Authentication against ADFS with WCF hosted on Windows service

问题

I have a wcf service that queries ADFS for SAML token. This is a common snippet from web to query ADFS and get back the SAML token. However it always ends up breaking at the line return channel.Issue(rst); . Error is ID3082: The request scope is not valid or is unsupported. At least at an high level i am not able to figure out whether the error is at the ADFS server end or with the way WCF service is configured or with code. Please help.

public SecurityToken GetSamlToken()
    {
            using (var factory = new WSTrustChannelFactory(
            new UserNameWSTrustBinding(SecurityMode.TransportWithMessageCredential),
            new EndpointAddress(new Uri("https://serv/adfs/services/trust/13/usernamemixed"))))
            {
            factory.Credentials.UserName.UserName = "username";
            factory.Credentials.UserName.Password = "password";
            factory.Credentials.ServiceCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.None;
            factory.TrustVersion = TrustVersion.WSTrust13;                
            WSTrustChannel channel = null;                
            try
            {
                string KeyType;
                var rst = new RequestSecurityToken
                              {
                                  RequestType = WSTrust13Constants.RequestTypes.Issue,
                                  AppliesTo = new EndpointAddress("net.tcp://localhost:xxxx/Service1/mex"),                         
                                  KeyType = Microsoft.IdentityModel.Protocols.WSTrust.WSTrust13Constants.KeyTypes.Bearer,                                        
                              };

                channel = (WSTrustChannel)factory.CreateChannel();

                return channel.Issue(rst);
            }
            finally
            {
                if (channel != null)
                {
                    channel.Abort();
                }

                factory.Abort();
            }
        }
    }

回答1:

The issue was with the

AppliesTo = new EndpointAddress("net.tcp://localhost:xxxx/Service1/mex")

I replaced it with a relying party uri and it issues me the token. The only issue here being the confusing error messages.

回答2:

The error is likely related to the configuration of the ADFS endpoint. The following article seems to provide a good overview of ADFS web service communication along with steps to resolve some issues:

http://msinnovations.wordpress.com/2011/03/28/some-tips-on-active-federation-with-adfs-2-0/

In order to obtain more information about where (and perhaps why) the error is occurring, you may want/need to configure WCF tracing/logging. The following link provides an overview:

http://msdn.microsoft.com/en-us/library/ms733025.aspx

Regards,

来源：https://stackoverflow.com/questions/19400693/authentication-against-adfs-with-wcf-hosted-on-windows-service