Nov 07 2021 01:12 AM
Following the new oidc-1-0-authentication , I managed configuring oidc authenticate in SPSE with ADFS.
I then tried third party oidc authentication in SPSE with Keycloak, but failed with following errors :
11/07/2021 16:48:29.07 w3wp.exe (0x0C38) 0x4AB0 SharePoint Foundation Monitoring nasq Medium Entering Monitored Scope (Request (POST:https://teamse1/_layouts/15/Authenticate.aspx?Source=%252F)). Parent=None
11/07/2021 16:48:29.07 w3wp.exe (0x0C38) 0x4AB0 SharePoint Foundation Logging Correlation Data xmnv Medium Name=Request (POST:https://teamse1/_layouts/15/Authenticate.aspx?Source=%252F) 28bc00a0-1979-300a-3da4-d9c46cbf4124
11/07/2021 16:48:29.07 w3wp.exe (0x0C38) 0x4AB0 SharePoint Foundation Asp Runtime avwhz Medium SPRequestModule.BeginRequestHandler End, SP Build Version: '16.0.14326.20450' 28bc00a0-1979-300a-3da4-d9c46cbf4124
11/07/2021 16:48:29.07 w3wp.exe (0x0C38) 0x4AB0 SharePoint Foundation Nonce Cookie 9brd4 Medium SPContextCookie : Using full host domain for cookie. CookieName: 'nSGt'. 28bc00a0-1979-300a-3da4-d9c46cbf4124
11/07/2021 16:48:29.07 w3wp.exe (0x0C38) 0x4AB0 SharePoint Foundation Nonce Cookie 9brdr Medium SPCryptoContextCookie : Initial Secondary certificate is null and we did not receive a secondary certificate thumbprint. 28bc00a0-1979-300a-3da4-d9c46cbf4124
11/07/2021 16:48:29.07 w3wp.exe (0x0C38) 0x4AB0 SharePoint Foundation Nonce Cookie 9brc8 Medium SPNonceCookie : The Identifier is set successfully. Identifier: '', NonceToSendToIdentityProvider: '2C4E2FE7F0728A63048D3F2F9AE63C6814916757CF55CC2A-CB0F14DA2F6FF1E6302B9120B3FDACE0CE6B228FA26DC9915A3264E4EEF4FA74'. 28bc00a0-1979-300a-3da4-d9c46cbf4124
11/07/2021 16:48:29.07 w3wp.exe (0x0C38) 0x4AB0 SharePoint Foundation Claims Authentication 9w647 Medium Using input cookie name. CookieName: 'nSGt-2C4E2FE7F0728A63048D3F2F9AE63C6814916757CF55CC2A'. 28bc00a0-1979-300a-3da4-d9c46cbf4124
11/07/2021 16:48:29.07 w3wp.exe (0x0C38) 0x4AB0 SharePoint Foundation Nonce Cookie 9brbv Medium SPNonceCookie : Successfully read nonce cookie. Version: '0', Seed: '94DC58B58F1B35EFF01163B1124CC9539C338C80D3829F09', Identifier: '2C4E2FE7F0728A63048D3F2F9AE63C6814916757CF55CC2A'. 28bc00a0-1979-300a-3da4-d9c46cbf4124
11/07/2021 16:48:29.07 w3wp.exe (0x0C38) 0x4AB0 SharePoint Foundation Nonce Cookie 9brc8 Medium SPNonceCookie : The Identifier is set successfully. Identifier: '2C4E2FE7F0728A63048D3F2F9AE63C6814916757CF55CC2A', NonceToSendToIdentityProvider: '2C4E2FE7F0728A63048D3F2F9AE63C6814916757CF55CC2A-CB0F14DA2F6FF1E6302B9120B3FDACE0CE6B228FA26DC9915A3264E4EEF4FA74'. 28bc00a0-1979-300a-3da4-d9c46cbf4124
11/07/2021 16:48:29.07 w3wp.exe (0x0C38) 0x4AB0 SharePoint Foundation Claims Authentication 9w647 Medium Using input cookie name. CookieName: 'nSGt-2C4E2FE7F0728A63048D3F2F9AE63C6814916757CF55CC2A'. 28bc00a0-1979-300a-3da4-d9c46cbf4124
11/07/2021 16:48:29.07 w3wp.exe (0x0C38) 0x4AB0 SharePoint Foundation Authentication Authorization deffe Medium The browser does support SameSite at revision 3 of RFC6265. 28bc00a0-1979-300a-3da4-d9c46cbf4124
11/07/2021 16:48:29.07 w3wp.exe (0x0C38) 0x4AB0 SharePoint Foundation Nonce Cookie 9brbj Medium SPNonceCookie : Deleted nonce cookie if present. Identifier: '2C4E2FE7F0728A63048D3F2F9AE63C6814916757CF55CC2A'. 28bc00a0-1979-300a-3da4-d9c46cbf4124
11/07/2021 16:48:29.07 w3wp.exe (0x0C38) 0x4AB0 SharePoint Foundation Security Token Handler 8p0r7 Medium Audience GUID matches trusted login provider default client identifier. Audience: 'new-sharepoint', provider Default Identifier: 'new-sharepoint', provider Uri: ''. 28bc00a0-1979-300a-3da4-d9c46cbf4124
11/07/2021 16:48:29.07 w3wp.exe (0x0C38) 0x4AB0 SharePoint Foundation Topology aeayb Medium SecurityTokenServiceSendRequest: RemoteAddress: 'http://localhost:32843/SecurityTokenServiceApplication/securitytoken.svc' Channel: 'System.ServiceModel.Security.IWSTrustChannelContract' Action: 'http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue' MessageId: 'urn:uuid:8ed01142-6684-422a-8d99-6028560b88a0' 28bc00a0-1979-300a-3da4-d9c46cbf4124
11/07/2021 16:48:29.08 w3wp.exe (0x40E4) 0x33E4 SharePoint Foundation Topology aeax9 Medium SecurityTokenServiceReceiveRequest: LocalAddress: 'http://spdev-se1.:32843/SecurityTokenServiceApplication/securitytoken.svc' Channel: 'System.ServiceModel.Channels.ServiceChannel' Action: 'http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue' MessageId: 'urn:uuid:8ed01142-6684-422a-8d99-6028560b88a0' 28bc00a0-1979-300a-3da4-d9c46cbf4124
11/07/2021 16:48:29.08 w3wp.exe (0x40E4) 0x33E4 SharePoint Foundation Monitoring nasq Medium Entering Monitored Scope (ExecuteSecurityTokenServiceOperationServer). Parent=None 28bc00a0-1979-300a-3da4-d9c46cbf4124
11/07/2021 16:48:29.08 w3wp.exe (0x40E4) 0x33E4 SharePoint Foundation Security Token Service 9w6kv Medium STS Call: Creating Claims Operations Scope for Applies To Uri: 'https://teamse1/'. 28bc00a0-1979-300a-3da4-d9c46cbf4124
11/07/2021 16:48:29.08 w3wp.exe (0x40E4) 0x33E4 SharePoint Foundation Claims Authentication a6oo7 Medium Created claims operation context from uri. ContextUri: 'https://teamse1/', Source: 'SiteWithoutSiteSubscription'. 28bc00a0-1979-300a-3da4-d9c46cbf4124
11/07/2021 16:48:29.08 w3wp.exe (0x40E4) 0x33E4 SharePoint Foundation Security Token Service 9w6k3 Medium Creating SPSecurityTokenRequestContextV2 object for security token service Issue request. 28bc00a0-1979-300a-3da4-d9c46cbf4124
11/07/2021 16:48:29.08 w3wp.exe (0x40E4) 0x33E4 SharePoint Foundation Security Token Service 9w6k0 Monitorable STS Call: Failed to issue new security token. Exception: 'System.IdentityModel.Tokens.SecurityTokenException: Validate signature failure : no found matched security key for token signature. 在 Microsoft.SharePoint.IdentityModel.SPOpenIDSecurityTokenHandlerV2.ValidateSignature(String token, TokenValidationParameters validationParameters) 在 System.IdentityModel.Tokens.JwtSecurityTokenHandler.ValidateToken(String securityToken, TokenValidationParameters validationParameters, SecurityToken& validatedToken) 在 Microsoft.SharePoint.IdentityModel.SPOpenIDSecurityTokenHandlerV2.ValidateToken(String tokenString, TokenValidationParameters validationParameters, SecurityToken& token) 在 Microsoft.SharePoint.IdentityModel.SPOpenIDSecurityTokenHandlerV2.ValidateToken(SecurityToken token) 在 Microsoft.SharePoint.IdentityModel.SPSecurityTokenRequestContextV2..ctor(ClaimsIdentity identity, RequestSecurityToken request, Boolean initializeForActor, SPSecurityTokenRequestTypeV2 overrideRequestType) 在 Microsoft.SharePoint.IdentityModel.SPSecurityTokenServiceV2.Issue(ClaimsPrincipal principal, RequestSecurityToken request)'. 28bc00a0-1979-300a-3da4-d9c46cbf4124
11/07/2021 16:48:29.08 w3wp.exe (0x40E4) 0x33E4 SharePoint Foundation Monitoring b4ly Medium Leaving Monitored Scope: (ExecuteSecurityTokenServiceOperationServer) 执行时间=3.7961; CPU Milliseconds=3; SQL 查询计数=0; Parent=None 28bc00a0-1979-300a-3da4-d9c46cbf4124
11/07/2021 16:48:29.09 w3wp.exe (0x0C38) 0x4AB0 SharePoint Foundation Security Token Service Caller btgia High SPSecurityContext: Request for security token failed with exception. Exception: 'System.ServiceModel.FaultException`1[System.ServiceModel.ExceptionDetail]: Validate signature failure : no found matched security key for token signature. (错误详细信息等于 很可能由 IncludeExceptionDetailInFaults=true 创建的 ExceptionDetail,其值为: System.IdentityModel.Tokens.SecurityTokenException: Validate signature failure : no found matched security key for token signature. 在 Microsoft.SharePoint.IdentityModel.SPOpenIDSecurityTokenHandlerV2.ValidateSignature(String token, TokenValidationParameters validationParameters) 在 System.IdentityModel.Tokens.JwtSecurityTokenHandler.ValidateToken(String securityToken, TokenValidationParameters validationParameters, SecurityToken& validatedToken) 在 Microsoft.SharePoint.IdentityModel.SPOpenIDSecurityTokenHandlerV2.ValidateToken(String tokenString, TokenValidationParameters validationParameters, SecurityToken& token) 在 Microsoft.SharePoint.IdentityModel.SPOpenIDSecurityTokenHandlerV2.ValidateToken(SecurityToken token) 在 Microsoft.SharePoint.IdentityModel.SPSecurityTokenRequestContextV2..ctor(ClaimsIdentity identity, RequestSecurityToken request, Boolean initializeForActor, SPSecurityTokenRequestTypeV2 overrideRequestType) ...)。'. 28bc00a0-1979-300a-3da4-d9c46cbf4124
11/07/2021 16:48:29.09 w3wp.exe (0x0C38) 0x4AB0 SharePoint Foundation Claims Authentication 8306 Critical An exception occurred when trying to issue security token: Validate signature failure : no found matched security key for token signature.. 28bc00a0-1979-300a-3da4-d9c46cbf4124
11/07/2021 16:48:29.09 w3wp.exe (0x0C38) 0x4AB0 SharePoint Foundation Claims Authentication 9w636 Unexpected Claims Saml Sign-In: Could not get local token for trusted third party token. FaultException: 'System.ServiceModel.FaultException`1[System.ServiceModel.ExceptionDetail]: Validate signature failure : no found matched security key for token signature. (错误详细信息等于 很可能由 IncludeExceptionDetailInFaults=true 创建的 ExceptionDetail,其值为: System.IdentityModel.Tokens.SecurityTokenException: Validate signature failure : no found matched security key for token signature. 在 Microsoft.SharePoint.IdentityModel.SPOpenIDSecurityTokenHandlerV2.ValidateSignature(String token, TokenValidationParameters validationParameters) 在 System.IdentityModel.Tokens.JwtSecurityTokenHandler.ValidateToken(String securityToken, TokenValidationParameters validationParameters, SecurityToken& validatedToken) 在 Microsoft.SharePoint.IdentityModel.SPOpenIDSecurityTokenHandlerV2.ValidateToken(String tokenString, TokenValidationParameters validationParameters, SecurityToken& token) 在 Microsoft.SharePoint.IdentityModel.SPOpenIDSecurityTokenHandlerV2.ValidateToken(SecurityToken token) 在 Microsoft.SharePoint.IdentityModel.SPSecurityTokenRequestContextV2..ctor(ClaimsIdentity identity, RequestSecurityToken request, Boolean initializeForActor, SPSecurityTokenRequestTypeV2 overrideRequestType) ...)。'. Stack: ' 在 System.ServiceModel.Security.WSTrustChannel.ReadResponse(Message response) 在 System.ServiceModel.Security.WSTrustChannel.Issue(RequestSecurityToken rst, RequestSecurityTokenResponse& rstr) 在 System.ServiceModel.Security.WSTrustChannel.Issue(RequestSecurityToken rst) 在 Microsoft.SharePoint.SPSecurityContext.SecurityTokenForContext(Uri context, Boolean bearerToken, SecurityToken onBehalfOf, SecurityToken actAs, SecurityToken delegateTo, SPRequestSecurityTokenProperties properties) 在 Microsoft.SharePoint.SPSecurityContext.SecurityTokenForOnBehalfOfContext(Uri context, SecurityToken onBehalfOf) 在 Microsoft.SharePoint.IdentityModel.SPFederationAuthenticationModuleV2.ExchangeArgumentTrustedThirdPartySessionSecurityTokenFo... 28bc00a0-1979-300a-3da4-d9c46cbf4124
11/07/2021 16:48:29.09* w3wp.exe (0x0C38) 0x4AB0 SharePoint Foundation Claims Authentication 9w636 Unexpected ...rLocalToken(SecurityToken thirdPartyToken, SessionSecurityTokenCreatedEventArgs arguments)'. 28bc00a0-1979-300a-3da4-d9c46cbf4124
11/07/2021 16:48:29.09 w3wp.exe (0x0C38) 0x4AB0 SharePoint Foundation Asp Runtime avwhw Medium SPRequestModule.ErrorAppHandler Begin 28bc00a0-1979-300a-3da4-d9c46cbf4124
11/07/2021 16:48:29.09 w3wp.exe (0x0C38) 0x4AB0 SharePoint Foundation General 8nca Medium Application error when access /_layouts/15/Authenticate.aspx, Error=Validate signature failure : no found matched security key for token signature. 在 System.ServiceModel.Security.WSTrustChannel.ReadResponse(Message response) 在 System.ServiceModel.Security.WSTrustChannel.Issue(RequestSecurityToken rst, RequestSecurityTokenResponse& rstr) 在 System.ServiceModel.Security.WSTrustChannel.Issue(RequestSecurityToken rst) 在 Microsoft.SharePoint.SPSecurityContext.SecurityTokenForContext(Uri context, Boolean bearerToken, SecurityToken onBehalfOf, SecurityToken actAs, SecurityToken delegateTo, SPRequestSecurityTokenProperties properties) 在 Microsoft.SharePoint.SPSecurityContext.SecurityTokenForOnBehalfOfContext(Uri context, SecurityToken onBehalfOf) 在 Microsoft.SharePoint.IdentityModel.SPFederationAuthenticationModuleV2.ExchangeArgumentTrustedThirdPartySessionSecurityTokenForLocalToken(SecurityToken thirdPartyToken, SessionSecurityTokenCreatedEventArgs arguments) 在 Microsoft.SharePoint.IdentityModel.SPFederationAuthenticationModuleV2.OnSessionSecurityTokenCreated(SessionSecurityTokenCreatedEventArgs eventArgs) 在 System.IdentityModel.Services.WSFederationAuthenticationModule.SetPrincipalAndWriteSessionToken(SessionSecurityToken sessionToken, Boolean isSession) 在 System.IdentityModel.Services.WSFederationAuthenticationModule.SignInWithResponseMessage(HttpRequestBase request) 在 System.IdentityModel.Services.WSFederationAuthenticationModule.OnAuthenticateRequest(Object sender, EventArgs args) 在 Microsoft.SharePoint.IdentityModel.SPFederationAuthenticationModuleV2.OnAuthenticateRequest(Object sender, EventArgs eventArgs) 在 System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() 在 System.Web.HttpApplication.ExecuteStepImpl(IExecutionStep step) 在 System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) 28bc00a0-1979-300a-3da4-d9c46cbf4124
11/07/2021 16:48:29.09 w3wp.exe (0x0C38) 0x4AB0 SharePoint Foundation Runtime tkau Unexpected System.ServiceModel.FaultException`1[[System.ServiceModel.ExceptionDetail, System.ServiceModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]]: Validate signature failure : no found matched security key for token signature. 在 System.ServiceModel.Security.WSTrustChannel.ReadResponse(Message response) 在 System.ServiceModel.Security.WSTrustChannel.Issue(RequestSecurityToken rst, RequestSecurityTokenResponse& rstr) 在 System.ServiceModel.Security.WSTrustChannel.Issue(RequestSecurityToken rst) 在 Microsoft.SharePoint.SPSecurityContext.SecurityTokenForContext(Uri context, Boolean bearerToken, SecurityToken onBehalfOf, SecurityToken actAs, SecurityToken delegateTo, SPRequestSecurityTokenProperties properties) 在 Microsoft.SharePoint.SPSecurityContext.SecurityTokenForOnBehalfOfContext(Uri context, SecurityToken onBehalfOf) 在 Microsoft.SharePoint.IdentityModel.SPFederationAuthenticationModuleV2.ExchangeArgumentTrustedThirdPartySessionSecurityTokenForLocalToken(SecurityToken thirdPartyToken, SessionSecurityTokenCreatedEventArgs arguments) 在 Microsoft.SharePoint.IdentityModel.SPFederationAuthenticationModuleV2.OnSessionSecurityTokenCreated(SessionSecurityTokenCreatedEventArgs eventArgs) 在 System.IdentityModel.Services.WSFederationAuthenticationModule.SetPrincipalAndWriteSessionToken(SessionSecurityToken sessionToken, Boolean isSession) 在 System.IdentityModel.Services.WSFederationAuthenticationModule.SignInWithResponseMessage(HttpRequestBase request) 在 System.IdentityModel.Services.WSFederationAuthenticationModule.OnAuthenticateRequest(Object sender, EventArgs args) 在 Microsoft.SharePoint.IdentityModel.SPFederationAuthenticationModuleV2.OnAuthenticateRequest(Object sender, EventArgs eventArgs) 在 System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() 在 System.Web.HttpApplication.ExecuteStepImpl(IExecutionStep step) 在 System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously... 28bc00a0-1979-300a-3da4-d9c46cbf4124
11/07/2021 16:48:29.09* w3wp.exe (0x0C38) 0x4AB0 SharePoint Foundation Runtime tkau Unexpected ...) 28bc00a0-1979-300a-3da4-d9c46cbf4124
11/07/2021 16:48:29.09 w3wp.exe (0x0C38) 0x4AB0 SharePoint Foundation General ajlz0 High Getting Error Message for Exception System.ServiceModel.FaultException`1[System.ServiceModel.ExceptionDetail]: Validate signature failure : no found matched security key for token signature. (错误详细信息等于 很可能由 IncludeExceptionDetailInFaults=true 创建的 ExceptionDetail,其值为: System.IdentityModel.Tokens.SecurityTokenException: Validate signature failure : no found matched security key for token signature. 在 Microsoft.SharePoint.IdentityModel.SPOpenIDSecurityTokenHandlerV2.ValidateSignature(String token, TokenValidationParameters validationParameters) 在 System.IdentityModel.Tokens.JwtSecurityTokenHandler.ValidateToken(String securityToken, TokenValidationParameters validationParameters, SecurityToken& validatedToken) 在 Microsoft.SharePoint.IdentityModel.SPOpenIDSecurityTokenHandlerV2.ValidateToken(String tokenString, TokenValidationParameters validationParameters, SecurityToken& token) 在 Microsoft.SharePoint.IdentityModel.SPOpenIDSecurityTokenHandlerV2.ValidateToken(SecurityToken token) 在 Microsoft.SharePoint.IdentityModel.SPSecurityTokenRequestContextV2..ctor(ClaimsIdentity identity, RequestSecurityToken request, Boolean initializeForActor, SPSecurityTokenRequestTypeV2 overrideRequestType) ...)。 28bc00a0-1979-300a-3da4-d9c46cbf4124
11/07/2021 16:48:29.09 w3wp.exe (0x0C38) 0x4AB0 SharePoint Foundation General aat87 Monitorable 28bc00a0-1979-300a-3da4-d9c46cbf4124
11/07/2021 16:48:29.09 w3wp.exe (0x0C38) 0x4AB0 SharePoint Foundation Authentication Authorization agb9s Medium Non-OAuth request. IsAuthenticated=False, UserIdentityName=, ClaimsCount=0 28bc00a0-1979-300a-3da4-d9c46cbf4124
11/07/2021 16:48:29.09 w3wp.exe (0x0C38) 0x4AB0 SharePoint Foundation General agxkz High calling GetCurrentGenericSetupPath for a versioned path: TEMPLATE\LAYOUTS 28bc00a0-1979-300a-3da4-d9c46cbf4124
11/07/2021 16:48:29.10 w3wp.exe (0x0C38) 0x4AB0 SharePoint Foundation Application Authentication 9s97c Medium SPApplicationAuthenticationModuleV2.IsBearerChallengeRequested: Return 'False'. 28bc00a0-1979-300a-3da4-d9c46cbf4124
11/07/2021 16:48:29.10 w3wp.exe (0x0C38) 0x4AB0 SharePoint Foundation Application Authentication 9s97n Medium The request isn't made to a page which allows NeverAuth to be specified in the query string 28bc00a0-1979-300a-3da4-d9c46cbf4124
11/07/2021 16:48:29.10 w3wp.exe (0x0C38) 0x4AB0 SharePoint Foundation Claims Authentication crpqx Medium STS setting for SuppressModernAuthForOfficeClients:'True'. 28bc00a0-1979-300a-3da4-d9c46cbf4124
11/07/2021 16:48:29.10 w3wp.exe (0x0C38) 0x4AB0 SharePoint Foundation Application Authentication 9s976 Medium IsClaimsTrustedAuthenticationOnly: 'False', IsOfficeClientIDCRLRequest: 'False', HasSPTrustedSecurityTokenIssuer: 'False', ForceIdcrlForOfficeClients: 'True'. 28bc00a0-1979-300a-3da4-d9c46cbf4124
11/07/2021 16:48:29.10 w3wp.exe (0x0C38) 0x4AB0 SharePoint Foundation Asp Runtime avwh5 Medium SPRequestModule.PreSendRequestHeaders End 28bc00a0-1979-300a-3da4-d9c46cbf4124
11/07/2021 16:48:29.10 w3wp.exe (0x0C38) 0x4AB0 SharePoint Foundation Asp Runtime avwhx Medium SPRequestModule.ErrorAppHandler End 28bc00a0-1979-300a-3da4-d9c46cbf4124
11/07/2021 16:48:29.10 w3wp.exe (0x0C38) 0x4AB0 SharePoint Foundation Asp Runtime avwia Medium SPRequestModule.PostLogRequestHandler Begin 28bc00a0-1979-300a-3da4-d9c46cbf4124
11/07/2021 16:48:29.10 w3wp.exe (0x0C38) 0x4AB0 SharePoint Foundation Asp Runtime avwib Medium SPRequestModule.PostLogRequestHandler End 28bc00a0-1979-300a-3da4-d9c46cbf4124
11/07/2021 16:48:29.10 w3wp.exe (0x0C38) 0x4AB0 SharePoint Foundation Asp Runtime avwic Medium SPRequestModule.EndRequestHandler Begin 28bc00a0-1979-300a-3da4-d9c46cbf4124
11/07/2021 16:48:29.10 w3wp.exe (0x0C38) 0x4AB0 SharePoint Foundation Micro Trace uls4 Medium Micro Trace Tags: 0 avwhy,0 nasq,0 avwhz,0 9brd4,0 9brdr,0 9brc8,0 9w647,0 9brbv,0 9brc8,0 9w647,0 deffe,0 9brbj,2 8p0r7,0 aeayb,11 btgia,0 9w636,0 avwhw,0 8nca,0 tkau,0 ajlz0,1 aat87,5 agb9s,0 agxkz,1 9s97c,0 9s97n,0 crpqx,0 9s976,0 avwh5,0 avwhx,0 avwia,0 avwib,0 avwic 28bc00a0-1979-300a-3da4-d9c46cbf4124
11/07/2021 16:48:29.10 w3wp.exe (0x0C38) 0x4AB0 SharePoint Foundation Runtime aoxsq Medium Sending HTTP response 200 for HTTP POST request 28bc00a0-1979-300a-3da4-d9c46cbf4124
11/07/2021 16:48:29.10 w3wp.exe (0x0C38) 0x4AB0 SharePoint Foundation Unified Audit bm7sm High SPRequestModule::CreatePageViewedAuditEntry: Required parameters not set properly,exiting creating PageViewed SPUnifiedAuditEntry 28bc00a0-1979-300a-3da4-d9c46cbf4124
11/07/2021 16:48:29.10 w3wp.exe (0x0C38) 0x4AB0 SharePoint Foundation Monitoring b4ly Medium Leaving Monitored Scope: (Request (POST:https://teamse1/_layouts/15/Authenticate.aspx?Source=%252F)) 执行时间=29.1365; CPU Milliseconds=18; SQL 查询计数=0; Parent=None 28bc00a0-1979-300a-3da4-d9c46cbf4124
11/07/2021 16:48:29.10 w3wp.exe (0x0C38) 0x4AB0 SharePoint Foundation Asp Runtime avwid Medium SPRequestModule.EndRequestHandler End 28bc00a0-1979-300a-3da4-d9c46cbf4124
Through browser F12 debug, the authentication flow had successfully gone from Keycloak to Sharepoint : _layouts/15/Authenticate.aspx?Source=%2F, and id_token successfully generated and could be verified through https://jwt.ms/
How to integrate 3rd party oidc server with SPSE?
Mar 08 2022 10:36 PM
@Hasan Köroğlu could you please share the ULS log?
Mar 15 2022 01:34 AM - edited Mar 15 2022 01:36 AM
03.15.2022 11:07:41.33 w3wp.exe (0xF50C) 0x11814 SharePoint Foundation Logging Correlation Data xmnv Medium Name=Request (POST:https://oidctest.contoso.local/_layouts/15/Authenticate.aspx?Source=%252F) b2ec29a0-34e1-808c-08b8-fecdfcecba7e
03.15.2022 11:07:41.33 w3wp.exe (0xF50C) 0x11814 SharePoint Foundation Asp Runtime avwhz Medium SPRequestModule.BeginRequestHandler End, SP Build Version: '16.0.14326.20602' b2ec29a0-34e1-808c-08b8-fecdfcecba7e
03.15.2022 11:07:41.33 w3wp.exe (0xF50C) 0x11814 SharePoint Foundation Nonce Cookie 9brd4 Medium SPContextCookie : Using full host domain for cookie. CookieName: 'nSGt'. b2ec29a0-34e1-808c-08b8-fecdfcecba7e
03.15.2022 11:07:41.33 w3wp.exe (0xF50C) 0x11814 SharePoint Foundation Nonce Cookie 9brdr Medium SPCryptoContextCookie : Initial Secondary certificate is null and we did not receive a secondary certificate thumbprint. b2ec29a0-34e1-808c-08b8-fecdfcecba7e
03.15.2022 11:07:41.33 w3wp.exe (0xF50C) 0x11814 SharePoint Foundation Nonce Cookie 9brc8 Medium SPNonceCookie : The Identifier is set successfully. Identifier: '', NonceToSendToIdentityProvider: '1052C7C0B64939E9AD4ED9E0AE79DA9377E650180CDEE9B5-7EADB364F29A63E9C52B0B4B33A094168CDC8354D8D684DF522F06FD78AD4188'. b2ec29a0-34e1-808c-08b8-fecdfcecba7e
03.15.2022 11:07:41.33 w3wp.exe (0xF50C) 0x11814 SharePoint Foundation Claims Authentication 9w647 Medium Using input cookie name. CookieName: 'nSGt-1052C7C0B64939E9AD4ED9E0AE79DA9377E650180CDEE9B5'. b2ec29a0-34e1-808c-08b8-fecdfcecba7e
03.15.2022 11:07:41.33 w3wp.exe (0xF50C) 0x11814 SharePoint Foundation Nonce Cookie 9brbv Medium SPNonceCookie : Successfully read nonce cookie. Version: '0', Seed: '9DA2E444C81E8DA541AC5FEC919C82198F7FD7BDD6403B93', Identifier: '1052C7C0B64939E9AD4ED9E0AE79DA9377E650180CDEE9B5'. b2ec29a0-34e1-808c-08b8-fecdfcecba7e
03.15.2022 11:07:41.33 w3wp.exe (0xF50C) 0x11814 SharePoint Foundation Nonce Cookie 9brc8 Medium SPNonceCookie : The Identifier is set successfully. Identifier: '1052C7C0B64939E9AD4ED9E0AE79DA9377E650180CDEE9B5', NonceToSendToIdentityProvider: '1052C7C0B64939E9AD4ED9E0AE79DA9377E650180CDEE9B5-7EADB364F29A63E9C52B0B4B33A094168CDC8354D8D684DF522F06FD78AD4188'. b2ec29a0-34e1-808c-08b8-fecdfcecba7e
03.15.2022 11:07:41.33 w3wp.exe (0xF50C) 0x11814 SharePoint Foundation Claims Authentication 9w647 Medium Using input cookie name. CookieName: 'nSGt-1052C7C0B64939E9AD4ED9E0AE79DA9377E650180CDEE9B5'. b2ec29a0-34e1-808c-08b8-fecdfcecba7e
03.15.2022 11:07:41.33 w3wp.exe (0xF50C) 0x11814 SharePoint Foundation Authentication Authorization deffe Medium The browser does support SameSite at revision 3 of RFC6265. b2ec29a0-34e1-808c-08b8-fecdfcecba7e
03.15.2022 11:07:41.33 w3wp.exe (0xF50C) 0x11814 SharePoint Foundation Nonce Cookie 9brbj Medium SPNonceCookie : Deleted nonce cookie if present. Identifier: '1052C7C0B64939E9AD4ED9E0AE79DA9377E650180CDEE9B5'. b2ec29a0-34e1-808c-08b8-fecdfcecba7e
03.15.2022 11:07:41.33 w3wp.exe (0xF50C) 0x11814 SharePoint Foundation Security Token Handler 8p0r7 Medium Audience GUID matches trusted login provider default client identifier. Audience: 'oidctest', provider Default Identifier: 'oidctest', provider Uri: ''. b2ec29a0-34e1-808c-08b8-fecdfcecba7e
03.15.2022 11:07:41.33 w3wp.exe (0xF50C) 0x11814 SharePoint Foundation Topology aeayb Medium SecurityTokenServiceSendRequest: RemoteAddress: 'http://localhost:32843/SecurityTokenServiceApplication/securitytoken.svc' Channel: 'System.ServiceModel.Security.IWSTrustChannelContract' Action: 'http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue' MessageId: 'urn:uuid:b7edff6c-0098-4e63-adcb-f52ab2636b2a' b2ec29a0-34e1-808c-08b8-fecdfcecba7e
03.15.2022 11:07:41.34 w3wp.exe (0x8518) 0xF464 SharePoint Foundation Topology aeax9 Medium SecurityTokenServiceReceiveRequest: LocalAddress: 'http://sp04.sp.local:32843/SecurityTokenServiceApplication/securitytoken.svc' Channel: 'System.ServiceModel.Channels.ServiceChannel' Action: 'http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue' MessageId: 'urn:uuid:b7edff6c-0098-4e63-adcb-f52ab2636b2a' b2ec29a0-34e1-808c-08b8-fecdfcecba7e
03.15.2022 11:07:41.34 w3wp.exe (0x8518) 0xF464 SharePoint Foundation Monitoring nasq Medium Entering Monitored Scope (ExecuteSecurityTokenServiceOperationServer). Parent=None b2ec29a0-34e1-808c-08b8-fecdfcecba7e
03.15.2022 11:07:41.34 w3wp.exe (0x8518) 0xF464 SharePoint Foundation Security Token Service 9w6kv Medium STS Call: Creating Claims Operations Scope for Applies To Uri: 'https://oidctest.contoso.local/'. b2ec29a0-34e1-808c-08b8-fecdfcecba7e
03.15.2022 11:07:41.34 w3wp.exe (0x8518) 0xF464 SharePoint Foundation Claims Authentication a6oo7 Medium Created claims operation context from uri. ContextUri: 'https://oidctest.contoso.local/', Source: 'SiteWithoutSiteSubscription'. b2ec29a0-34e1-808c-08b8-fecdfcecba7e
03.15.2022 11:07:41.34 w3wp.exe (0x8518) 0xF464 SharePoint Foundation Security Token Service 9w6k3 Medium Creating SPSecurityTokenRequestContextV2 object for security token service Issue request. b2ec29a0-34e1-808c-08b8-fecdfcecba7e
03.15.2022 11:07:41.34 w3wp.exe (0x8518) 0xF464 SharePoint Foundation Security Token Service 9w6k0 Monitorable STS Call: Failed to issue new security token. Exception: 'System.IdentityModel.Tokens.SecurityTokenException: Validate signature failure : no found matched security key for token signature. at Microsoft.SharePoint.IdentityModel.SPOpenIDSecurityTokenHandlerV2.ValidateSignature(String token, TokenValidationParameters validationParameters) at System.IdentityModel.Tokens.JwtSecurityTokenHandler.ValidateToken(String securityToken, TokenValidationParameters validationParameters, SecurityToken& validatedToken) at Microsoft.SharePoint.IdentityModel.SPOpenIDSecurityTokenHandlerV2.ValidateToken(String tokenString, TokenValidationParameters validationParameters, SecurityToken& token) at Microsoft.SharePoint.IdentityModel.SPOpenIDSecurityTokenHandlerV2.ValidateToken(SecurityToken token) at Microsoft.SharePoint.IdentityModel.SPSecurityTokenRequestContextV2..ctor(ClaimsIdentity identity, RequestSecurityToken request, Boolean initializeForActor, SPSecurityTokenRequestTypeV2 overrideRequestType) at Microsoft.SharePoint.IdentityModel.SPSecurityTokenServiceV2.Issue(ClaimsPrincipal principal, RequestSecurityToken request)'. b2ec29a0-34e1-808c-08b8-fecdfcecba7e
03.15.2022 11:07:41.34 w3wp.exe (0x8518) 0xF464 SharePoint Foundation Monitoring b4ly Medium Leaving Monitored Scope: (ExecuteSecurityTokenServiceOperationServer) Execution Time=3.2962; CPU Milliseconds=3; SQL Query Count=0; Parent=None b2ec29a0-34e1-808c-08b8-fecdfcecba7e
03.15.2022 11:07:41.34 w3wp.exe (0xF50C) 0x11814 SharePoint Foundation Security Token Service Caller btgia High SPSecurityContext: Request for security token failed with exception. Exception: 'System.ServiceModel.FaultException: The server was unable to process the request due to an internal error. For more information about the error, either turn on IncludeExceptionDetailInFaults (either from ServiceBehaviorAttribute or from the <serviceDebug> configuration behavior) on the server in order to send the exception information back to the client, or turn on tracing as per the Microsoft .NET Framework SDK documentation and inspect the server trace logs. at System.ServiceModel.Security.WSTrustChannel.ReadResponse(Message response) at System.ServiceModel.Security.WSTrustChannel.Issue(RequestSecurityToken rst, RequestSecurityTokenResponse& rstr) at System.ServiceModel.Security.WSTrustChannel.Issue(RequestSecurityToken rst) at Microsoft.SharePoint.SPSecurityContext.SecurityTokenForContext(Uri context, Boolean bearerToken, SecurityToken onBehalfOf, SecurityToken actAs, SecurityToken delegateTo, SPRequestSecurityTokenProperties properties)'. b2ec29a0-34e1-808c-08b8-fecdfcecba7e
03.15.2022 11:07:41.34 w3wp.exe (0xF50C) 0x11814 SharePoint Foundation Claims Authentication 8306 Critical An exception occurred when trying to issue security token: The server was unable to process the request due to an internal error. For more information about the error, either turn on IncludeExceptionDetailInFaults (either from ServiceBehaviorAttribute or from the <serviceDebug> configuration behavior) on the server in order to send the exception information back to the client, or turn on tracing as per the Microsoft .NET Framework SDK documentation and inspect the server trace logs.. b2ec29a0-34e1-808c-08b8-fecdfcecba7e
03.15.2022 11:07:41.34 w3wp.exe (0xF50C) 0x11814 SharePoint Foundation Claims Authentication 9w636 Unexpected Claims Saml Sign-In: Could not get local token for trusted third party token. FaultException: 'System.ServiceModel.FaultException: The server was unable to process the request due to an internal error. For more information about the error, either turn on IncludeExceptionDetailInFaults (either from ServiceBehaviorAttribute or from the <serviceDebug> configuration behavior) on the server in order to send the exception information back to the client, or turn on tracing as per the Microsoft .NET Framework SDK documentation and inspect the server trace logs. at System.ServiceModel.Security.WSTrustChannel.ReadResponse(Message response) at System.ServiceModel.Security.WSTrustChannel.Issue(RequestSecurityToken rst, RequestSecurityTokenResponse& rstr) at System.ServiceModel.Security.WSTrustChannel.Issue(RequestSecurityToken rst) at Microsoft.SharePoint.SPSecurityContext.SecurityTokenForContext(Uri context, Boolean bearerToken, SecurityToken onBehalfOf, SecurityToken actAs, SecurityToken delegateTo, SPRequestSecurityTokenProperties properties) at Microsoft.SharePoint.SPSecurityContext.SecurityTokenForOnBehalfOfContext(Uri context, SecurityToken onBehalfOf) at Microsoft.SharePoint.IdentityModel.SPFederationAuthenticationModuleV2.ExchangeArgumentTrustedThirdPartySessionSecurityTokenForLocalToken(SecurityToken thirdPartyToken, SessionSecurityTokenCreatedEventArgs arguments)'. Stack: ' at System.ServiceModel.Security.WSTrustChannel.ReadResponse(Message response) at System.ServiceModel.Security.WSTrustChannel.Issue(RequestSecurityToken rst, RequestSecurityTokenResponse& rstr) at System.ServiceModel.Security.WSTrustChannel.Issue(RequestSecurityToken rst) at Microsoft.SharePoint.SPSecurityContext.SecurityTokenForContext(Uri context, Boolean bearerToken, SecurityToken onBehalfOf, SecurityToken actAs, SecurityToken delegateTo, SPRequestSecurityTokenProperties properties) at Microsoft.SharePoint.SPSecurityContext.SecurityTokenForOnBehalfOfContext(Uri context, SecurityToken onBehalfOf) at Microsoft.SharePoint.IdentityModel.SPFederationAuthenticationModuleV2.ExchangeArgumentTrustedThirdPartySessionSecurityTokenForLocalToken(SecurityToken thirdPartyToken, SessionSecurityTokenCreatedEventArgs arguments)'. b2ec29a0-34e1-808c-08b8-fecdfcecba7e
03.15.2022 11:07:41.35 w3wp.exe (0xF50C) 0x11814 SharePoint Foundation Asp Runtime avwhw Medium SPRequestModule.ErrorAppHandler Begin b2ec29a0-34e1-808c-08b8-fecdfcecba7e
03.15.2022 11:07:41.35 w3wp.exe (0xF50C) 0x11814 SharePoint Foundation General 8nca Medium Application error when access /_layouts/15/Authenticate.aspx, Error=The server was unable to process the request due to an internal error. For more information about the error, either turn on IncludeExceptionDetailInFaults (either from ServiceBehaviorAttribute or from the <serviceDebug> configuration behavior) on the server in order to send the exception information back to the client, or turn on tracing as per the Microsoft .NET Framework SDK documentation and inspect the server trace logs. at System.ServiceModel.Security.WSTrustChannel.ReadResponse(Message response) at System.ServiceModel.Security.WSTrustChannel.Issue(RequestSecurityToken rst, RequestSecurityTokenResponse& rstr) at System.ServiceModel.Security.WSTrustChannel.Issue(RequestSecurityToken rst) at Microsoft.SharePoint.SPSecurityContext.SecurityTokenForContext(Uri context, Boolean bearerToken, SecurityToken onBehalfOf, SecurityToken actAs, SecurityToken delegateTo, SPRequestSecurityTokenProperties properties) at Microsoft.SharePoint.SPSecurityContext.SecurityTokenForOnBehalfOfContext(Uri context, SecurityToken onBehalfOf) at Microsoft.SharePoint.IdentityModel.SPFederationAuthenticationModuleV2.ExchangeArgumentTrustedThirdPartySessionSecurityTokenForLocalToken(SecurityToken thirdPartyToken, SessionSecurityTokenCreatedEventArgs arguments) at Microsoft.SharePoint.IdentityModel.SPFederationAuthenticationModuleV2.OnSessionSecurityTokenCreated(SessionSecurityTokenCreatedEventArgs eventArgs) at System.IdentityModel.Services.WSFederationAuthenticationModule.SetPrincipalAndWriteSessionToken(SessionSecurityToken sessionToken, Boolean isSession) at System.IdentityModel.Services.WSFederationAuthenticationModule.SignInWithResponseMessage(HttpRequestBase request) at System.IdentityModel.Services.WSFederationAuthenticationModule.OnAuthenticateRequest(Object sender, EventArgs args) at Microsoft.SharePoint.IdentityModel.SPFederationAuthenticationModuleV2.OnAuthenticateRequest(Object sender, EventArgs eventArgs) at System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() at System.Web.HttpApplication.ExecuteStepImpl(IExecutionStep step) at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) b2ec29a0-34e1-808c-08b8-fecdfcecba7e
03.15.2022 11:07:41.35 w3wp.exe (0xF50C) 0x11814 SharePoint Foundation Runtime tkau Unexpected System.ServiceModel.FaultException: The server was unable to process the request due to an internal error. For more information about the error, either turn on IncludeExceptionDetailInFaults (either from ServiceBehaviorAttribute or from the <serviceDebug> configuration behavior) on the server in order to send the exception information back to the client, or turn on tracing as per the Microsoft .NET Framework SDK documentation and inspect the server trace logs. at System.ServiceModel.Security.WSTrustChannel.ReadResponse(Message response) at System.ServiceModel.Security.WSTrustChannel.Issue(RequestSecurityToken rst, RequestSecurityTokenResponse& rstr) at System.ServiceModel.Security.WSTrustChannel.Issue(RequestSecurityToken rst) at Microsoft.SharePoint.SPSecurityContext.SecurityTokenForContext(Uri context, Boolean bearerToken, SecurityToken onBehalfOf, SecurityToken actAs, SecurityToken delegateTo, SPRequestSecurityTokenProperties properties) at Microsoft.SharePoint.SPSecurityContext.SecurityTokenForOnBehalfOfContext(Uri context, SecurityToken onBehalfOf) at Microsoft.SharePoint.IdentityModel.SPFederationAuthenticationModuleV2.ExchangeArgumentTrustedThirdPartySessionSecurityTokenForLocalToken(SecurityToken thirdPartyToken, SessionSecurityTokenCreatedEventArgs arguments) at Microsoft.SharePoint.IdentityModel.SPFederationAuthenticationModuleV2.OnSessionSecurityTokenCreated(SessionSecurityTokenCreatedEventArgs eventArgs) at System.IdentityModel.Services.WSFederationAuthenticationModule.SetPrincipalAndWriteSessionToken(SessionSecurityToken sessionToken, Boolean isSession) at System.IdentityModel.Services.WSFederationAuthenticationModule.SignInWithResponseMessage(HttpRequestBase request) at System.IdentityModel.Services.WSFederationAuthenticationModule.OnAuthenticateRequest(Object sender, EventArgs args) at Microsoft.SharePoint.IdentityModel.SPFederationAuthenticationModuleV2.OnAuthenticateRequest(Object sender, EventArgs eventArgs) at System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() at System.Web.HttpApplication.ExecuteStepImpl(IExecutionStep step) at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) b2ec29a0-34e1-808c-08b8-fecdfcecba7e
03.15.2022 11:07:41.35 w3wp.exe (0xF50C) 0x11814 SharePoint Foundation General ajlz0 High Getting Error Message for Exception System.ServiceModel.FaultException: The server was unable to process the request due to an internal error. For more information about the error, either turn on IncludeExceptionDetailInFaults (either from ServiceBehaviorAttribute or from the <serviceDebug> configuration behavior) on the server in order to send the exception information back to the client, or turn on tracing as per the Microsoft .NET Framework SDK documentation and inspect the server trace logs. at System.ServiceModel.Security.WSTrustChannel.ReadResponse(Message response) at System.ServiceModel.Security.WSTrustChannel.Issue(RequestSecurityToken rst, RequestSecurityTokenResponse& rstr) at System.ServiceModel.Security.WSTrustChannel.Issue(RequestSecurityToken rst) at Microsoft.SharePoint.SPSecurityContext.SecurityTokenForContext(Uri context, Boolean bearerToken, SecurityToken onBehalfOf, SecurityToken actAs, SecurityToken delegateTo, SPRequestSecurityTokenProperties properties) at Microsoft.SharePoint.SPSecurityContext.SecurityTokenForOnBehalfOfContext(Uri context, SecurityToken onBehalfOf) at Microsoft.SharePoint.IdentityModel.SPFederationAuthenticationModuleV2.ExchangeArgumentTrustedThirdPartySessionSecurityTokenForLocalToken(SecurityToken thirdPartyToken, SessionSecurityTokenCreatedEventArgs arguments) at Microsoft.SharePoint.IdentityModel.SPFederationAuthenticationModuleV2.OnSessionSecurityTokenCreated(SessionSecurityTokenCreatedEventArgs eventArgs) at System.IdentityModel.Services.WSFederationAuthenticationModule.SetPrincipalAndWriteSessionToken(SessionSecurityToken sessionToken, Boolean isSession) at System.IdentityModel.Services.WSFederationAuthenticationModule.SignInWithResponseMessage(HttpRequestBase request) at System.IdentityModel.Services.WSFederationAuthenticationModule.OnAuthenticateRequest(Object sender, EventArgs args) at Microsoft.SharePoint.IdentityModel.SPFederationAuthenticationModuleV2.OnAuthenticateRequest(Object sender, EventArgs eventArgs) at System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() at System.Web.HttpApplication.ExecuteStepImpl(IExecutionStep step) at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) b2ec29a0-34e1-808c-08b8-fecdfcecba7e
03.15.2022 11:07:41.35 w3wp.exe (0xF50C) 0x11814 SharePoint Foundation General aat87 Monitorable b2ec29a0-34e1-808c-08b8-fecdfcecba7e
03.15.2022 11:07:41.35 w3wp.exe (0xF50C) 0x11814 SharePoint Foundation Authentication Authorization agb9s Medium Non-OAuth request. IsAuthenticated=False, UserIdentityName=, ClaimsCount=0 b2ec29a0-34e1-808c-08b8-fecdfcecba7e
03.15.2022 11:07:41.35 w3wp.exe (0xF50C) 0x11814 SharePoint Foundation General agxkz High calling GetCurrentGenericSetupPath for a versioned path: TEMPLATE\LAYOUTS b2ec29a0-34e1-808c-08b8-fecdfcecba7e
03.15.2022 11:07:41.35 w3wp.exe (0xF50C) 0x11814 SharePoint Foundation Application Authentication 9s97c Medium SPApplicationAuthenticationModuleV2.IsBearerChallengeRequested: Return 'False'. b2ec29a0-34e1-808c-08b8-fecdfcecba7e
03.15.2022 11:07:41.35 w3wp.exe (0xF50C) 0x11814 SharePoint Foundation Application Authentication 9s97n Medium The request isn't made to a page which allows NeverAuth to be specified in the query string b2ec29a0-34e1-808c-08b8-fecdfcecba7e
03.15.2022 11:07:41.35 w3wp.exe (0xF50C) 0x11814 SharePoint Foundation Claims Authentication crpqx Medium STS setting for SuppressModernAuthForOfficeClients:'True'. b2ec29a0-34e1-808c-08b8-fecdfcecba7e
03.15.2022 11:07:41.35 w3wp.exe (0xF50C) 0x11814 SharePoint Foundation Application Authentication 9s976 Medium IsClaimsTrustedAuthenticationOnly: 'False', IsOfficeClientIDCRLRequest: 'False', HasSPTrustedSecurityTokenIssuer: 'False', ForceIdcrlForOfficeClients: 'True'. b2ec29a0-34e1-808c-08b8-fecdfcecba7e
03.15.2022 11:07:41.35 w3wp.exe (0xF50C) 0x11814 SharePoint Foundation Asp Runtime avwh5 Medium SPRequestModule.PreSendRequestHeaders End b2ec29a0-34e1-808c-08b8-fecdfcecba7e
03.15.2022 11:07:41.35 w3wp.exe (0xF50C) 0x11814 SharePoint Foundation Asp Runtime avwhx Medium SPRequestModule.ErrorAppHandler End b2ec29a0-34e1-808c-08b8-fecdfcecba7e
03.15.2022 11:07:41.35 w3wp.exe (0xF50C) 0x11814 SharePoint Foundation Asp Runtime avwia Medium SPRequestModule.PostLogRequestHandler Begin b2ec29a0-34e1-808c-08b8-fecdfcecba7e
03.15.2022 11:07:41.35 w3wp.exe (0xF50C) 0x11814 SharePoint Foundation Asp Runtime avwib Medium SPRequestModule.PostLogRequestHandler End b2ec29a0-34e1-808c-08b8-fecdfcecba7e
03.15.2022 11:07:41.35 w3wp.exe (0xF50C) 0x11814 SharePoint Foundation Asp Runtime avwic Medium SPRequestModule.EndRequestHandler Begin b2ec29a0-34e1-808c-08b8-fecdfcecba7e
03.15.2022 11:07:41.35 w3wp.exe (0xF50C) 0x11814 SharePoint Foundation Micro Trace uls4 Medium Micro Trace Tags: 0 avwhy,0 nasq,1 avwhz,0 9brd4,0 9brdr,0 9brc8,0 9w647,0 9brbv,0 9brc8,0 9w647,0 deffe,0 9brbj,2 8p0r7,1 aeayb,12 btgia,0 9w636,0 avwhw,0 8nca,0 tkau,0 ajlz0,1 aat87,2 agb9s,0 agxkz,1 9s97c,0 9s97n,0 crpqx,0 9s976,0 avwh5,0 avwhx,0 avwia,0 avwib,0 avwic b2ec29a0-34e1-808c-08b8-fecdfcecba7e
03.15.2022 11:07:41.35 w3wp.exe (0xF50C) 0x11814 SharePoint Foundation Runtime aoxsq Medium Sending HTTP response 200 for HTTP POST request b2ec29a0-34e1-808c-08b8-fecdfcecba7e
03.15.2022 11:07:41.35 w3wp.exe (0xF50C) 0x11814 SharePoint Foundation Unified Audit bm7sm High SPRequestModule::CreatePageViewedAuditEntry: Required parameters not set properly,exiting creating PageViewed SPUnifiedAuditEntry b2ec29a0-34e1-808c-08b8-fecdfcecba7e
03.15.2022 11:07:41.35 w3wp.exe (0xF50C) 0x11814 SharePoint Foundation Monitoring b4ly Medium Leaving Monitored Scope: (Request (POST:https://oidctest.contoso.local/_layouts/15/Authenticate.aspx?Source=%252F)) Execution Time=26.8099; CPU Milliseconds=16; SQL Query Count=0; Parent=None b2ec29a0-34e1-808c-08b8-fecdfcecba7e
03.15.2022 11:07:41.35 w3wp.exe (0xF50C) 0x11814 SharePoint Foundation Asp Runtime avwid Medium SPRequestModule.EndRequestHandler End b2ec29a0-34e1-808c-08b8-fecdfcecba7e
Mar 15 2022 01:56 AM
Mar 15 2022 01:58 AM
Mar 15 2022 04:24 AM
Mar 15 2022 06:56 PM
Mar 16 2022 02:41 AM
Mar 17 2022 12:16 PM
Would you mind posting a screenshot or an export of your sharepoint client config inside of keycloak now that you've got it working? Or even just an example access or id token that has the claims you added to get it working?
Thanks for anything you can provide to help us out!
Mar 17 2022 11:19 PM
@benjamin8733 see the attached screenshot.
You need to create token mappers for username mapping.
Mar 18 2022 03:23 PM
Could you list what client scopes and mappers you've configured in keycloak to get this to work? and what claim type you've configured on the sharepoint side to recieve those claims?
So far i've been unsuccessful in getting keycloak to work with SPSE, although now the token is validating correctly (per the ULS logs) since the March CU, so appears i'm missing some critical claims for sharepoint to grant access.
Currently I'm attempting to use "email" as the claim on both sides to match.
Mar 20 2022 08:00 PM
Mar 22 2022 01:25 PM
Thanks so much jinzhong he! Knowing you got it working helped me get to the bottom of our issue.
On our keycloak instances (latest 17.0.0 quarkus version), in a new test realm, the default for "Access Token Lifespan" is set to 5 minutes. (For reference, on ADFS, this same value defaults to 60 minutes).
This is all fine usually, as many apps, (excluding sharepoint), we've tested on both keycloak and adfs work fine with either IdP with default timeouts.
But sharepoint has an odd behavior, in that by default: "when there are less than 10 minutes left in the lifetime SharePoint considers it expired" (quote from https://sharepoint.stackexchange.com/users/3338/infotekka at SharePoint 2013 ADFS login local token cache always expired - SharePoint Stack Exchange )
The ULS logs confirmed the issue after sso login: "Found matching token cache entry but it's token is expired."
So sharepoint was rejecting the token as expired immediately after the successful SSO login from keycloak had completed. Adjusting the keycloak realm settings for "Access Token Lifespan" to 60 minutes up from the default 5 minutes fixed our issue. Login to sharepoint is now working correctly against keycloak.
Aug 04 2022 07:16 AM
Aug 29 2022 06:46 AM
Would you mind opening a support ticket to us for your specific problem? We will be able to follow up with you.
And also add @Troy Starr here as well.
Aug 29 2022 06:48 AM
Aug 29 2022 04:40 PM
Hi @ictotum, you can open a support case by going to https://support.microsoft.com/contactus, then clicking Show expanded list of products, then clicking SharePoint Server. The cost to open a support case will depend on the type of support contract your organization has with Microsoft.
Apr 19 2024 01:58 PM