我目前在客户端使用ADFS将BizTalk 2010配置为Dynamics CRM 2011之间的中间件 .
从CRM 2011接收消息到BizTalk完全没问题 .
但另一方面,我将自定义绑定配置为SendPort,似乎无法找到正确的设置来强制执行HTTPS和在ADFS服务上进行身份验证 .
我想我需要在sendport中进行设置才能首先在ADFS上进行身份验证,然后对CRM 2011进行身份验证 .
关于此设置和配置的任何其他信息非常感谢 .
最新的sendport信息和错误:
<?xml version="1.0"?>
<configuration>
<system.serviceModel>
<client>
<remove contract="BizTalk" name="WcfSendPort_Crm" />
<endpoint address="https://crmurl/XRMServices/2011/Organization.svc" behaviorConfiguration="EndpointBehavior" binding="ws2007FederationHttpBinding" bindingConfiguration="ws2007FederationHttpBinding" contract="BizTalk" name="WcfSendPort_Crm" />
</client>
<behaviors>
<endpointBehaviors>
<remove name="EndpointBehavior" />
<behavior name="EndpointBehavior">
<soapProcessing processMessages="false" />
</behavior>
</endpointBehaviors>
</behaviors>
<bindings>
<ws2007FederationHttpBinding>
<clear />
<binding name="ws2007FederationHttpBinding">
<reliableSession enabled="true" />
<security mode="TransportWithMessageCredential">
<message issuedTokenType="http://docs.oasis-open.org/wss/v1.1/wss-v1.1-spec-pr-SAMLTokenProfile-01.html">
<issuer address="https://adfsurl/STS/Active/STS.svc" binding="ws2007HttpBinding" bindingConfiguration="stsBinding">
<identity>
<dns value="STS" />
</identity>
</issuer>
<issuerMetadata address="https://adfsurl/HRGSTS/Active/HRGSTS/mex%22" />
</message>
</security>
</binding>
</ws2007FederationHttpBinding>
</bindings>
</system.serviceModel>
</configuration>
错误:
A message sent to adapter "WCF-Custom" on send port "WcfSendPort_Crm" with URI "https://crmurl/XRMServices/2011/Organization.svc" is suspended.
Error details: System.InvalidOperationException: The channel is configured to use interactive initializer 'System.ServiceModel.Security.InfocardInteractiveChannelInitializer', but the channel was Opened without calling DisplayInitializationUI. Call DisplayInitializationUI before calling Open or other methods on this channel.
Server stack trace:
at System.ServiceModel.Channels.ServiceChannel.ThrowIfInitializationUINotCalled()
at System.ServiceModel.Channels.ServiceChannel.OnOpen(TimeSpan timeout)
at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
Exception rethrown at [0]:
at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
at System.ServiceModel.ICommunicationObject.Open()
at Microsoft.BizTalk.Adapter.Wcf.Runtime.WcfClient`2.GetChannel[TChannel](IBaseMessage bizTalkMessage, ChannelFactory`1& cachedFactory)
at Microsoft.BizTalk.Adapter.Wcf.Runtime.WcfClient`2.SendMessage(IBaseMessage bizTalkMessage)
MessageId: {337CB1AF-1C4A-484A-9CA6-7E0FD3396138}
InstanceID: {FBCDEE5C-8CA2-4C37-87A5-906448C14479}
===
<ws2007HttpBinding>
<clear />
<binding name="ws2007HttpBinding">
<security mode="TransportWithMessageCredential">
<transport clientCredentialType="None"/>
<message clientCredentialType="UserName"
establishSecurityContext="false"/>
</security>
</binding>
</ws2007HttpBinding>
2 回答
假设您've added is the binding to use when calling the STS and that this is the bit you'已添加到machine.config的最后一个片段 - 我的绑定名称应该是
stsBinding而不是ws2007HttpBinding,因为这应该匹配发送端口配置中issuer元素的bindingConfiguration属性中使用的名称 .HTTPS将是Binding,CustomBindingElement,allowInsecureTransport = False
对于ADFS,您可能必须使用Ws2007HttpBinding或在自定义绑定中重新设置此设置,可能将authenticationMode设置为IssuedToken,并为IssuedTokenParameter设置,在Issuer地址中设置ADFS地址,绑定ws2007HttpBinding并设置绑定配置 .
在这里看到这个博客Calling a service with federated identity from BizTalk Server [2009] – Part I