[Saml-admins] ADFSToolkit 2.2.1

Hej Jag har problem efter uppdatering till ADFS toolkit 2.2.1. Den kan ju släppa det nya attributet ”pairwise-id” men det nyttjar ett AD attribut norEduPersonLIN som vi inte har enligt nedan <attribute type="urn:oasis:names:tc:SAML:attribute:pairwise-id" name="norEduPersonLIN" store="Active Directory"><file:///C:/ADFSToolkit/config/institution/config.SWAMID.xml><transformvalue adfstkstorefunction="pairwiseid"/></attribute> Vi borde kunna använda något annat unikt som tex objectGUID eller? Jag har också problem på en av två servrar att den klagar på att ADFSTkStore inte är registrerad. Jag får tre event i ADFS eventlog enligt följande: EventID 111 ------------- The Federation Service encountered an error while processing the WS-Trust request. Request type: http://schemas.microsoft.com/idfx/requesttype/issue Additional Data Exception details: Microsoft.IdentityServer.ClaimsPolicy.Language.PolicyEvaluationException: POLICY0017: Attribute store 'ADFSTkStore' is not configured. at Microsoft.IdentityModel.Threading.AsyncResult.End(IAsyncResult result) at Microsoft.IdentityModel.Threading.TypedAsyncResult`1.End(IAsyncResult result) at Microsoft.IdentityServer.Web.WSTrust.SecurityTokenServiceManager.Issue(RequestSecurityToken request, IList`1& identityClaimSet, List`1 additionalClaims) EventID 303 The Federation Service encountered an error while processing the SAML authentication request. Additional Data Exception details: Microsoft.IdentityServer.ClaimsPolicy.Language.PolicyEvaluationException: POLICY0017: Attribute store 'ADFSTkStore' is not configured. at Microsoft.IdentityModel.Threading.AsyncResult.End(IAsyncResult result) at Microsoft.IdentityModel.Threading.TypedAsyncResult`1.End(IAsyncResult result) at Microsoft.IdentityServer.Web.WSTrust.SecurityTokenServiceManager.Issue(RequestSecurityToken request, IList`1& identityClaimSet, List`1 additionalClaims) at Microsoft.IdentityServer.Web.WSTrust.SecurityTokenServiceManager.Issue(RequestSecurityToken request, List`1 additionalClaims) at Microsoft.IdentityServer.Web.Protocols.Saml.SamlProtocolManager.Issue(HttpSamlRequestMessage httpSamlRequestMessage, SecurityTokenElement onBehalfOf, String sessionState, String relayState, String& newSamlSession, String& samlpAuthenticationProvider, Boolean isUrlTranslationNeeded, WrappedHttpListenerContext context, Boolean isKmsiRequested) EventID 365 ------------- Encountered error during federation passive request. Additional Data Protocol Name: Saml Relying Party: https://service.projectplace.com/saml/metadata.xml Exception details: Microsoft.IdentityServer.ClaimsPolicy.Language.PolicyEvaluationException: POLICY0017: Attribute store 'ADFSTkStore' is not configured. at Microsoft.IdentityModel.Threading.AsyncResult.End(IAsyncResult result) at Microsoft.IdentityModel.Threading.TypedAsyncResult`1.End(IAsyncResult result) at Microsoft.IdentityServer.Web.WSTrust.SecurityTokenServiceManager.Issue(RequestSecurityToken request, IList`1& identityClaimSet, List`1 additionalClaims) at Microsoft.IdentityServer.Web.WSTrust.SecurityTokenServiceManager.Issue(RequestSecurityToken request, List`1 additionalClaims) at Microsoft.IdentityServer.Web.Protocols.Saml.SamlProtocolManager.Issue(HttpSamlRequestMessage httpSamlRequestMessage, SecurityTokenElement onBehalfOf, String sessionState, String relayState, String& newSamlSession, String& samlpAuthenticationProvider, Boolean isUrlTranslationNeeded, WrappedHttpListenerContext context, Boolean isKmsiRequested) at Microsoft.IdentityServer.Web.Protocols.Saml.SamlProtocolHandler.RequestBearerToken(WrappedHttpListenerContext context, HttpSamlRequestMessage httpSamlRequest, SecurityTokenElement onBehalfOf, String relyingPartyIdentifier, Boolean isKmsiRequested, Boolean isApplicationProxyTokenRequired, String& samlpSessionState, String& samlpAuthenticationProvider) at Microsoft.IdentityServer.Web.Protocols.Saml.SamlProtocolHandler.BuildSignInResponseCoreWithSerializedToken(HttpSamlRequestMessage httpSamlRequest, WrappedHttpListenerContext context, String relyingPartyIdentifier, SecurityTokenElement signOnTokenElement, Boolean isKmsiRequested, Boolean isApplicationProxyTokenRequired) at Microsoft.IdentityServer.Web.Protocols.Saml.SamlProtocolHandler.BuildSignInResponseCoreWithSecurityToken(SamlSignInContext context, SecurityToken securityToken, SecurityToken deviceSecurityToken) at Microsoft.IdentityServer.Web.Protocols.Saml.SamlProtocolHandler.Process(ProtocolContext context) at Microsoft.IdentityServer.Web.PassiveProtocolListener.ProcessProtocolRequest(ProtocolContext protocolContext, PassiveProtocolHandler protocolHandler) at Microsoft.IdentityServer.Web.PassiveProtocolListener.OnGetContext(WrappedHttpListenerContext context) Ovan har jag enbart set på den sekundära server. Allt verkar ok, dll finns i c:\windows\adfs och PS C:\Windows\system32> Get-ADFSTkStore ADFSTkStore IS installed! Installed Dll version is: 1.0.0.0 Dll version included in ADFSToolkit is: 1.0.0.0 PS C:\Windows\system32> Mvh Anders Persson Systemarkitekt Ekonomi och verksamhetsstöd - EoV IT D: +46 10 516 56 48 |  V: +46 10 516 50 00 anders.persson@ri.se<mailto:anders.persson@ri.se> RISE Research Institutes of Sweden | ri.se<http://ri.se/> Brinellgatan 4 | Box 857, SE-501 15 Borås