ADFSMFA用のカスタム Authenticator を作成しました。私はメタデータで認証方法を定義しました:
class MyMetadata : IAuthenticationAdapterMetadata
{
public virtual string[] AuthenticationMethods
{
get { return new[] {
"http://schemas.microsoft.com/ws/2012/12/authmethod/otp" }; }
}
}
また、私の TryEndAuthentication は次のように定義されています。
public IAdapterPresentation TryEndAuthentication(IAuthenticationContext context, IProofData proofData, HttpListenerRequest request, out Claim[] claims)
{
claims = new Claim[0];
//return new MyPresentationForm();
System.Security.Claims.Claim claim = new System.Security.Claims.Claim("http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod", "http://schemas.microsoft.com/ws/2012/12/authmethod/otp");
claims = new System.Security.Claims.Claim[] { claim };
return null;
}
しかし、ADFS ログに次のエラーが表示されます。
Encountered error during federation passive request.
Additional Data
Protocol Name:
Saml
Relying Party:
gitlab-app
Exception details:
System.IO.InvalidDataException: The authentication provider returned authentication method http://schemas.microsoft.com/ws/2012/12/authmethod/otp, which is not specified as a supported authentication method in the provider's metadata.
at Microsoft.IdentityServer.Web.Authentication.External.ExternalAuthenticationHandler.ValidateAdapterClaims(IAuthenticationContext authContext, ICollection`1 claims, Int32 responseLcid)
at Microsoft.IdentityServer.Web.Authentication.External.ExternalAuthenticationHandler.ProcessAdapterClaims(ICollection`1 claims, AuthenticationContext authContext, ProtocolContext context, IAccountStoreUserData userData)
at Microsoft.IdentityServer.Web.Authentication.External.ExternalAuthenticationHandler.Process(ProtocolContext context)
at Microsoft.IdentityServer.Web.Authentication.AuthenticationOptionsHandler.Process(ProtocolContext context)
at Microsoft.IdentityServer.Web.PassiveProtocolListener.OnGetContext(WrappedHttpListenerContext context)