E2ETraceEvent>

Token

La trace Token contient des informations relatives au jeton. Actuellement, seuls les jetons SessionTokens, Saml11 et Saml2 sont suivis lors de la lecture. Cette trace contient des informations différentes pour chaque type de jeton.

Exemple de trace Token :

<E2ETraceEvent xmlns="https://schemas.microsoft.com/2004/06/E2ETraceEvent"> <System xmlns="https://schemas.microsoft.com/2004/06/windows/eventlog/system"> <EventID>1</EventID> <Type>3</Type> <SubType Name="Verbose">0</SubType> <Level>16</Level> <TimeCreated SystemTime="2009-11-04T01:36:22.2969573Z" /> <Source Name="Microsoft.IdentityModel" /> <Correlation ActivityID="{00000000-0000-0000-0000-000000000000}" /> <Execution ProcessName="w3wp" ProcessID="3680" ThreadID="5" /> <Channel /> <Computer>MyComputer</Computer> </System> <ApplicationData> <TraceData> <DataItem> <TraceRecord xmlns="https://schemas.microsoft.com/2009/10/IdentityModel/TraceRecord" Severity="Verbose"> <Description>Validation du jeton de sécurité.</Description> <AppDomain>/LM/W3SVC/1/ROOT/PassiveRedirectBasedClaimsAwareWebApp-1-129017721800312308</AppDomain> <TokenTraceRecord xmlns="https://schemas.microsoft.com/2009/06/IdentityModel/TokenTraceRecord"> <SecurityToken Type="System.IdentityModel.Tokens.SamlSecurityToken"> <saml:Assertion MajorVersion="1" MinorVersion="1" AssertionID="_a4e312b7-af54-4623-9c36-9d1da05b16de" Issuer="PassiveSigninSTS" IssueInstant="2009-11-04T01:36:22.156Z" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"> <saml:Conditions NotBefore="2009-11-04T01:36:22.156Z" NotOnOrAfter="2009-11-04T02:36:22.156Z"> <saml:AudienceRestrictionCondition> <saml:Audience>https://localhost/PassiveRedirectBasedClaimsAwareWebApp</saml:Audience> </saml:AudienceRestrictionCondition> </saml:Conditions> <saml:AttributeStatement> <saml:Subject> <saml:SubjectConfirmation> <saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:bearer</saml:ConfirmationMethod> </saml:SubjectConfirmation> </saml:Subject> <saml:Attribute AttributeName="name" AttributeNamespace="https://schemas.xmlsoap.org/ws/2005/05/identity/claims"> <saml:AttributeValue>MyName</saml:AttributeValue> </saml:Attribute> <saml:Attribute AttributeName="myID" AttributeNamespace="http://WindowsIdentityFoundationSamples"> <saml:AttributeValue>myemail@contoso.com</saml:AttributeValue> </saml:Attribute> <saml:Attribute AttributeName="AgeClaim" AttributeNamespace="http://WindowsIdentityFoundationSamples/2008/05"> <saml:AttributeValue a:type="tn:integer" xmlns:a="http://www.w3.org/2001/XMLSchema-instance" xmlns:tn="http://www.w3.org/2001/XMLSchema">50</saml:AttributeValue> </saml:Attribute> </saml:AttributeStatement> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:CanonicalizationMethod> <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"></ds:SignatureMethod> <ds:Reference URI="#_a4e312b7-af54-4623-9c36-9d1da05b16de"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"></ds:Transform> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:Transform> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"></ds:DigestMethod> <ds:DigestValue>Y0WvY8uYETf/oWAYd+x6kPHxzgvH4XqcibGwt67PsZA=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue>NtLi5N5V/fOqTLxJZLMjODgPoAPxMllaPN1xsboU712EDk6TZ5RrdZjvjprKFEYKHCKG1bg779VXoXGYZImi0enBoyL0kXYtdfEtHTmYBwpXyib1bbhP0IuFAVQ7JCkhFDmODWA6nDLYBtlz2FQwEVqGnNM5OCDZZ6ItLvq7rnI=</ds:SignatureValue> <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> <X509Data> <X509Certificate>MIIB7jCCAVugAwIBAgIQ3Vh0/hsIm4RA2OvQLeSjvjAJBgUrDgMCHQUAMBQxEjAQBgNVBAMTCWxvY2FsaG9zdDAeFw0wMDAxMDEwODAwMDBaFw0zNjAxMDEwODAwMDBaMBQxEjAQBgNVBAMTCWxvY2FsaG9zdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAtINoa5bYMLtbJoewBFrajwnQu3K8lahVL3EokQLuXZNA59DFzf1KJTjeAa+otkydNZygMqYj6odA/PHS1v36Kt+9KU88jj+HmxCY3zlzLLLAeLphMNboV69qrv8Xhjl9Av8p3+YEQWecN+z2NT4jN/b93zHuum0UOHxgpzeuBF0CAwEAAaNJMEcwRQYDVR0BBD4wPIAQ7LJlFrGxniplf/NwIOqPJ6EWMBQxEjAQBgNVBAMTCWxvY2FsaG9zdIIQ3Vh0/hsIm4RA2OvQLeSjvjAJBgUrDgMCHQUAA4GBAB+WKIcbd7DhDmThLxlH5M2YoGNKnwx4YqPKz5J7MaM+G5D1YGG9PQfQtxLi7E6G+slSIJ73Vhhf7odZ9VE7znnh2qLISe0THnWg8NUqm9eSLpUEixzoxQQsqZf24z0qtzVlsrjJNc4EnY2F71vUc0+1FlTZvZU0CVVNX349wiUc</X509Certificate> </X509Data> </KeyInfo> </ds:Signature> </saml:Assertion> </SecurityToken> </TokenTraceRecord> </TraceRecord> </DataItem> </TraceData> </ApplicationData> </E2ETraceEvent>

WsFedMessage

La trace WsFedMessage contient des informations lorsque des messages WSFederationMessges sont reçus : CanReadSignInResponse, GetReturnUrlFromResponse, CreateSignInResponse et GetSignInResponse.

Exemple de trace WsFedMessage :

<E2ETraceEvent xmlns="https://schemas.microsoft.com/2004/06/E2ETraceEvent"> <System xmlns="https://schemas.microsoft.com/2004/06/windows/eventlog/system"> <EventID>1</EventID> <Type>3</Type> <SubType Name="Information">0</SubType> <Level>8</Level> <TimeCreated SystemTime="2009-11-04T01:36:22.2657059Z" /> <Source Name="Microsoft.IdentityModel" /> <Correlation ActivityID="{00000000-0000-0000-0000-000000000000}" /> <Execution ProcessName="w3wp" ProcessID="3680" ThreadID="5" /> <Channel /> <Computer>MyComputer</Computer> </System> <ApplicationData> <TraceData> <DataItem> <TraceRecord xmlns="https://schemas.microsoft.com/2009/10/IdentityModel/TraceRecord" Severity="Information"> <Description>GetSignInResponseMessage</Description> <AppDomain>/LM/W3SVC/1/ROOT/PassiveRedirectBasedClaimsAwareWebApp-1-129017721800312308</AppDomain> <WSFederationMessageTraceRecord xmlns="https://schemas.microsoft.com/2009/06/IdentityModel/WSFederationMessageTraceRecord"> <WSFederationMessage> <BaseUri>https://localhost/PassiveRedirectBasedClaimsAwareWebApp/Default.aspx</BaseUri> <wa>wsignin1.0</wa> <wresult> <trust:RequestSecurityTokenResponseCollection xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512"> <trust:RequestSecurityTokenResponse Context="rm=0&id=passive&ru=%2fPassiveRedirectBasedClaimsAwareWebApp%2fdefault.aspx"> <trust:Lifetime> <wsu:Created xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">2009-11-04T01:36:22.156Z</wsu:Created> <wsu:Expires xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">2009-11-04T02:36:22.156Z</wsu:Expires> </trust:Lifetime> <wsp:AppliesTo xmlns:wsp="https://schemas.xmlsoap.org/ws/2004/09/policy"> <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> <Address>https://localhost/PassiveRedirectBasedClaimsAwareWebApp</Address> </EndpointReference> </wsp:AppliesTo> <trust:RequestedSecurityToken> <xenc:EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"> <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"></xenc:EncryptionMethod> <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> <e:EncryptedKey xmlns:e="http://www.w3.org/2001/04/xmlenc#"> <e:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"> <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></DigestMethod> </e:EncryptionMethod> <KeyInfo> <o:SecurityTokenReference xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> <X509Data> <X509IssuerSerial> <X509IssuerName>CN=localhost</X509IssuerName> <X509SerialNumber>-46063684837087187425230596485139881026</X509SerialNumber> </X509IssuerSerial> </X509Data> </o:SecurityTokenReference> </KeyInfo> <e:CipherData> <e:CipherValue>Hjwt9Qfo/+fSaIqxy2vFIaVuPhKxHjmfYZsWLIAe8KZg4mNz4IH9j1eeMuJUdSiNY7yiv7SXVbVNmpi/lsSON8H9vVVpMgfYbr23tgbWjTKSJp59VWwzURx/MqyNOerlRc8GOSNz9S8AgVVm6twFYw/ZgScYFklYQuNKCEAYChU=</e:CipherValue> </e:CipherData> </e:EncryptedKey> </KeyInfo> <xenc:CipherData> <xenc:CipherValue>hrt5PmmAaa3frZjz928PcWhXlUf+xzsR7pUSAosRfQ4MkNvyJtC12Bf4RdEYmauF59Pi2g+5WMggZj8RHfekTzV1k87jmNPxzQ9zcN8JVuz1UsqP3ADgEZiesnhSlhpfaogD3fgmFpCBikwFLg4I60y2X/0yQt+hBHqLcvu3LKbAy81tkPPx9qJYy+1y1FBbm0Wt55GdDwo+f9akJMXJkXc0MhYbNRKIsMWuWbVo73TF3aHJ8AqYjJy7kuWXdvxqbCo6yW0SkEiid6FYAG1/Rl6tB8BOaye8YlpPJRBeFkojHaa9RohnSZ73KPFH9JbFXERQfpN9Z5I1yLvkSkWbu81O3z4epgFVBcr+ARuRc5RnVnuQg7IUMeQFm5d2HD80DuonqrUkJC7+kr3ur//Hdc5WTSxCCVRTrR/YLuFRLDKjXfJ8gYXUkTCI8Ca9yoMesjNZWAT6nf0pu3P/DHh0IczdcGhMYelZiHTY6C5au0ZqMvJudgbLyLvhkM+tTX8Nt0MZFt7FEYz/QXrBjh6t5/WbItFf+2P6ZPQuGQFCMsJo0zMonmxQzUBMJbrG1hNrb2w27+RXAh5Xhvie/4njwaAmcb3nWanohs8AEU41kODsYrjbq+7VfqyyIIWvnL+8T1QEABXuGPbme+Jkp6xHViL5FHPLsHR9l9IAQwWTn85D+/LBlmSPA/avPst1nIUk5cCkwwg06W0g+ZL4zK9w7v7xTff6sinm7cNw3UcQfWbo8/R7DTEph4KFIzHPvy5kuAFk1A13uwrGvodapoh/gDyZ6laCA53S/nDy6nFeNtr3TYer8FXlZGXXe9DglBXWtYLcOc6pEM8r3rab13sbev5KgJOPUcg/ebtH6voyF/dfvsTh+hDRMtpOS+7JTV89Bn4zcDm9/8/2DzAEDhxb28YUKwgdVM30sF4e3/4+qedafQr2OIMRJqRFMxaDD6amvXw09qmp48edKDEQRCmqKi/iGPZQUtZNxrNBld+iOj8l/53dgum5DTQgrWhioeEgueWWmhLjepSpfrxW8HgeFTQMc/Eev8ASD2f1tL7rOC3XxTkQgxvLBpNm1UucI0GC/f3u0DOwL8R6z4gG2ZF5sQy0grAxiKRQOOHslw2OdKcEJCZPx8Dt53zHN5C/MhazWZcsIXS4sBE7lafC7cPS/C/kV5rNv+hvuLSrvaT3IEGx9Bfrt391FGssaqL1f6HeFBtSk7+IuGLJIFWurZ/LuZnGBcJZ9TBB7a9dpO5yj6trn/QTuaVoE7wsYJmtCpEkg/jjlQ2/SZMZlf9zUsauebwJKlm5l7U6aIlu6lsOkTdtGsNcTE2qgmN/3vZjguDCg+0/cVDQE6iyDafpatojv9/+7JAxd/Hf2ITmYb04GRn2TqPy0HPcBj4czkwJ7+q59oj49E8leFdQx/dFRFmwHk8N4XD8/Sn1rSrc3LnDcBu//xhBKf1pUoEjq2AEDYGIiY1j1Aoa1h11DxQdEx1qc4uKoVL6PHm/NA9LA5fKtwjfCmebNaVGmFx+Oq+EcHdMnL3g8GEYWkd59u0BgRaW1XeTTdF7lksNYqtwNii8fhw50oiquGwlcADksrGCxQtzrTSLq8Zt0npiOaXe1hKGuQEAsNRm5nzu7fruf2AKkQwh9RKyU1lpAux/y2cWQcvjRqldY0ZAuim7c+YmnXoWEe/xQ3k4QHn+xSooCrRjwbrV3bbMl2JdPyC4tt2MRjF/LIsH3lNWOTAXT4saFKO6dyigZoQvW88xaDPCiOIKMbL9yy9dGp5JQnk1AQv1/4UjyVgUdVakGEep0iR7euqh9m+vu1/o8WsE+lbO2S5X2WQxFxxzTnBT24AgoK2Qy9FXfmL9VQWTcif6I0tGFwGnQpp1n0Cn+37Ta+jYXtllWg1AmX8PtE18qjW/gHGh/U1aMHOLSJ6n/VmJyk9IUmmtA2q3D1tFCSGtCjd661kipUpBvi1u8dvRXz1jhrWIu0uKZ9FhMvsR4zi/oB98ZkEUSB0aUd0dCrJe7c9FHtUdDo5g7YfHY7Ch4yLMuvhfkmQa+dddXwuQNcmHdLq27PNah3v7A9SUgqZyHi+I4efjy17K3WxqxO9DJY7iaqa2KJkJifdAZ/YNRzmiL9RO4NRnheF7vc0W9fF5Ih/r1nxwLwbjyOZwIToksEgot1C2wfJpc6ylObuTCL2+/KpYKh1NGjZHRdQtEHxAaRxPhK3WW/iKT1U1g04YluHyxdlo0fiEYXikndhbNassN7fVF27FL0uCBNv75D5W0+KlYpWlSaYnBMqXMLm2Aw5cgIQueCGzMPCZf5yapP8BZUzBrURxYOiEbPPrLDzQZnSVfGDJJ9qBMBpDgtFE7fQVp11HUwwdps4bgrn1f0uTjf9G08eFTRV9jKKrhKnBZFRqNpiM97n5w+YuzTVwV4RcgXIqanZbd0q6lstQo6Ls9sg46yUQUmage6PWf/OBRdCU+1Rk0ve7uPYHATAP0gOu4HuEYbGU9Nz0BRQfGf/+Hf5xqJp1O1MzMMXpCn5kDhqZuNJRuHN26dVgk9EgviLsYSyeHJaG/yYpk3ZtRiTQU/fOKbaX8lpgCON/0UKS1rCPrf9ub1+rsZGQOYtJOGbnXulTcY8mcb//7SXTPJxPsgA51d+yZ6EgjQLc1G1E2HWzWNLSjSkd4vICoSqgM1uCecF+uacE9u9qlqaugRqT6LH65Nw6RCOlvmyJjzNh9R2xmjOqewz0QPzeojuF0DqxHmJfgyLqhv3bUrdoo3ESQ1yJPwl9srHejn0vK8MPdKB6GOocYg/Gh4fNGqxNXTG9Kz0sAw90qKByA4AfYPH7/7sscsHg+Mr3o0Ih5AJsJ9/JUBdhqMEYAVOC9kEMNgu+5HXY1aO7CfTCD/T+EuI8qYg3Dj9yVt1G0fXmCor+u7ETD2Sq8coiYJ03uCEsNqOLvCyUmZOlcBt2ZwWeNGhWokgEm9ybXQFjLhBTQ4qNrFww70oQk7Utxxgsdq/X/TWeBKWZwXDYxwiEs0mANp+YuvrDd/IrMHinThFP5wMoMG+mGapdX8uEGu6PByfd3kwzdVLPRA/dE/qxJEvVX1U8kthcxlhR3KZtmGvBDu6RZjldNVEGkjN8k8eOxMuCdiyPHRhBFHVEhEOvxkrmPtwGURFdY/7sgCXW8wYSYxmQkOzbi+6qymtcPOGxpDPHlN6ValdZih1QCotonxTF+cFVc9i41v5/VeQ9g283ujbr9P0+gqwt89mdZjG3fLPWgp4sNf9FUKo5/oHz2wkFqkdwpakNxB6KEOFIi7KgW2QP862z40waTW8/t8U6PsaYPGt2yLyssx0rHJunI0DgpxvB3FatR7EzU4xedcvribCKkX744p+iaDtIavvmVdiAPyvdZFun8fHatWK6gB9S6asrfRAK0y0yEcAU0PuLeA+h4a5VqFaRiqRxKH4sGEaYM8bsXuZPzpDeCCq1UAiaqAELGt3DFLB0OpbO3mS4ilL9kw9P/cvz/wX/nghiPRvj6Mm9qeonm/PBBfNmsnJeidGNCP3ZUD1iFkMxNIaA3oXayXwBd4+2FwY6m/jT8Gx0YseOZ4uoAiZnOBY6rrex/1pzMH/si696NtbUzw5d0RShZ13zS5LAw76QrZDsCK0YkFOnJm3Rcf6CfNDe1Efv+rTmsGwgT3tgWXp3UEeidTFrgaeMAFIfIsjKy1BSbx9ALhmORjfafEJLmZko06TWOr6fNWHIg/gWFkdFv2KmPy6/3xrqJm4vHbWdGnRSjEgnRVDZGwqTJEv35JO+CV7K78uU14VzUakgU7thEgS00hquoysOeK6Ibw3xun4NljPdb8++8u0kFXtjjFfNjpkzF82hfzurSbeF1NCPOxsP2og9xRCCmLFPcYvuHgjGGbx997lOnffoC3rfmKKnwKe40ugD6P2/+k/KKkzU1Dao+Tz/a2at69iLNLbrn8sVjFaBRadWV8eacl/kdw9f4vTNaqj4oCzqtJRKV4GDTbSwqjAi5HKI2ZjKw4KSLDnNxU7KoAZ0FBK99MBsRjN7lG/Gfm/ymF86S91Jh3z8O/FUFoi0EK+V2Z5B9vk=</xenc:CipherValue> </xenc:CipherData> </xenc:EncryptedData> </trust:RequestedSecurityToken> <trust:RequestedAttachedReference> <o:SecurityTokenReference xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> <o:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID">_a4e312b7-af54-4623-9c36-9d1da05b16de</o:KeyIdentifier> </o:SecurityTokenReference> </trust:RequestedAttachedReference> <trust:RequestedUnattachedReference> <o:SecurityTokenReference xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> <o:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID">_a4e312b7-af54-4623-9c36-9d1da05b16de</o:KeyIdentifier> </o:SecurityTokenReference> </trust:RequestedUnattachedReference> <trust:TokenType>urn:oasis:names:tc:SAML:1.0:assertion</trust:TokenType> <trust:RequestType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue</trust:RequestType> <trust:KeyType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Bearer</trust:KeyType> </trust:RequestSecurityTokenResponse> </trust:RequestSecurityTokenResponseCollection> </wresult> <wctx>rm=0&id=passive&ru=%2fPassiveRedirectBasedClaimsAwareWebApp%2fdefault.aspx</wctx> </WSFederationMessage> </WSFederationMessageTraceRecord> </TraceRecord> </DataItem> </TraceData> </ApplicationData> </E2ETraceEvent>

Exceptions

Les exceptions WIF sont des traces avec une pile complète. Exemple de trace Exception :

<E2ETraceEvent xmlns="https://schemas.microsoft.com/2004/06/E2ETraceEvent">

  <System xmlns="https://schemas.microsoft.com/2004/06/windows/eventlog/system"> <EventID>8</EventID> <Type>3</Type> <SubType Name="Error">0</SubType> <Level>2</Level> <TimeCreated SystemTime="2009-08-28T01:04:27.2624325Z" /> <Source Name="Microsoft.IdentityModel" /> <Correlation ActivityID="{00000000-0000-0000-0000-000000000000}" /> <Execution ProcessName="ActiveStsExample.vshost" ProcessID="8908" ThreadID="11" /> <Channel/> <Computer>MyComputer</Computer> </System>

  <ApplicationData> <TraceData> <DataItem> <TraceRecord xmlns="https://schemas.microsoft.com/2009/10/IdentityModel/TraceRecord" Severity="Error">

          <Description>Exception gérée.</Description>

          <AppDomain>ActiveStsExample.vshost.exe</AppDomain>

          <Exception>

            <ExceptionType>System.Security.AccessControl.PrivilegeNotHeldException, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</ExceptionType>

            <Message>Le processus ne dispose pas de l'autorisation « SeTcbPrivilege » requise pour cette opération.</Message>

            <StackTrace> at Microsoft.IdentityModel.Privilege.EnableTokenPrivilege(SafeCloseHandle threadToken) at Microsoft.IdentityModel.Privilege.Enable() at Microsoft.IdentityModel.Tokens.X509SecurityTokenHandler.KerberosCertificateLogon(X509Certificate2 certificate) at Microsoft.IdentityModel.Claims.WindowsClaimsIdentity.CertificateLogon(X509Certificate2 x509Certificate) at Microsoft.IdentityModel.Claims.WindowsClaimsIdentity.CreateFromCertificate(X509Certificate2 certificate, Boolean useWindowsTokenService) at Microsoft.IdentityModel.Tokens.X509SecurityTokenHandler.ValidateToken(SecurityToken token) at Microsoft.IdentityModel.Tokens.WrappedX509SecurityTokenAuthenticator.ValidateTokenCore(SecurityToken token) at System.IdentityModel.Selectors.SecurityTokenAuthenticator.ValidateToken(SecurityToken token) at System.ServiceModel.Security.TlsnegoTokenAuthenticator.ValidateSspiNegotiation(ISspiNegotiation sspiNegotiation) at System.ServiceModel.Security.SspiNegotiationTokenAuthenticator.ProcessNegotiation(SspiNegotiationTokenAuthenticatorState negotiationState, Message incomingMessage, BinaryNegotiation incomingNego) at System.ServiceModel.Security.NegotiationTokenAuthenticator`1.ProcessRequestCore(Message request) at System.ServiceModel.Security.NegotiationTokenAuthenticator`1.NegotiationHost.NegotiationSyncInvoker.Invoke(Object instance, Object[] inputs, Object[]&amp;amp; outputs) at System.ServiceModel.Dispatcher.DispatchOperationRuntime.InvokeBegin(MessageRpc&amp;amp; rpc) at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage5(MessageRpc&amp;amp; rpc) at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage4(MessageRpc&amp;amp; rpc) at System.ServiceModel.Dispatcher.MessageRpc.Process(Boolean isOperationContextSet) at System.ServiceModel.Dispatcher.ChannelHandler.DispatchAndReleasePump(RequestContext request, Boolean cleanThread, OperationContext currentOperationContext) at System.ServiceModel.Dispatcher.ChannelHandler.HandleRequest(RequestContext request, OperationContext currentOperationContext) at System.ServiceModel.Dispatcher.ChannelHandler.AsyncMessagePump(IAsyncResult result) at System.ServiceModel.Diagnostics.Utility.AsyncThunk.UnhandledExceptionFrame(IAsyncResult result) at System.ServiceModel.AsyncResult.Complete(Boolean completedSynchronously) at System.ServiceModel.Channels.InputQueue`1.AsyncQueueReader.Set(Item item) at System.ServiceModel.Channels.InputQueue`1.Dispatch() at System.ServiceModel.Channels.InputQueue`1.OnDispatchCallback(Object state) at System.ServiceModel.Channels.IOThreadScheduler.CriticalHelper.WorkItem.Invoke2() at System.Security.SecurityContext.Run(SecurityContext securityContext, ContextCallback callback, Object state) at System.ServiceModel.Channels.IOThreadScheduler.CriticalHelper.WorkItem.Invoke() at System.ServiceModel.Channels.IOThreadScheduler.CriticalHelper.ProcessCallbacks() at System.ServiceModel.Channels.IOThreadScheduler.CriticalHelper.CompletionCallback(Object state) at System.ServiceModel.Channels.IOThreadScheduler.CriticalHelper.ScheduledOverlapped.IOCallback(UInt32 errorCode, UInt32 numBytes, NativeOverlapped* nativeOverlapped) at System.ServiceModel.Diagnostics.Utility.IOCompletionThunk.UnhandledExceptionFrame(UInt32 error, UInt32 bytesRead, NativeOverlapped* nativeOverlapped) at System.Threading._IOCompletionCallback.PerformIOCompletionCallback(UInt32 errorCode, UInt32 numBytes, NativeOverlapped* pOVERLAP) </StackTrace>

            <ExceptionString>System.Security.AccessControl.PrivilegeNotHeldException : le processus ne dispose pas de l'autorisation « SeTcbPrivilege » requise pour cette opération.</ExceptionString>

          </Exception> </TraceRecord> </DataItem> </TraceData> </ApplicationData>

</E2ETraceEvent>

AppDomain Unloading

Le déchargement AppDomain est suivi dans WIF. Exemple de trace AppDomain Unloading :

<E2ETraceEvent xmlns="https://schemas.microsoft.com/2004/06/E2ETraceEvent">

  <System xmlns="https://schemas.microsoft.com/2004/06/windows/eventlog/system"> <EventID>2</EventID> <Type>3</Type> <SubType Name="Information">0</SubType> <Level>8</Level> <TimeCreated SystemTime="2009-08-28T01:04:44.0647095Z" /> <Source Name="Microsoft.IdentityModel" /> <Correlation ActivityID="{00000000-0000-0000-0000-000000000000}" /> <Execution ProcessName="ActiveStsExample.vshost" ProcessID="8908" ThreadID="2" /> <Channel/> <Computer>MyComputer</Computer> </System>

  <ApplicationData> <TraceData> <DataItem> <TraceRecord xmlns="https://schemas.microsoft.com/2009/10/IdentityModel/TraceRecord" Severity="Information">

          <Description>Déchargement AppDomain.</Description>

          <AppDomain>ActiveStsExample.vshost.exe</AppDomain>

          <AppDomain.FriendlyName>ActiveStsExample.vshost.exe</AppDomain.FriendlyName>

          <ProcessName>ActiveStsExample.vshost</ProcessName>

          <ProcessId>8908</ProcessId>

        </TraceRecord> </DataItem> </TraceData> </ApplicationData>

</E2ETraceEvent>

Suivi et applications de partie de confiance

Le diagramme suivant illustre les traces qui correspondent aux événements dans le pipeline de l'application de la partie de confiance.

Suivi RP