Forum Discussion
Third party oidc authentication with SPSE failed
Following the new https://docs.microsoft.com/en-us/sharepoint/security-for-sharepoint-server/oidc-1-0-authentication , I managed configuring oidc authenticate in SPSE with ADFS.
I then tried third party oidc authentication in SPSE with Keycloak, but failed with following errors :
11/07/2021 16:48:29.07 w3wp.exe (0x0C38) 0x4AB0 SharePoint Foundation Monitoring nasq Medium Entering Monitored Scope (Request (POST:https://teamse1/_layouts/15/Authenticate.aspx?Source=%252F)). Parent=None
11/07/2021 16:48:29.07 w3wp.exe (0x0C38) 0x4AB0 SharePoint Foundation Logging Correlation Data xmnv Medium Name=Request (POST:https://teamse1/_layouts/15/Authenticate.aspx?Source=%252F) 28bc00a0-1979-300a-3da4-d9c46cbf4124
11/07/2021 16:48:29.07 w3wp.exe (0x0C38) 0x4AB0 SharePoint Foundation Asp Runtime avwhz Medium SPRequestModule.BeginRequestHandler End, SP Build Version: '16.0.14326.20450' 28bc00a0-1979-300a-3da4-d9c46cbf4124
11/07/2021 16:48:29.07 w3wp.exe (0x0C38) 0x4AB0 SharePoint Foundation Nonce Cookie 9brd4 Medium SPContextCookie : Using full host domain for cookie. CookieName: 'nSGt'. 28bc00a0-1979-300a-3da4-d9c46cbf4124
11/07/2021 16:48:29.07 w3wp.exe (0x0C38) 0x4AB0 SharePoint Foundation Nonce Cookie 9brdr Medium SPCryptoContextCookie : Initial Secondary certificate is null and we did not receive a secondary certificate thumbprint. 28bc00a0-1979-300a-3da4-d9c46cbf4124
11/07/2021 16:48:29.07 w3wp.exe (0x0C38) 0x4AB0 SharePoint Foundation Nonce Cookie 9brc8 Medium SPNonceCookie : The Identifier is set successfully. Identifier: '', NonceToSendToIdentityProvider: '2C4E2FE7F0728A63048D3F2F9AE63C6814916757CF55CC2A-CB0F14DA2F6FF1E6302B9120B3FDACE0CE6B228FA26DC9915A3264E4EEF4FA74'. 28bc00a0-1979-300a-3da4-d9c46cbf4124
11/07/2021 16:48:29.07 w3wp.exe (0x0C38) 0x4AB0 SharePoint Foundation Claims Authentication 9w647 Medium Using input cookie name. CookieName: 'nSGt-2C4E2FE7F0728A63048D3F2F9AE63C6814916757CF55CC2A'. 28bc00a0-1979-300a-3da4-d9c46cbf4124
11/07/2021 16:48:29.07 w3wp.exe (0x0C38) 0x4AB0 SharePoint Foundation Nonce Cookie 9brbv Medium SPNonceCookie : Successfully read nonce cookie. Version: '0', Seed: '94DC58B58F1B35EFF01163B1124CC9539C338C80D3829F09', Identifier: '2C4E2FE7F0728A63048D3F2F9AE63C6814916757CF55CC2A'. 28bc00a0-1979-300a-3da4-d9c46cbf4124
11/07/2021 16:48:29.07 w3wp.exe (0x0C38) 0x4AB0 SharePoint Foundation Nonce Cookie 9brc8 Medium SPNonceCookie : The Identifier is set successfully. Identifier: '2C4E2FE7F0728A63048D3F2F9AE63C6814916757CF55CC2A', NonceToSendToIdentityProvider: '2C4E2FE7F0728A63048D3F2F9AE63C6814916757CF55CC2A-CB0F14DA2F6FF1E6302B9120B3FDACE0CE6B228FA26DC9915A3264E4EEF4FA74'. 28bc00a0-1979-300a-3da4-d9c46cbf4124
11/07/2021 16:48:29.07 w3wp.exe (0x0C38) 0x4AB0 SharePoint Foundation Claims Authentication 9w647 Medium Using input cookie name. CookieName: 'nSGt-2C4E2FE7F0728A63048D3F2F9AE63C6814916757CF55CC2A'. 28bc00a0-1979-300a-3da4-d9c46cbf4124
11/07/2021 16:48:29.07 w3wp.exe (0x0C38) 0x4AB0 SharePoint Foundation Authentication Authorization deffe Medium The browser does support SameSite at revision 3 of RFC6265. 28bc00a0-1979-300a-3da4-d9c46cbf4124
11/07/2021 16:48:29.07 w3wp.exe (0x0C38) 0x4AB0 SharePoint Foundation Nonce Cookie 9brbj Medium SPNonceCookie : Deleted nonce cookie if present. Identifier: '2C4E2FE7F0728A63048D3F2F9AE63C6814916757CF55CC2A'. 28bc00a0-1979-300a-3da4-d9c46cbf4124
11/07/2021 16:48:29.07 w3wp.exe (0x0C38) 0x4AB0 SharePoint Foundation Security Token Handler 8p0r7 Medium Audience GUID matches trusted login provider default client identifier. Audience: 'new-sharepoint', provider Default Identifier: 'new-sharepoint', provider Uri: ''. 28bc00a0-1979-300a-3da4-d9c46cbf4124
11/07/2021 16:48:29.07 w3wp.exe (0x0C38) 0x4AB0 SharePoint Foundation Topology aeayb Medium SecurityTokenServiceSendRequest: RemoteAddress: 'http://localhost:32843/SecurityTokenServiceApplication/securitytoken.svc' Channel: 'System.ServiceModel.Security.IWSTrustChannelContract' Action: 'http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue' MessageId: 'urn:uuid:8ed01142-6684-422a-8d99-6028560b88a0' 28bc00a0-1979-300a-3da4-d9c46cbf4124
11/07/2021 16:48:29.08 w3wp.exe (0x40E4) 0x33E4 SharePoint Foundation Topology aeax9 Medium SecurityTokenServiceReceiveRequest: LocalAddress: 'http://spdev-se1.:32843/SecurityTokenServiceApplication/securitytoken.svc' Channel: 'System.ServiceModel.Channels.ServiceChannel' Action: 'http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue' MessageId: 'urn:uuid:8ed01142-6684-422a-8d99-6028560b88a0' 28bc00a0-1979-300a-3da4-d9c46cbf4124
11/07/2021 16:48:29.08 w3wp.exe (0x40E4) 0x33E4 SharePoint Foundation Monitoring nasq Medium Entering Monitored Scope (ExecuteSecurityTokenServiceOperationServer). Parent=None 28bc00a0-1979-300a-3da4-d9c46cbf4124
11/07/2021 16:48:29.08 w3wp.exe (0x40E4) 0x33E4 SharePoint Foundation Security Token Service 9w6kv Medium STS Call: Creating Claims Operations Scope for Applies To Uri: 'https://teamse1/'. 28bc00a0-1979-300a-3da4-d9c46cbf4124
11/07/2021 16:48:29.08 w3wp.exe (0x40E4) 0x33E4 SharePoint Foundation Claims Authentication a6oo7 Medium Created claims operation context from uri. ContextUri: 'https://teamse1/', Source: 'SiteWithoutSiteSubscription'. 28bc00a0-1979-300a-3da4-d9c46cbf4124
11/07/2021 16:48:29.08 w3wp.exe (0x40E4) 0x33E4 SharePoint Foundation Security Token Service 9w6k3 Medium Creating SPSecurityTokenRequestContextV2 object for security token service Issue request. 28bc00a0-1979-300a-3da4-d9c46cbf4124
11/07/2021 16:48:29.08 w3wp.exe (0x40E4) 0x33E4 SharePoint Foundation Security Token Service 9w6k0 Monitorable STS Call: Failed to issue new security token. Exception: 'System.IdentityModel.Tokens.SecurityTokenException: Validate signature failure : no found matched security key for token signature. 在 Microsoft.SharePoint.IdentityModel.SPOpenIDSecurityTokenHandlerV2.ValidateSignature(String token, TokenValidationParameters validationParameters) 在 System.IdentityModel.Tokens.JwtSecurityTokenHandler.ValidateToken(String securityToken, TokenValidationParameters validationParameters, SecurityToken& validatedToken) 在 Microsoft.SharePoint.IdentityModel.SPOpenIDSecurityTokenHandlerV2.ValidateToken(String tokenString, TokenValidationParameters validationParameters, SecurityToken& token) 在 Microsoft.SharePoint.IdentityModel.SPOpenIDSecurityTokenHandlerV2.ValidateToken(SecurityToken token) 在 Microsoft.SharePoint.IdentityModel.SPSecurityTokenRequestContextV2..ctor(ClaimsIdentity identity, RequestSecurityToken request, Boolean initializeForActor, SPSecurityTokenRequestTypeV2 overrideRequestType) 在 Microsoft.SharePoint.IdentityModel.SPSecurityTokenServiceV2.Issue(ClaimsPrincipal principal, RequestSecurityToken request)'. 28bc00a0-1979-300a-3da4-d9c46cbf4124
11/07/2021 16:48:29.08 w3wp.exe (0x40E4) 0x33E4 SharePoint Foundation Monitoring b4ly Medium Leaving Monitored Scope: (ExecuteSecurityTokenServiceOperationServer) 执行时间=3.7961; CPU Milliseconds=3; SQL 查询计数=0; Parent=None 28bc00a0-1979-300a-3da4-d9c46cbf4124
11/07/2021 16:48:29.09 w3wp.exe (0x0C38) 0x4AB0 SharePoint Foundation Security Token Service Caller btgia High SPSecurityContext: Request for security token failed with exception. Exception: 'System.ServiceModel.FaultException`1[System.ServiceModel.ExceptionDetail]: Validate signature failure : no found matched security key for token signature. (错误详细信息等于 很可能由 IncludeExceptionDetailInFaults=true 创建的 ExceptionDetail,其值为: System.IdentityModel.Tokens.SecurityTokenException: Validate signature failure : no found matched security key for token signature. 在 Microsoft.SharePoint.IdentityModel.SPOpenIDSecurityTokenHandlerV2.ValidateSignature(String token, TokenValidationParameters validationParameters) 在 System.IdentityModel.Tokens.JwtSecurityTokenHandler.ValidateToken(String securityToken, TokenValidationParameters validationParameters, SecurityToken& validatedToken) 在 Microsoft.SharePoint.IdentityModel.SPOpenIDSecurityTokenHandlerV2.ValidateToken(String tokenString, TokenValidationParameters validationParameters, SecurityToken& token) 在 Microsoft.SharePoint.IdentityModel.SPOpenIDSecurityTokenHandlerV2.ValidateToken(SecurityToken token) 在 Microsoft.SharePoint.IdentityModel.SPSecurityTokenRequestContextV2..ctor(ClaimsIdentity identity, RequestSecurityToken request, Boolean initializeForActor, SPSecurityTokenRequestTypeV2 overrideRequestType) ...)。'. 28bc00a0-1979-300a-3da4-d9c46cbf4124
11/07/2021 16:48:29.09 w3wp.exe (0x0C38) 0x4AB0 SharePoint Foundation Claims Authentication 8306 Critical An exception occurred when trying to issue security token: Validate signature failure : no found matched security key for token signature.. 28bc00a0-1979-300a-3da4-d9c46cbf4124
11/07/2021 16:48:29.09 w3wp.exe (0x0C38) 0x4AB0 SharePoint Foundation Claims Authentication 9w636 Unexpected Claims Saml Sign-In: Could not get local token for trusted third party token. FaultException: 'System.ServiceModel.FaultException`1[System.ServiceModel.ExceptionDetail]: Validate signature failure : no found matched security key for token signature. (错误详细信息等于 很可能由 IncludeExceptionDetailInFaults=true 创建的 ExceptionDetail,其值为: System.IdentityModel.Tokens.SecurityTokenException: Validate signature failure : no found matched security key for token signature. 在 Microsoft.SharePoint.IdentityModel.SPOpenIDSecurityTokenHandlerV2.ValidateSignature(String token, TokenValidationParameters validationParameters) 在 System.IdentityModel.Tokens.JwtSecurityTokenHandler.ValidateToken(String securityToken, TokenValidationParameters validationParameters, SecurityToken& validatedToken) 在 Microsoft.SharePoint.IdentityModel.SPOpenIDSecurityTokenHandlerV2.ValidateToken(String tokenString, TokenValidationParameters validationParameters, SecurityToken& token) 在 Microsoft.SharePoint.IdentityModel.SPOpenIDSecurityTokenHandlerV2.ValidateToken(SecurityToken token) 在 Microsoft.SharePoint.IdentityModel.SPSecurityTokenRequestContextV2..ctor(ClaimsIdentity identity, RequestSecurityToken request, Boolean initializeForActor, SPSecurityTokenRequestTypeV2 overrideRequestType) ...)。'. Stack: ' 在 System.ServiceModel.Security.WSTrustChannel.ReadResponse(Message response) 在 System.ServiceModel.Security.WSTrustChannel.Issue(RequestSecurityToken rst, RequestSecurityTokenResponse& rstr) 在 System.ServiceModel.Security.WSTrustChannel.Issue(RequestSecurityToken rst) 在 Microsoft.SharePoint.SPSecurityContext.SecurityTokenForContext(Uri context, Boolean bearerToken, SecurityToken onBehalfOf, SecurityToken actAs, SecurityToken delegateTo, SPRequestSecurityTokenProperties properties) 在 Microsoft.SharePoint.SPSecurityContext.SecurityTokenForOnBehalfOfContext(Uri context, SecurityToken onBehalfOf) 在 Microsoft.SharePoint.IdentityModel.SPFederationAuthenticationModuleV2.ExchangeArgumentTrustedThirdPartySessionSecurityTokenFo... 28bc00a0-1979-300a-3da4-d9c46cbf4124
11/07/2021 16:48:29.09* w3wp.exe (0x0C38) 0x4AB0 SharePoint Foundation Claims Authentication 9w636 Unexpected ...rLocalToken(SecurityToken thirdPartyToken, SessionSecurityTokenCreatedEventArgs arguments)'. 28bc00a0-1979-300a-3da4-d9c46cbf4124
11/07/2021 16:48:29.09 w3wp.exe (0x0C38) 0x4AB0 SharePoint Foundation Asp Runtime avwhw Medium SPRequestModule.ErrorAppHandler Begin 28bc00a0-1979-300a-3da4-d9c46cbf4124
11/07/2021 16:48:29.09 w3wp.exe (0x0C38) 0x4AB0 SharePoint Foundation General 8nca Medium Application error when access /_layouts/15/Authenticate.aspx, Error=Validate signature failure : no found matched security key for token signature. 在 System.ServiceModel.Security.WSTrustChannel.ReadResponse(Message response) 在 System.ServiceModel.Security.WSTrustChannel.Issue(RequestSecurityToken rst, RequestSecurityTokenResponse& rstr) 在 System.ServiceModel.Security.WSTrustChannel.Issue(RequestSecurityToken rst) 在 Microsoft.SharePoint.SPSecurityContext.SecurityTokenForContext(Uri context, Boolean bearerToken, SecurityToken onBehalfOf, SecurityToken actAs, SecurityToken delegateTo, SPRequestSecurityTokenProperties properties) 在 Microsoft.SharePoint.SPSecurityContext.SecurityTokenForOnBehalfOfContext(Uri context, SecurityToken onBehalfOf) 在 Microsoft.SharePoint.IdentityModel.SPFederationAuthenticationModuleV2.ExchangeArgumentTrustedThirdPartySessionSecurityTokenForLocalToken(SecurityToken thirdPartyToken, SessionSecurityTokenCreatedEventArgs arguments) 在 Microsoft.SharePoint.IdentityModel.SPFederationAuthenticationModuleV2.OnSessionSecurityTokenCreated(SessionSecurityTokenCreatedEventArgs eventArgs) 在 System.IdentityModel.Services.WSFederationAuthenticationModule.SetPrincipalAndWriteSessionToken(SessionSecurityToken sessionToken, Boolean isSession) 在 System.IdentityModel.Services.WSFederationAuthenticationModule.SignInWithResponseMessage(HttpRequestBase request) 在 System.IdentityModel.Services.WSFederationAuthenticationModule.OnAuthenticateRequest(Object sender, EventArgs args) 在 Microsoft.SharePoint.IdentityModel.SPFederationAuthenticationModuleV2.OnAuthenticateRequest(Object sender, EventArgs eventArgs) 在 System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() 在 System.Web.HttpApplication.ExecuteStepImpl(IExecutionStep step) 在 System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) 28bc00a0-1979-300a-3da4-d9c46cbf4124
11/07/2021 16:48:29.09 w3wp.exe (0x0C38) 0x4AB0 SharePoint Foundation Runtime tkau Unexpected System.ServiceModel.FaultException`1[[System.ServiceModel.ExceptionDetail, System.ServiceModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]]: Validate signature failure : no found matched security key for token signature. 在 System.ServiceModel.Security.WSTrustChannel.ReadResponse(Message response) 在 System.ServiceModel.Security.WSTrustChannel.Issue(RequestSecurityToken rst, RequestSecurityTokenResponse& rstr) 在 System.ServiceModel.Security.WSTrustChannel.Issue(RequestSecurityToken rst) 在 Microsoft.SharePoint.SPSecurityContext.SecurityTokenForContext(Uri context, Boolean bearerToken, SecurityToken onBehalfOf, SecurityToken actAs, SecurityToken delegateTo, SPRequestSecurityTokenProperties properties) 在 Microsoft.SharePoint.SPSecurityContext.SecurityTokenForOnBehalfOfContext(Uri context, SecurityToken onBehalfOf) 在 Microsoft.SharePoint.IdentityModel.SPFederationAuthenticationModuleV2.ExchangeArgumentTrustedThirdPartySessionSecurityTokenForLocalToken(SecurityToken thirdPartyToken, SessionSecurityTokenCreatedEventArgs arguments) 在 Microsoft.SharePoint.IdentityModel.SPFederationAuthenticationModuleV2.OnSessionSecurityTokenCreated(SessionSecurityTokenCreatedEventArgs eventArgs) 在 System.IdentityModel.Services.WSFederationAuthenticationModule.SetPrincipalAndWriteSessionToken(SessionSecurityToken sessionToken, Boolean isSession) 在 System.IdentityModel.Services.WSFederationAuthenticationModule.SignInWithResponseMessage(HttpRequestBase request) 在 System.IdentityModel.Services.WSFederationAuthenticationModule.OnAuthenticateRequest(Object sender, EventArgs args) 在 Microsoft.SharePoint.IdentityModel.SPFederationAuthenticationModuleV2.OnAuthenticateRequest(Object sender, EventArgs eventArgs) 在 System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() 在 System.Web.HttpApplication.ExecuteStepImpl(IExecutionStep step) 在 System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously... 28bc00a0-1979-300a-3da4-d9c46cbf4124
11/07/2021 16:48:29.09* w3wp.exe (0x0C38) 0x4AB0 SharePoint Foundation Runtime tkau Unexpected ...) 28bc00a0-1979-300a-3da4-d9c46cbf4124
11/07/2021 16:48:29.09 w3wp.exe (0x0C38) 0x4AB0 SharePoint Foundation General ajlz0 High Getting Error Message for Exception System.ServiceModel.FaultException`1[System.ServiceModel.ExceptionDetail]: Validate signature failure : no found matched security key for token signature. (错误详细信息等于 很可能由 IncludeExceptionDetailInFaults=true 创建的 ExceptionDetail,其值为: System.IdentityModel.Tokens.SecurityTokenException: Validate signature failure : no found matched security key for token signature. 在 Microsoft.SharePoint.IdentityModel.SPOpenIDSecurityTokenHandlerV2.ValidateSignature(String token, TokenValidationParameters validationParameters) 在 System.IdentityModel.Tokens.JwtSecurityTokenHandler.ValidateToken(String securityToken, TokenValidationParameters validationParameters, SecurityToken& validatedToken) 在 Microsoft.SharePoint.IdentityModel.SPOpenIDSecurityTokenHandlerV2.ValidateToken(String tokenString, TokenValidationParameters validationParameters, SecurityToken& token) 在 Microsoft.SharePoint.IdentityModel.SPOpenIDSecurityTokenHandlerV2.ValidateToken(SecurityToken token) 在 Microsoft.SharePoint.IdentityModel.SPSecurityTokenRequestContextV2..ctor(ClaimsIdentity identity, RequestSecurityToken request, Boolean initializeForActor, SPSecurityTokenRequestTypeV2 overrideRequestType) ...)。 28bc00a0-1979-300a-3da4-d9c46cbf4124
11/07/2021 16:48:29.09 w3wp.exe (0x0C38) 0x4AB0 SharePoint Foundation General aat87 Monitorable 28bc00a0-1979-300a-3da4-d9c46cbf4124
11/07/2021 16:48:29.09 w3wp.exe (0x0C38) 0x4AB0 SharePoint Foundation Authentication Authorization agb9s Medium Non-OAuth request. IsAuthenticated=False, UserIdentityName=, ClaimsCount=0 28bc00a0-1979-300a-3da4-d9c46cbf4124
11/07/2021 16:48:29.09 w3wp.exe (0x0C38) 0x4AB0 SharePoint Foundation General agxkz High calling GetCurrentGenericSetupPath for a versioned path: TEMPLATE\LAYOUTS 28bc00a0-1979-300a-3da4-d9c46cbf4124
11/07/2021 16:48:29.10 w3wp.exe (0x0C38) 0x4AB0 SharePoint Foundation Application Authentication 9s97c Medium SPApplicationAuthenticationModuleV2.IsBearerChallengeRequested: Return 'False'. 28bc00a0-1979-300a-3da4-d9c46cbf4124
11/07/2021 16:48:29.10 w3wp.exe (0x0C38) 0x4AB0 SharePoint Foundation Application Authentication 9s97n Medium The request isn't made to a page which allows NeverAuth to be specified in the query string 28bc00a0-1979-300a-3da4-d9c46cbf4124
11/07/2021 16:48:29.10 w3wp.exe (0x0C38) 0x4AB0 SharePoint Foundation Claims Authentication crpqx Medium STS setting for SuppressModernAuthForOfficeClients:'True'. 28bc00a0-1979-300a-3da4-d9c46cbf4124
11/07/2021 16:48:29.10 w3wp.exe (0x0C38) 0x4AB0 SharePoint Foundation Application Authentication 9s976 Medium IsClaimsTrustedAuthenticationOnly: 'False', IsOfficeClientIDCRLRequest: 'False', HasSPTrustedSecurityTokenIssuer: 'False', ForceIdcrlForOfficeClients: 'True'. 28bc00a0-1979-300a-3da4-d9c46cbf4124
11/07/2021 16:48:29.10 w3wp.exe (0x0C38) 0x4AB0 SharePoint Foundation Asp Runtime avwh5 Medium SPRequestModule.PreSendRequestHeaders End 28bc00a0-1979-300a-3da4-d9c46cbf4124
11/07/2021 16:48:29.10 w3wp.exe (0x0C38) 0x4AB0 SharePoint Foundation Asp Runtime avwhx Medium SPRequestModule.ErrorAppHandler End 28bc00a0-1979-300a-3da4-d9c46cbf4124
11/07/2021 16:48:29.10 w3wp.exe (0x0C38) 0x4AB0 SharePoint Foundation Asp Runtime avwia Medium SPRequestModule.PostLogRequestHandler Begin 28bc00a0-1979-300a-3da4-d9c46cbf4124
11/07/2021 16:48:29.10 w3wp.exe (0x0C38) 0x4AB0 SharePoint Foundation Asp Runtime avwib Medium SPRequestModule.PostLogRequestHandler End 28bc00a0-1979-300a-3da4-d9c46cbf4124
11/07/2021 16:48:29.10 w3wp.exe (0x0C38) 0x4AB0 SharePoint Foundation Asp Runtime avwic Medium SPRequestModule.EndRequestHandler Begin 28bc00a0-1979-300a-3da4-d9c46cbf4124
11/07/2021 16:48:29.10 w3wp.exe (0x0C38) 0x4AB0 SharePoint Foundation Micro Trace uls4 Medium Micro Trace Tags: 0 avwhy,0 nasq,0 avwhz,0 9brd4,0 9brdr,0 9brc8,0 9w647,0 9brbv,0 9brc8,0 9w647,0 deffe,0 9brbj,2 8p0r7,0 aeayb,11 btgia,0 9w636,0 avwhw,0 8nca,0 tkau,0 ajlz0,1 aat87,5 agb9s,0 agxkz,1 9s97c,0 9s97n,0 crpqx,0 9s976,0 avwh5,0 avwhx,0 avwia,0 avwib,0 avwic 28bc00a0-1979-300a-3da4-d9c46cbf4124
11/07/2021 16:48:29.10 w3wp.exe (0x0C38) 0x4AB0 SharePoint Foundation Runtime aoxsq Medium Sending HTTP response 200 for HTTP POST request 28bc00a0-1979-300a-3da4-d9c46cbf4124
11/07/2021 16:48:29.10 w3wp.exe (0x0C38) 0x4AB0 SharePoint Foundation Unified Audit bm7sm High SPRequestModule::CreatePageViewedAuditEntry: Required parameters not set properly,exiting creating PageViewed SPUnifiedAuditEntry 28bc00a0-1979-300a-3da4-d9c46cbf4124
11/07/2021 16:48:29.10 w3wp.exe (0x0C38) 0x4AB0 SharePoint Foundation Monitoring b4ly Medium Leaving Monitored Scope: (Request (POST:https://teamse1/_layouts/15/Authenticate.aspx?Source=%252F)) 执行时间=29.1365; CPU Milliseconds=18; SQL 查询计数=0; Parent=None 28bc00a0-1979-300a-3da4-d9c46cbf4124
11/07/2021 16:48:29.10 w3wp.exe (0x0C38) 0x4AB0 SharePoint Foundation Asp Runtime avwid Medium SPRequestModule.EndRequestHandler End 28bc00a0-1979-300a-3da4-d9c46cbf4124
Through browser F12 debug, the authentication flow had successfully gone from Keycloak to Sharepoint : _layouts/15/Authenticate.aspx?Source=%2F, and id_token successfully generated and could be verified through https://jwt.ms/
How to integrate 3rd party oidc server with SPSE?
36 Replies
Steve ZhangMicrosoft
Thanks Jinzhong, we will look at it- TroyStarr
Hi jinzhong he, this may be difficult to diagnose through a message board. Can you open a support case with Microsoft Support? They can then work with you to investigate the issue.
Hi TroyStarr ,this is just an POC environment so we don't bother to do so.
It seems that the authentication flow failed at last step, i.e. when posting back to: /_layouts/15/Authenticate.aspx
The error was:
Claims Saml Sign-In: Could not get local token for trusted third party token. FaultException: 'System.ServiceModel.FaultException`1[System.ServiceModel.ExceptionDetail]: Validate signature failure : no found matched security key for token signature.
STS Call: Failed to issue new security token. Exception:
'System.IdentityModel.Tokens.SecurityTokenException: Validate signature failure : no found matched security key for token signature.
- Steve ZhangHi @Jinzhong,
Thank you for having a try on our new OIDC feature and reporting 3rd party IDP connection issue to us.
I've sent you a private message, if you don't mind, you can share with me your sample token with us so that we can take a look at what's going wrong in your case.
Thanks
Steve
