Hi, I spent many hours to solve issue with SAML2.0 in Sharepoint but under authorization process I've got a problem with confirmationData and I've got error like this:
ID4154: A Saml2SecurityToken cannot be created from the Saml2Assertion because it contains a SubjectConfirmationData which specifies an InResponseTo value. Enforcement of this value is not supported by default. To customize SubjectConfirmationData processing,
extend Saml2SecurityTokenHandler and override ValidateConfirmationData.
[FaultException`1: ID4154: A Saml2SecurityToken cannot be created from the Saml2Assertion because it contains a SubjectConfirmationData which specifies an InResponseTo value. Enforcement of this value is not supported by default. To customize SubjectConfirmationData processing, extend Saml2SecurityTokenHandler and override ValidateConfirmationData.]
Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.ReadResponse(Message response) +222
Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.Issue(RequestSecurityToken rst, RequestSecurityTokenResponse& rstr) +83
Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.Issue(RequestSecurityToken rst) +37
Microsoft.SharePoint.SPSecurityContext.SecurityTokenForContext(Uri context, Boolean bearerToken, SecurityToken onBehalfOf, SecurityToken actAs, SecurityToken delegateTo, SPRequestSecurityTokenProperties properties) +1421
Microsoft.SharePoint.SPSecurityContext.SecurityTokenForOnBehalfOfContext(Uri context, SecurityToken onBehalfOf) +72 |
Of course I've overrided ValidateConfirmationData method in Saml2SecurityTokenHandler but under
Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel step I've got the same error as in Saml2SecurityTokenHandler.
I've got the same error for ValidateConfirmationData but it has already been overriden.
Is there any other place when I can override this property again?
Thanx for any help.