通过

Exchange Server 结合 ADFS 认证

Yi Ding 0 信誉分
2024-12-12T02:56:27.4766667+00:00

我想实现本地ADFS结合Exchange Server做认证,执行下面的命令时,发现有个报错。

Error Log:

New-AuthServer -Type ADFS -Name "ADFS" -AuthMetadataUrl "[https://adfs.contoso.com/FederationMetadata/2007-06/FederationMetadata.xml](https://adfs.gticloud.net/FederationMetadata/2007-06/FederationMetadata.xml)" Cannot parse auth metadata document.     + CategoryInfo          : ParserError: (:) [New-AuthServer], AuthMetadataParserException     + FullyQualifiedErrorId : [Server=GTICLOUDEX01,RequestId=98eb32e0-4d6d-4611-9d70-298d44f166d6,TimeStamp=12/12/2024     2:26:52 AM] [FailureCategory=Cmdlet-AuthMetadataParserException] 86DC3458,Microsoft.Exchange.Management.SystemCon   figurationTasks.NewAuthServer     + PSComputerName        : ex01.contoso.loc


Event Data:
New-AuthServer 
   -Name "ADFS" -AuthMetadataUrl "https://adfs.contoso.com/FederationMetadata/2007-06/FederationMetadata.xml" 
   contoso.loc/Users/Administrator 
   S-1-5-21-2947567274-3808396453-1129989805-500 
   S-1-5-21-2947567274-3808396453-1129989805-500 
   Remote-ManagementShell-Unknown 
   18312 w3wp#MSExchangePowerShellAppPool 
   58 
   00:00:00.0060087 
   View Entire Forest: 'False', Default Scope: 'contoso.loc', Configuration Domain Controller: 'DC01.contoso.loc', Preferred Global Catalog: 'DC01.contoso.loc', Preferred Domain Controllers: '{ DC01.contoso.loc }' 
   Microsoft.Exchange.Data.Directory.AuthMetadataParserException: Cannot parse auth metadata document. ---> System.Security.Cryptography.CryptographicException: Digest verification failed for Reference '#_43d75a6a-851c-4501-943f-bfcd212158e4'. at System.IdentityModel.Reference.EnsureDigestValidityIfIdMatches(String id, Object resolvedXmlSource) at System.IdentityModel.StandardSignedInfo.EnsureDigestValidityIfIdMatches(String id, Object resolvedXmlSource) at System.IdentityModel.SignedInfo.EnsureDigestValidity(String id, Object resolvedXmlSource) at System.IdentityModel.EnvelopedSignatureReader.OnEndOfRootElement() at System.IdentityModel.EnvelopedSignatureReader.Read() at System.Xml.XmlReader.ReadEndElement() at System.IdentityModel.Metadata.MetadataSerializer.ReadEntityDescriptor(XmlReader inputReader, SecurityTokenResolver tokenResolver) at System.IdentityModel.Metadata.MetadataSerializer.ReadMetadataCore(XmlReader reader, SecurityTokenResolver tokenResolver) at System.IdentityModel.Metadata.MetadataSerializer.ReadMetadata(XmlReader reader, SecurityTokenResolver tokenResolver) at Microsoft.Exchange.Data.Directory.SystemConfiguration.AuthMetadataParser.GetWSFederationMetadata(String content) --- End of inner exception stack trace --- at Microsoft.Exchange.Configuration.Tasks.Task.ThrowError(Exception exception, ErrorCategory errorCategory, Object target, String helpUrl) at Microsoft.Exchange.Configuration.Tasks.Task.WriteError(Exception exception, ErrorCategory category, Object target) at Microsoft.Exchange.Management.SystemConfigurationTasks.OAuthTaskHelper.FetchAuthMetadata(String authMetadataUrl, Boolean trustSslCert, Boolean requireIssuingEndpoint, TaskWarningLoggingDelegate writeWarning, TaskErrorLoggingDelegate writeError) at Microsoft.Exchange.Management.SystemConfigurationTasks.OAuthTaskHelper.FetchAuthMetadata(AuthServer authServer, Boolean trustSslCert, Boolean updateIdRealm, TaskWarningLoggingDelegate writeWarning, TaskErrorLoggingDelegate writeError) at Microsoft.Exchange.Management.SystemConfigurationTasks.NewAuthServer.PrepareDataObject() at Microsoft.Exchange.Configuration.Tasks.SetTaskBase`1.InternalValidate() at Microsoft.Exchange.Configuration.Tasks.Task.<ProcessRecord>b__91_1() at Microsoft.Exchange.Configuration.Tasks.Task.InvokeRetryableFunc(String funcName, Action func, Boolean terminatePipelineIfFailed) 
   17 
   System.Security.Cryptography.CryptographicException: Digest verification failed for Reference '#_43d75a6a-851c-4501-943f-bfcd212158e4'. at System.IdentityModel.Reference.EnsureDigestValidityIfIdMatches(String id, Object resolvedXmlSource) at System.IdentityModel.StandardSignedInfo.EnsureDigestValidityIfIdMatches(String id, Object resolvedXmlSource) at System.IdentityModel.SignedInfo.EnsureDigestValidity(String id, Object resolvedXmlSource) at System.IdentityModel.EnvelopedSignatureReader.OnEndOfRootElement() at System.IdentityModel.EnvelopedSignatureReader.Read() at System.Xml.XmlReader.ReadEndElement() at System.IdentityModel.Metadata.MetadataSerializer.ReadEntityDescriptor(XmlReader inputReader, SecurityTokenResolver tokenResolver) at System.IdentityModel.Metadata.MetadataSerializer.ReadMetadataCore(XmlReader reader, SecurityTokenResolver tokenResolver) at System.IdentityModel.Metadata.MetadataSerializer.ReadMetadata(XmlReader reader, SecurityTokenResolver tokenResolver) at Microsoft.Exchange.Data.Directory.SystemConfiguration.AuthMetadataParser.GetWSFederationMetadata(String content) 
   False 
   0 objects execution has been proxied to remote server. 
   0 
   ActivityId: 98eb32e0-4d6d-4611-9d70-298d44f166d6 
   ServicePlan:;IsAdmin:True; 
   en-US

会是什么问题?

Exchange Server
Exchange Server
Microsoft 客户端/服务器消息传递和协作软件系列。
73 个问题
0 个注释

你的答案

问题作者可以将答案标记为“接受的答案”,这有助于用户了解已解决作者问题的答案。