1. 首页
  2. 问答
  3. 使用ADFS将BizTalk 2013 WCF连接到Microsoft CRM 2011的问题

使用ADFS将BizTalk 2013 WCF连接到Microsoft CRM 2011的问题

2014-09-12 85 views
1

我尝试使用WCF从BizTalk 2013连接到Microsoft CRM 2011实例。 CRM实例使用基于ADFS的安全性和基本的“域/用户”“密码”安全性。 OrganizationService在WSDL中具有以下策略。使用ADFS将BizTalk 2013 WCF连接到Microsoft CRM 2011的问题

<wsp:Policy wsu:Id="CustomBinding_IOrganizationService_policy"> 
    <wsp:ExactlyOne> 
    <wsp:All> 
     <ms-xrm:AuthenticationPolicy xmlns:ms-xrm="http://schemas.microsoft.com/xrm/2011/Contracts/Services"> 
     <ms-xrm:Authentication>Federation</ms-xrm:Authentication> 
     <ms-xrm:SecureTokenService> 
      <ms-xrm:Identifier>http://example.com/adfs/services/trust</ms-xrm:Identifier> 
     </ms-xrm:SecureTokenService> 
     </ms-xrm:AuthenticationPolicy> 
     <sp:TransportBinding xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"> 
     <wsp:Policy> 
      <sp:TransportToken> 
      <wsp:Policy> 
       <sp:HttpsToken/> 
      </wsp:Policy> 
      </sp:TransportToken> 
      <sp:AlgorithmSuite> 
      <wsp:Policy> 
       <sp:Basic256/> 
      </wsp:Policy> 
      </sp:AlgorithmSuite> 
      <sp:Layout> 
      <wsp:Policy> 
       <sp:Strict/> 
      </wsp:Policy> 
      </sp:Layout> 
      <sp:IncludeTimestamp/> 
     </wsp:Policy> 
     </sp:TransportBinding> 
     <sp:EndorsingSupportingTokens xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"> 
     <wsp:Policy> 
      <sp:IssuedToken sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient"> 
      <Issuer xmlns="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"> 
       <Address xmlns="http://www.w3.org/2005/08/addressing">http://www.w3.org/2005/08/addressing/anonymous</Address> 
       <Metadata xmlns="http://www.w3.org/2005/08/addressing"> 
       <Metadata xmlns="http://schemas.xmlsoap.org/ws/2004/09/mex" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> 
        <wsx:MetadataSection xmlns=""> 
        <wsx:MetadataReference> 
         <Address xmlns="http://www.w3.org/2005/08/addressing"> 
         https://example.com/adfs/services/trust/mex 
         </Address> 
        </wsx:MetadataReference> 
        </wsx:MetadataSection> 
       </Metadata> 
       </Metadata> 
      </Issuer> 
      <sp:RequestSecurityTokenTemplate> 
       <trust:KeyType xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512"> 
       http://docs.oasis-open.org/ws-sx/ws-trust/200512/SymmetricKey 
       </trust:KeyType> 
       <trust:KeySize xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">256</trust:KeySize> 
       <trust:Claims xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512" Dialect="http://schemas.xmlsoap.org/ws/2005/05/identity"> 
       <wsid:ClaimType xmlns:wsid="http://schemas.xmlsoap.org/ws/2005/05/identity" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn"/> 
       </trust:Claims> 
       <trust:KeyWrapAlgorithm xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p</trust:KeyWrapAlgorithm> 
       <trust:EncryptWith xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">http://www.w3.org/2001/04/xmlenc#aes256-cbc</trust:EncryptWith> 
       <trust:SignWith xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">http://www.w3.org/2000/09/xmldsig#hmac-sha1</trust:SignWith> 
       <trust:CanonicalizationAlgorithm xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">http://www.w3.org/2001/10/xml-exc-c14n#</trust:CanonicalizationAlgorithm> 
       <trust:EncryptionAlgorithm xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">http://www.w3.org/2001/04/xmlenc#aes256-cbc</trust:EncryptionAlgorithm> 
      </sp:RequestSecurityTokenTemplate> 
      <wsp:Policy> 
       <sp:RequireInternalReference/> 
      </wsp:Policy> 
      </sp:IssuedToken> 
     </wsp:Policy> 
     </sp:EndorsingSupportingTokens> 
    </wsp:All> 
    </wsp:ExactlyOne> 
</wsp:Policy>

我已经设置了以下客户端配置:

<binding name="ws2007FederationHttpBinding"> 
    <security mode="TransportWithMessageCredential"> 
    <message> 
     <issuer address="https://adfs20.example.com/adfs/services/trust/2005/usernamemixed" 
     binding="wsHttpBinding" 
     bindingConfiguration="stsBinding" /> 
     <issuerMetadata address="https://adfs20.example.com/adfs/services/trust/mex" /> 
    </message> 
    </security> 
    </binding>

和引用此为ADFS特定通信

<wsHttpBinding> 
    <clear /> 
    <binding name="stsBinding"> 
    <security mode="TransportWithMessageCredential"> 
     <transport clientCredentialType="None"/> 
     <message clientCredentialType="UserName" establishSecurityContext="false"/> 
    </security> 
    </binding> 
</wsHttpBinding>

当我尝试使用它,我得到了收到以下错误消息

A message sent to adapter "WCF-Custom" on send port "SendPort6" with URI "https://crm-test.example.com/XRMServices/2011/Organization.svc" is suspended. 
Error details: System.ServiceModel.FaultException: MSIS3127: The specified request failed. 

Server stack trace: 
    at System.ServiceModel.Security.IssuanceTokenProviderBase`1.DoNegotiation(TimeSpan timeout) 
    at System.ServiceModel.Security.IssuanceTokenProviderBase`1.GetTokenCore(TimeSpan timeout) 
    at System.IdentityModel.Selectors.SecurityTokenProvider.GetToken(TimeSpan timeout) 
    at System.ServiceModel.Security.Tokens.IssuedSecurityTokenProvider.GetTokenCore(TimeSpan timeout) 
    at System.IdentityModel.Selectors.SecurityTokenProvider.GetToken(TimeSpan timeout) 
    at System.ServiceModel.Security.SecurityProtocol.TryGetSupportingTokens(SecurityProtocolFactory factory, EndpointAddress target, Uri via, Message message, TimeSpan timeout, Boolean isBlockingCall, IList`1& supportingTokens) 
    at System.ServiceModel.Security.TransportSecurityProtocol.SecureOutgoingMessageAtInitiator(Message& message, String actor, TimeSpan timeout) 
    at System.ServiceModel.Security.TransportSecurityProtocol.SecureOutgoingMessage(Message& message, TimeSpan timeout) 
    at System.ServiceModel.Security.SecurityProtocol.SecureOutgoingMessage(Message& message, TimeSpan timeout, SecurityProtocolCorrelationState correlationState) 
    at System.ServiceModel.Channels.SecurityChannelFactory`1.SecurityRequestChannel.Request(Message message, TimeSpan timeout) 
    at System.ServiceModel.Security.SecuritySessionSecurityTokenProvider.DoOperation(SecuritySessionOperation operation, EndpointAddress target, Uri via, SecurityToken currentToken, TimeSpan timeout) 
    at System.ServiceModel.Security.SecuritySessionSecurityTokenProvider.GetTokenCore(TimeSpan timeout) 
    at System.IdentityModel.Selectors.SecurityTokenProvider.GetToken(TimeSpan timeout) 
    at System.ServiceModel.Security.SecuritySessionClientSettings`1.ClientSecuritySessionChannel.OnOpen(TimeSpan timeout) 
    at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout) 
    at System.ServiceModel.Channels.ServiceChannel.OnOpen(TimeSpan timeout) 
    at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout) 
    at System.ServiceModel.Channels.CommunicationObject.Open() 

Exception rethrown at [0]: 
    at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg) 
    at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type) 
    at System.ServiceModel.ICommunicationObject.Open() 
    at Microsoft.BizTalk.Adapter.Wcf.Runtime.WcfClient`2.GetChannel[TChannel](IBaseMessage bizTalkMessage, ChannelFactory`1& cachedFactory) 
    at Microsoft.BizTalk.Adapter.Wcf.Runtime.WcfClient`2.SendMessage(IBaseMessage bizTalkMessage) 
MessageId: {0A8D8BB1-0838-43AF-B3A1-D63D432C22AA} 
InstanceID: {B57B4979-2187-4CF7-8115-4D65B3952982}

我错过了什么?

来源

2014-09-12 Riri

+0

你是如何为此生成绑定的? – Daryl 2015-10-12 18:05:24

回答

1

我通过改变ws2007HttpBinding adfs的具体通信得到了这个工作。并在与CRM服务进行最终通信时设置消息安全性establishSecurityContext="false"

来源

2014-09-14 15:03:57 Riri

+0

添加了一些信息,我如何解决这个[这里](http://blog.ibiz-solutions.se/integration/calling-an-on-premise-microsoft-dynamics-crm-using-biztalk-and-active-directory -federated-安全ADFS /) – Riri 2014-10-16 08:49:24

相关问题

 相关问题