消息: ID4223: SamlSecurityToken被拒绝,因为SamlAssertion.NotOnOrAfter条件不满足
消息: ID4223: SamlSecurityToken被拒绝,因为SamlAssertion.NotOnOrAfter条件不满足
提问于 2015-02-21 07:49:23
在我们的环境中有两个Web服务器,一个SQL服务器和四个ADFS服务器。
SQL Server时间: 5.50:48 AM两台web服务器时间: 5.50:47 AM
请从错误日志中找到以下两个错误
Error1:
2015-02-16 00:21:02,781 [62] ERROR Default [(null)] - An application error has occurred for the path, '/'
2015-02-16 00:21:02,797 [62] ERROR xxxx.Portal.Data.ErrorReporting.ErrorReporter [(null)] -
Email Address: No Email Address
Application Name: 'myApplication'
Machine Name: 'WebServer2'
Web request details:
UserAgent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_3 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B466 Safari/600.1.4
UserIdentifierCookieValue: ccc.vvv@domain.com
Referrer: https://sts.company.com/adfs/ls/?wa=wsignin1.0&wtrealm=https://xxxx.com/&wctx=rm=0&id=passive&ru=%252f&wct=2015-02-15T15:13:25Z
ApplicationPath: http://xxxx:8443/
Cookies:
__utma: 244632730.1211980567.1420546841.1423835767.1423940503.28
__utmc: 244632730
__utmv: 244632730.|1=userIdentifier=68EV%2F7agw0ewsPGC4eC5e9o4JGfDVxCQNrb4BPZrQ4pdB%2BC1OabuUdvr8aJhI9yV=1^2=culture=en=1^3=platform=mobile=1
__utmz: 244632730.1423940503.28.13.utmcsr=xxxx.com|utmccn=(referral)|utmcmd=referral|utmcct=/login.jspa
_ga: GA1.2.1211980567.1420546841
s_fid: 3FB00DAEBC126B0D-0A2E60498B449CE3
Error Message:
=================
Exception Level 1
=================
Message: ID4223: The SamlSecurityToken is rejected because the SamlAssertion.NotOnOrAfter condition is not satisfied.
NotOnOrAfter: '2/15/2015 4:13:27 PM'
Current time: '2/16/2015 12:21:02 AM'
Data: System.Collections.ListDictionaryInternal
InnerException:
TargetSite:
System.Collections.ObjectModel.ReadOnlyCollection`1[System.Security.Claims.ClaimsIdentity] ValidateToken(System.IdentityModel.Tokens.SecurityToken)
StackTrace: at System.IdentityModel.Tokens.SamlSecurityTokenHandler.ValidateToken(SecurityToken token)
at System.IdentityModel.Tokens.SecurityTokenHandlerCollection.ValidateToken(SecurityToken token)
at System.IdentityModel.Services.TokenReceiver.AuthenticateToken(SecurityToken token, Boolean ensureBearerToken, String endpointUri)
at System.IdentityModel.Services.WSFederationAuthenticationModule.SignInWithResponseMessage(HttpRequestBase request)
at System.IdentityModel.Services.WSFederationAuthenticationModule.OnAuthenticateRequest(Object sender, EventArgs args)
at System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
HelpLink:
Source: System.IdentityModel
HResult: -2146233087错误2:
2015-02-16 18:49:33,958 [71] ERROR Default [(null)] - An application error has occurred for the path, '/adfs/ls/'
2015-02-16 19:04:06,837 [54] ERROR Default [(null)] - An application error has occurred for the path, '/robots.txt'
2015-02-16 19:06:35,073 [40] ERROR Default [(null)] - An application error has occurred for the path, '/Microsoft-Server-ActiveSync'
2015-02-16 20:17:08,206 [71] ERROR Default [(null)] - An application error has occurred for the path, '/'
2015-02-16 20:17:08,206 [71] ERROR xxxx.Portal.Data.ErrorReporting.ErrorReporter [(null)] -
Email Address: No Email Address
Application Name: 'myApplication'
Machine Name: 'LO3WPMCLDWEB-4'
Web request details:
UserAgent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36
UserIdentifierCookieValue: ccc.ccc@xxxx.com
Referrer: https://xxxx.com/
ApplicationPath: http://xxxx.com:8443/
Cookies:
s_lv: 1392756755323
_ga: GA1.2.1507533975.1386273074
culture: fr
isSecurityQuestionsOrMobileRegCompleted: false
__utmt: 1
__utma: 244632730.1507533975.1386273074.1424095469.1424095486.535
__utmb: 244632730.13.9.1424117305533
__utmc: 244632730
__utmz: 244632730.1420813097.491.138.utmcsr=sts.xxxx.com|utmccn=(referral)|utmcmd=referral|utmcct=/adfs/ls/
__utmv: 244632730.|1=userIdentifier=7VQPgIcPH0ILdF%2BhUhB5udT08W6f2eDNGFq4Bs986NbeMnlT1RNBTduLchAQo9evy7TMuNHcJN6k60H7wAVzyRcuBj4wIipxzNlfeV1qBlk=1^2=culture=fr=1^3=platform=premium=1
Error Message:
=================
Exception Level 1
=================
Message: ID4223: The SamlSecurityToken is rejected because the SamlAssertion.NotOnOrAfter condition is not satisfied.
NotOnOrAfter: '2/16/2015 3:04:41 PM'
Current time: '2/16/2015 8:17:08 PM'
Data: System.Collections.ListDictionaryInternal
InnerException:
TargetSite:
System.Collections.ObjectModel.ReadOnlyCollection`1[System.Security.Claims.ClaimsIdentity] ValidateToken(System.IdentityModel.Tokens.SecurityToken)
StackTrace: at System.IdentityModel.Tokens.SamlSecurityTokenHandler.ValidateToken(SecurityToken token)
at System.IdentityModel.Tokens.SecurityTokenHandlerCollection.ValidateToken(SecurityToken token)
at System.IdentityModel.Services.TokenReceiver.AuthenticateToken(SecurityToken token, Boolean ensureBearerToken, String endpointUri)
at System.IdentityModel.Services.WSFederationAuthenticationModule.SignInWithResponseMessage(HttpRequestBase request)
at System.IdentityModel.Services.WSFederationAuthenticationModule.OnAuthenticateRequest(Object sender, EventArgs args)
at System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
HelpLink:
Source: System.IdentityModel
HResult: -2146233087发生上述错误是因为ADFS和Web的时间没有正确同步吗?(http://www.sharepointpals.com/post/ID4223-The-SamlSecurityToken-is-rejected-because-the-SamlAssertionNotOnOrAfter-Condition-is-not-satisfied-SharePoint-2013-with-ADFS)
或者,如果出现错误登录,是否需要删除会话令牌cookie?(How to avoid 'SamlAssertion.NotOnOrAfter condition is not satisfied' errors)
请提供步骤,如何重新创建'NotOnOrAfter‘错误?
回答 1
Stack Overflow用户
发布于 2015-02-22 18:24:34
SAML令牌本身显然是在一段时间前发布的,现在已经超过了它的生命周期。因此,发出SAML令牌的服务器上的时间已经结束,或者您正在使用先前获得的SAML断言,该断言不再有效,应该先得到一个新的断言。
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/28643476
复制相关文章
相似问题
腾讯云开发者
