SAML SingleLogoutServices端点位置误差

Question

我试图找到一些文档或者这个错误我也遇到过帮助：

ID4453: The SAML service 'SingleLogoutServices' has endpoint with location or response location 'https://<server>/saml/' that is outside of application path '/SAML'. 

[InvalidOperationException: ID4453: The SAML service 'SingleLogoutServices' has endpoint with location or response location 'https://<server>/saml/' that is outside of application path '/SAML'.] 
Microsoft.IdentityModel.Web.Saml2AuthenticationModule.ValidatePathCasing(ServiceProviderSingleSignOnDescriptor serviceProviderDescriptor) +657 
Microsoft.IdentityModel.Web.Saml2AuthenticationModule.ReadSelfMetadata(Stream stream, String fileName, String& entityId, EndpointConfiguration& endpointConfiguration, Boolean& signAuthenticationRequests, X509Certificate2& signingCertificate) +219 
Microsoft.IdentityModel.Web.Saml2AuthenticationModule..ctor() +265 

该网站的web.config文件是：

<?xml version="1.0" encoding="UTF-8"?> 
<configuration> 
    <configSections> 
    <section name="microsoft.identityModel" type="Microsoft.IdentityModel.Configuration.MicrosoftIdentityModelSection, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" /> 
    <section name="microsoft.identityModel.saml" type="Microsoft.IdentityModel.Web.Configuration.MicrosoftIdentityModelSamlSection, Microsoft.IdentityModel.Protocols" /> 
    </configSections> 
    <connectionStrings> 
    <add name="..." connectionString="..." providerName="System.Data.SqlClient" /> 
    </connectionStrings> 
    <appSettings> 
    <add key="AppPath" value="https://<server>/login.aspx" /> 
    </appSettings> 
    <system.web> 
    <authorization> 
     <deny users="?" /> 
    </authorization> 
    <compilation debug="true" targetFramework="4.0"> 
     <assemblies> 
     <add assembly="Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" /> 
     </assemblies> 
    </compilation> 
    <authentication mode="Windows" /> 
    <httpModules> 
     <add name="Saml2AuthenticationModule" type="Microsoft.IdentityModel.Web.Saml2AuthenticationModule" /> 
     <add name="SessionAuthenticationModule" type="Microsoft.IdentityModel.Web.SessionAuthenticationModule" /> 
    </httpModules> 
    </system.web> 
    <system.webServer> 
    <validation validateIntegratedModeConfiguration="false" /> 
    <modules> 
     <add name="Saml2AuthenticationModule" type="Microsoft.IdentityModel.Web.Saml2AuthenticationModule" /> 
     <add name="SessionAuthenticationModule" type="Microsoft.IdentityModel.Web.SessionAuthenticationModule" /> 
    </modules> 
    </system.webServer> 
    <microsoft.identityModel> 
    <service> 
     <audienceUris> 
     <add value="https://<server>/saml/" /> 
     </audienceUris> 
     <certificateValidation certificateValidationMode="None" /> 
     <issuerNameRegistry type="Microsoft.IdentityModel.Tokens.ConfigurationBasedIssuerNameRegistry"> 
     <trustedIssuers> 
      <add name="http://<ADFS server>/adfs/services/trust" thumbprint="...." /> 
     </trustedIssuers> 
     </issuerNameRegistry> 
     <serviceTokenResolver type="Microsoft.IdentityModel.Tokens.X509CertificateStoreTokenResolver" /> 
     <securityTokenHandlers> 
     <securityTokenHandlerConfiguration saveBootstrapTokens="true"> 
     </securityTokenHandlerConfiguration> 
     </securityTokenHandlers> 
    </service> 
    </microsoft.identityModel> 
    <microsoft.identityModel.saml metadata="myconfig.xml"> 
    <identityProviders> 
     <metadata file="partner-metadata.xml" /> 
    </identityProviders> 
    </microsoft.identityModel.saml> 
</configuration> 

我只是无法找到任何支持的doco或web ref，这可能会指向正确的方向。

所有帮助表示赞赏。

Answer 1

仅供参考 - 对于那些可能遇到此问题的人，路径区分大小写。所以关键线路：

https://<server>/saml/' that is outside of application path '/SAML'. 

我曾在首都的网站，但我使用的链接是小写：

<add value="https://<server>/saml/" /> 

匹配的情况下，它解决了这个问题。