https://sharepoint.stackexchange.com//questions/50576
-
09-12-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian题
我对索赔的了解是薄弱的,所以如果某些东西没有意义,请原谅我。
当我尝试使用索赔登录SharePoint站点时,我收到错误:
未知spRequest错误发生。更多信息。 0x80070005
是一种访问拒绝错误的理解。
fiddler在SSL隧道到提示期间静观我的连接,所以我没有来自Fiddler的线索。
我用来设置提示的命令如下:
$cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2
("C:\myCert.pem")
New-SPTrustedRootAuthority -Name "Vordel Gateway Token Signing Root Authority"
-Certificate $cert
$map1 = New-SPClaimTypeMapping
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
-IncomingClaimTypeDisplayName "EmailAddress" -SameAsIncoming
$realm = "urn:myRealm.com"
$signinurl = "https://mySigninURL/sharepointSSO"
$ap = New-SPTrustedIdentityTokenIssuer -Name "Vordel" -Description
"Vordel Gateway Issuing SAML Token" -Realm $realm -ImportTrustCertificate
$cert -ClaimsMappings $map1 -SignInUrl $signinurl
-IdentifierClaim $map1.InputClaimType
在设置CERT后,我在Central Admin中检查|安全|管理信托和证书在那里。
我确保门户超级读者和超级用户帐户应用了适当的Web应用程序用户策略。然后我运行以下PowerShell:
$wa = Get-SPWebApplication -Identity "http://serverName"
$wa.Properties["portalsuperuseraccount"] = "i:0#.w|MyDomain\mySU"
$wa.Properties["portalsuperreaderaccount"] = "i:0#.w|MyDomain\mySR"
$wa.Update()
当我分配网站的权限时,我可以搜索通过提示的用户,所以我知道我可以击中提供商。
我知道我可以看到尖端返回的XML,所有索赔信息都是如此。一旦索赔重定向到SharePoint,就会发生错误。
解决方案
It turned out that I did not have all the certificates in the chain and the Vordel Gateway was not pointing back to the correct location. The guys at Vordel were very helpful in fixing this issue!
