+xADFS returns a generic error status if anything goes wrong. The most likely cause is a configuration mismatch.
You need to ask the ADFS admin to take a look at the Windows event log on the ADFS server. There will be one or more error events associated with the error status that will provide more specific information.
Thank you for answer my question! I have reviewed the event on adfs server. Maybe here are problems?
日志名称: AD FS/Admin
来源: AD FS
日期: 2020/2/14 14:28:18
事件 ID: 364
任务类别: 无
级别: 错误
关键字: AD FS
用户: PLATINUMCLOUD\administrator
计算机: adfstest.platinumcloud.cn
描述:
联合身份验证被动请求期间遇到错误。
其他数据
协议名称:
Saml
信赖方:
https://apps.platinumchina.com/MvcExampleServiceProvider 异常详细信息:
Microsoft.IdentityModel.Protocols.XmlSignature.SignatureVerificationFailedException: MSIS0038: SAML 消息的签名错误。颁发者:“
https://apps.platinumchina.com/MvcExampleServiceProvider”。 在 Microsoft.IdentityServer.Protocols.Saml.Contract.SamlContractUtility.CreateSamlMessage(MSISSamlBindingMessage message)
在 Microsoft.IdentityServer.Web.Protocols.Saml.SamlProtocolManager.Issue(HttpSamlRequestMessage httpSamlRequestMessage, SecurityTokenElement onBehalfOf, String sessionState, String relayState, String& newSamlSession, String& samlpAuthenticationProvider, Boolean isUrlTranslationNeeded, WrappedHttpListenerContext context, Boolean isKmsiRequested)
在 Microsoft.IdentityServer.Web.Protocols.Saml.SamlProtocolHandler.RequestBearerToken(WrappedHttpListenerContext context, HttpSamlRequestMessage httpSamlRequest, SecurityTokenElement onBehalfOf, String relyingPartyIdentifier, Boolean isKmsiRequested, Boolean isApplicationProxyTokenRequired, String& samlpSessionState, String& samlpAuthenticationProvider)
在 Microsoft.IdentityServer.Web.Protocols.Saml.SamlProtocolHandler.BuildSignInResponseCoreWithSerializedToken(HttpSamlRequestMessage httpSamlRequest, WrappedHttpListenerContext context, String relyingPartyIdentifier, SecurityTokenElement signOnTokenElement, Boolean isKmsiRequested, Boolean isApplicationProxyTokenRequired)
在 Microsoft.IdentityServer.Web.Protocols.Saml.SamlProtocolHandler.BuildSignInResponseCoreWithSecurityToken(SamlSignInContext context, SecurityToken securityToken, SecurityToken deviceSecurityToken)
在 Microsoft.IdentityServer.Web.Protocols.Saml.SamlProtocolHandler.Process(ProtocolContext context)
在 Microsoft.IdentityServer.Web.PassiveProtocolListener.ProcessProtocolRequest(ProtocolContext protocolContext, PassiveProtocolHandler protocolHandler)
在 Microsoft.IdentityServer.Web.PassiveProtocolListener.OnGetContext(WrappedHttpListenerContext context)