WIF トレース

  • [アーティクル]

このトピックでは、Windows® Identity Foundation (WIF) でトレースを使用する方法について説明します。 これは、Windows Communication Foundation (WCF) トレースに似ています。 WCF トレースの詳細については、「トレースを有効にする方法」を参照してください。

トレースを有効にする方法

トレースを有効にするには、アプリケーションの app.config ファイルまたは web.config ファイルで設定するのが最も簡単な方法です。 次の構成を C:\logs\WIF.xml ファイルに記述すると、WIF トレースを有効にできます。 ログ ファイルを書き込むフォルダーが既に存在している必要があります。WIF トレースは svctraceviewer.exe で表示できます。これは、Visual Studio のインストール先ドライブの \Program Files\Microsoft SDKs\Windows\v6.0A\bin にあります。

<system.diagnostics>

  <sources> <source name="Microsoft.IdentityModel" switchValue="Verbose"> <listeners> <add name="xml" type="System.Diagnostics.XmlWriterTraceListener" initializeData="C:\logs\WIF.xml" /> </listeners> </source> </sources>

  <trace autoflush="true" />

</system.diagnostics>

次の構成を C:\logs\WCF.xml ファイルおよび C:\logs\WIF.xml ファイルに記述すると、それぞれ WCF トレースおよび WIF トレースを有効にできます。 トレース ソースは、source 要素の name 属性によって識別されます。

<system.diagnostics>

  <sources>

    <source name="Microsoft.IdentityModel" switchValue="Verbose"> <listeners> <add name="wif" /> </listeners> </source>

    <source name="System.ServiceModel.MessageLogging" logKnownPii="false" switchValue="Verbose"> <listeners> <add name="wcf" /> </listeners> </source>

  </sources>

  <sharedListeners> <add name="wcf" type="System.Diagnostics.XmlWriterTraceListener" initializeData="C:\logs\WCF.xml" /> <add name="wif" type="System.Diagnostics.XmlWriterTraceListener" initializeData="C:\logs\WIF.xml" /> </sharedListeners>

  <trace autoflush="true" />

</system.diagnostics>
security セキュリティ メモ :
WIF トレースでは、個人を特定できる情報 (PII) のフィルター処理が行われることはありません。 このため、WIF トレースはセキュリティで保護された場所に保存する必要があります。

トレース

このトピックでは、次のトレースについて説明します。

  • ChunkedCookieHandler

  • ClaimsPrincipal

  • DeflateCookie

  • HashTrace

  • PassiveMessage

  • Reference

  • Token

  • WsFedMessage

  • 例外

  • AppDomain アンロード

次の表に、各シナリオで使用すると便利なトレースを示します。

STS 開発者向け:

トークン発行 シナリオ トレース

WS-Federation

トークンを発行できない

HashTrace

警告: WS-Federation メッセージが処理されない

HashTrace

成功

Token

RST の受け取り

Token

POST 本文 (wresult を含む)

PassiveMessage、WsFedMessage

HashTraceRecord

HashTrace

WS-Trust

RST での ActAs 要求

HashTrace

RSTR/RST (WCF トレース)

HashTrace

RP 開発者向け:

トークンの検証 シナリオ トレース

WS-Federation

失敗 (対象ユーザー URI、証明書検証)

HashTrace、Reference

警告: WS-Federation メッセージが処理されない

HashTrace、Reference

成功

Token

ClaimsPrincipal

ClaimsPrincipal

POST 本文 (FedPassive 応答)

PassiveMessage、WsFedMessage

Cookie (名前)

ChunkedCookie

その他

承認

ClaimsPrincipal

例外

Exception

ChunkedCookieHandler

ChunkedCookieHandler トレースには、Cookie に関する情報 (名前、サイズ、パス、ドメイン、有効期限、チャネルがセキュリティで保護されていたかどうか、および読み取り、書き込み、削除のいずれの動作が実行されるか) が保存されます。

次のトレースは、書き込まれる Cookie に関する情報を表しています。

<E2ETraceEvent xmlns="https://schemas.microsoft.com/2004/06/E2ETraceEvent">

  <System xmlns="https://schemas.microsoft.com/2004/06/windows/eventlog/system"> <EventID>0</EventID> <Type>3</Type> <SubType Name="Information">0</SubType> <Level>8</Level> <TimeCreated SystemTime="2009-08-27T16:06:43.3655884Z" /> <Source Name="Microsoft.IdentityModel" /> <Correlation ActivityID="{00000000-0000-0000-5a00-0080000000f7}" /> <Execution ProcessName="w3wp" ProcessID="3412" ThreadID="4" /> <Channel/> <Computer>MyComputer</Computer> </System>

  <ApplicationData> <TraceData> <DataItem>ChunkedCookieHandler: Writing Name=FedAuth Path=/ Domain= Expires=Session Secure=True HttpOnly=True</DataItem> </TraceData> </ApplicationData>

</E2ETraceEvent>

次のトレースは、読み取られる Cookie に関する情報を表しています。

<E2ETraceEvent xmlns="https://schemas.microsoft.com/2004/06/E2ETraceEvent">

  <System xmlns="https://schemas.microsoft.com/2004/06/windows/eventlog/system"> <EventID>0</EventID> <Type>3</Type> <SubType Name="Information">0</SubType> <Level>8</Level> <TimeCreated SystemTime="2009-08-27T16:06:43.3812141Z" /> <Source Name="Microsoft.IdentityModel" /> <Correlation ActivityID="{00000000-0000-0000-5b00-0080000000f7}" /> <Execution ProcessName="w3wp" ProcessID="3412" ThreadID="4" /> <Channel/> <Computer>MyComputer</Computer> </System>

  <ApplicationData> <TraceData> <DataItem>ChunkedCookieHandler: Reading Name=FedAuth</DataItem> </TraceData> </ApplicationData>

</E2ETraceEvent>

ClaimsPrincipal

ClaimsPrincipal トレースには、プリンシパルに関する情報 (名前、プリンシパルに含まれているすべての要求 ID) が保存されます。 各要求 ID には、名前、NameClaimType、RoleClaimType、Lavel、Actor (空の場合があります)、および一連の要求が含まれます。

ClaimsPrincipal トレースの例を次に示します。

<E2ETraceEvent xmlns="https://schemas.microsoft.com/2004/06/E2ETraceEvent">

  <System xmlns="https://schemas.microsoft.com/2004/06/windows/eventlog/system"> <EventID>1</EventID> <Type>3</Type> <SubType Name="Information">0</SubType> <Level>8</Level> <TimeCreated SystemTime="2009-08-28T00:37:18.9548714Z" /> <Source Name="Microsoft.IdentityModel" /> <Correlation ActivityID="{00000000-0000-0000-0000-000000000000}" /> <Execution ProcessName="ActiveStsExample.vshost" ProcessID="4380" ThreadID="11" /> <Channel/> <Computer>MyComputer</Computer> </System>

  <ApplicationData> <TraceData> <DataItem> <TraceRecord xmlns="https://schemas.microsoft.com/2009/10/IdentityModel/TraceRecord" Severity="Information">

          <Description>Setting an IClaimsPrincipal on the current EvaluationContext</Description>

          <AppDomain>ActiveStsExample.vshost.exe</AppDomain>

          <ClaimsPrincipalTraceRecord xmlns="https://schemas.microsoft.com/2009/06/IdentityModel/ClaimsPrincipalTraceRecord"> <ClaimsPrincipal Identity.Name="MyDomain\MyUserName"> <ClaimsIdentity Name="MyDomain\MyUserName" NameClaimType="https://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" RoleClaimType="https://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid" Label="">

                <Claim Value="MyDomain\MyUserName" Type="https://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" ValueType="http://www.w3.org/2001/XMLSchema#string"></Claim>

                <Claim Value="https://schemas.microsoft.com/ws/2008/06/identity/authenticationmethod/x509" Type="https://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod" ValueType="http://www.w3.org/2001/XMLSchema#string"></Claim>

              </ClaimsIdentity> </ClaimsPrincipal> </ClaimsPrincipalTraceRecord> </TraceRecord> </DataItem> </TraceData> </ApplicationData>

</E2ETraceEvent>

DeflateCookie

DeflateCookie トレースには、Cookie の圧縮に関する情報 (元のサイズおよび圧縮後のサイズ) が保存されます。

DeflateCookie トレースの例を次に示します。

<E2ETraceEvent xmlns="https://schemas.microsoft.com/2004/06/E2ETraceEvent">

  <System xmlns="https://schemas.microsoft.com/2004/06/windows/eventlog/system"> <EventID>0</EventID> <Type>3</Type> <SubType Name="Information">0</SubType> <Level>8</Level> <TimeCreated SystemTime="2009-08-27T16:06:43.0843258Z" /> <Source Name="Microsoft.IdentityModel" /> <Correlation ActivityID="{00000000-0000-0000-5a00-0080000000f7}" /> <Execution ProcessName="w3wp" ProcessID="3412" ThreadID="4" /> <Channel/> <Computer>MyComputer</Computer> </System>

  <ApplicationData> <TraceData> <DataItem>DeflateCookieTransform: BeforeDeflate=5224 AfterDeflate=2596</DataItem> </TraceData> </ApplicationData>

</E2ETraceEvent>

HashTrace

HashTrace トレースには、署名および署名付き XML に関する情報 (16 進形式のバイト数、文字列形式のバイト数 (書き込み時に PreCanonicalBytes が含まれている場合)、長さ、および値) が保存されます。

HashTrace トレースの例を次に示します。

<E2ETraceEvent xmlns="https://schemas.microsoft.com/2004/06/E2ETraceEvent">

  <System xmlns="https://schemas.microsoft.com/2004/06/windows/eventlog/system"> <EventID>1</EventID> <Type>3</Type> <SubType Name="Verbose">0</SubType> <Level>16</Level> <TimeCreated SystemTime="2009-08-28T01:04:35.4997605Z" /> <Source Name="Microsoft.IdentityModel" /> <Correlation ActivityID="{00000000-0000-0000-0000-000000000000}" /> <Execution ProcessName="ActiveStsExample.vshost" ProcessID="8908" ThreadID="11" /> <Channel/> <Computer>MyComputer</Computer> </System>

  <ApplicationData> <TraceData> <DataItem> <TraceRecord xmlns="https://schemas.microsoft.com/2009/10/IdentityModel/TraceRecord" Severity="Verbose">

          <Description>Microsoft.IdentityModel Diagnostic Trace</Description>

          <AppDomain>ActiveStsExample.vshost.exe</AppDomain>

          <HashTraceRecord xmlns="https://schemas.microsoft.com/2009/06/IdentityModel/HashTraceRecord">

            <PreCanonicalBytes> <Length>3240</Length> <HexBytes>EFBBBF3C417…</HexBytes> <Encoding.UTF8>&lt;Assertion ID="_0457ef59-6994-40ee-a733-b9a1210bead3" IssueInstant="2009-08-28T01:04:27.590Z" Version="2.0" /AttributeStatement&gt;</Encoding.UTF8> </PreCanonicalBytes>

            <CanonicalBytes> <Length>3241</Length> <HexBytes>3C417373657274696F6E20</HexBytes> <Encoding.UTF8>&lt;Assertion xmlns="urn:oasis:names:tc:SAML:2.0:assertion" ID="_0457ef59-6994-40ee-a733-b9a1210bead3" …/Assertion&gt;</Encoding.UTF8> </CanonicalBytes>

            <Hash> <Length>44</Length> <Value>pBEYEHY7srohYL4L0lHWgIhxDw8YCaPyUb99OUI/OZA=</Value> </Hash>

          </HashTraceRecord> </TraceRecord> </DataItem> </TraceData> </ApplicationData>

</E2ETraceEvent>

PassiveMessage

PassiveMessage トレースには、パッシブ Web サイトで受け取った STS パッシブ メッセージまたはサインイン メッセージに関する情報 (HTTP 要求の名前と値のペア) が保存されます。

PassiveMessage トレースの例を次に示します。

<E2ETraceEvent xmlns="https://schemas.microsoft.com/2004/06/E2ETraceEvent"> <System xmlns="https://schemas.microsoft.com/2004/06/windows/eventlog/system"> <EventID>1</EventID> <Type>3</Type> <SubType Name="Information">0</SubType> <Level>8</Level> <TimeCreated SystemTime="2009-11-04T01:36:22.2657059Z" /> <Source Name="Microsoft.IdentityModel" /> <Correlation ActivityID="{00000000-0000-0000-0000-000000000000}" /> <Execution ProcessName="w3wp" ProcessID="3680" ThreadID="5" /> <Channel /> <Computer>MyComputer</Computer> </System> <ApplicationData> <TraceData> <DataItem> <TraceRecord xmlns="https://schemas.microsoft.com/2009/10/IdentityModel/TraceRecord" Severity="Information"> <Description>HttpRequest.Form in SignInWithResponseMessage.</Description> <AppDomain>/LM/W3SVC/1/ROOT/PassiveRedirectBasedClaimsAwareWebApp-1-129017721800312308</AppDomain> <PassiveMessageTraceRecord xmlns="https://schemas.microsoft.com/2009/06/IdentityModel/PassiveMessageTraceRecord"> <Request> <wa>wsignin1.0</wa> <wresult> <trust:RequestSecurityTokenResponseCollection xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512"> <trust:RequestSecurityTokenResponse Context="rm=0&id=passive&ru=%2fPassiveRedirectBasedClaimsAwareWebApp%2fdefault.aspx"> <trust:Lifetime> <wsu:Created xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">2009-11-04T01:36:22.156Z</wsu:Created> <wsu:Expires xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">2009-11-04T02:36:22.156Z</wsu:Expires> </trust:Lifetime> <wsp:AppliesTo xmlns:wsp="https://schemas.xmlsoap.org/ws/2004/09/policy"> <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> <Address>https://localhost/PassiveRedirectBasedClaimsAwareWebApp</Address> </EndpointReference> </wsp:AppliesTo> <trust:RequestedSecurityToken> <xenc:EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"> <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"></xenc:EncryptionMethod> <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> <e:EncryptedKey xmlns:e="http://www.w3.org/2001/04/xmlenc#"> <e:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"> <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></DigestMethod> </e:EncryptionMethod> <KeyInfo> <o:SecurityTokenReference xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> <X509Data> <X509IssuerSerial> <X509IssuerName>CN=localhost</X509IssuerName> <X509SerialNumber>-46063684837087187425230596485139881026</X509SerialNumber> </X509IssuerSerial> </X509Data> </o:SecurityTokenReference> </KeyInfo> <e:CipherData> <e:CipherValue>Hjwt9Qfo/+fSaIqxy2vFIaVuPhKxHjmfYZsWLIAe8KZg4mNz4IH9j1eeMuJUdSiNY7yiv7SXVbVNmpi/lsSON8H9vVVpMgfYbr23tgbWjTKSJp59VWwzURx/MqyNOerlRc8GOSNz9S8AgVVm6twFYw/ZgScYFklYQuNKCEAYChU=</e:CipherValue> </e:CipherData> </e:EncryptedKey> </KeyInfo> <xenc:CipherData> <xenc:CipherValue>hrt5PmmAaa3frZjz928PcWhXlUf+xzsR7pUSAosRfQ4MkNvyJtC12Bf4RdEYmauF59Pi2g+5WMggZj8RHfekTzV1k87jmNPxzQ9zcN8JVuz1UsqP3ADgEZiesnhSlhpfaogD3fgmFpCBikwFLg4I60y2X/0yQt+hBHqLcvu3LKbAy81tkPPx9qJYy+1y1FBbm0Wt55GdDwo+f9akJMXJkXc0MhYbNRKIsMWuWbVo73TF3aHJ8AqYjJy7kuWXdvxqbCo6yW0SkEiid6FYAG1/Rl6tB8BOaye8YlpPJRBeFkojHaa9RohnSZ73KPFH9JbFXERQfpN9Z5I1yLvkSkWbu81O3z4epgFVBcr+ARuRc5RnVnuQg7IUMeQFm5d2HD80DuonqrUkJC7+kr3ur//Hdc5WTSxCCVRTrR/YLuFRLDKjXfJ8gYXUkTCI8Ca9yoMesjNZWAT6nf0pu3P/DHh0IczdcGhMYelZiHTY6C5au0ZqMvJudgbLyLvhkM+tTX8Nt0MZFt7FEYz/QXrBjh6t5/WbItFf+2P6ZPQuGQFCMsJo0zMonmxQzUBMJbrG1hNrb2w27+RXAh5Xhvie/4njwaAmcb3nWanohs8AEU41kODsYrjbq+7VfqyyIIWvnL+8T1QEABXuGPbme+Jkp6xHViL5FHPLsHR9l9IAQwWTn85D+/LBlmSPA/avPst1nIUk5cCkwwg06W0g+ZL4zK9w7v7xTff6sinm7cNw3UcQfWbo8/R7DTEph4KFIzHPvy5kuAFk1A13uwrGvodapoh/gDyZ6laCA53S/nDy6nFeNtr3TYer8FXlZGXXe9DglBXWtYLcOc6pEM8r3rab13sbev5KgJOPUcg/ebtH6voyF/dfvsTh+hDRMtpOS+7JTV89Bn4zcDm9/8/2DzAEDhxb28YUKwgdVM30sF4e3/4+qedafQr2OIMRJqRFMxaDD6amvXw09qmp48edKDEQRCmqKi/iGPZQUtZNxrNBld+iOj8l/53dgum5DTQgrWhioeEgueWWmhLjepSpfrxW8HgeFTQMc/Eev8ASD2f1tL7rOC3XxTkQgxvLBpNm1UucI0GC/f3u0DOwL8R6z4gG2ZF5sQy0grAxiKRQOOHslw2OdKcEJCZPx8Dt53zHN5C/MhazWZcsIXS4sBE7lafC7cPS/C/kV5rNv+hvuLSrvaT3IEGx9Bfrt391FGssaqL1f6HeFBtSk7+IuGLJIFWurZ/LuZnGBcJZ9TBB7a9dpO5yj6trn/QTuaVoE7wsYJmtCpEkg/jjlQ2/SZMZlf9zUsauebwJKlm5l7U6aIlu6lsOkTdtGsNcTE2qgmN/3vZjguDCg+0/cVDQE6iyDafpatojv9/+7JAxd/Hf2ITmYb04GRn2TqPy0HPcBj4czkwJ7+q59oj49E8leFdQx/dFRFmwHk8N4XD8/Sn1rSrc3LnDcBu//xhBKf1pUoEjq2AEDYGIiY1j1Aoa1h11DxQdEx1qc4uKoVL6PHm/NA9LA5fKtwjfCmebNaVGmFx+Oq+EcHdMnL3g8GEYWkd59u0BgRaW1XeTTdF7lksNYqtwNii8fhw50oiquGwlcADksrGCxQtzrTSLq8Zt0npiOaXe1hKGuQEAsNRm5nzu7fruf2AKkQwh9RKyU1lpAux/y2cWQcvjRqldY0ZAuim7c+YmnXoWEe/xQ3k4QHn+xSooCrRjwbrV3bbMl2JdPyC4tt2MRjF/LIsH3lNWOTAXT4saFKO6dyigZoQvW88xaDPCiOIKMbL9yy9dGp5JQnk1AQv1/4UjyVgUdVakGEep0iR7euqh9m+vu1/o8WsE+lbO2S5X2WQxFxxzTnBT24AgoK2Qy9FXfmL9VQWTcif6I0tGFwGnQpp1n0Cn+37Ta+jYXtllWg1AmX8PtE18qjW/gHGh/U1aMHOLSJ6n/VmJyk9IUmmtA2q3D1tFCSGtCjd661kipUpBvi1u8dvRXz1jhrWIu0uKZ9FhMvsR4zi/oB98ZkEUSB0aUd0dCrJe7c9FHtUdDo5g7YfHY7Ch4yLMuvhfkmQa+dddXwuQNcmHdLq27PNah3v7A9SUgqZyHi+I4efjy17K3WxqxO9DJY7iaqa2KJkJifdAZ/YNRzmiL9RO4NRnheF7vc0W9fF5Ih/r1nxwLwbjyOZwIToksEgot1C2wfJpc6ylObuTCL2+/KpYKh1NGjZHRdQtEHxAaRxPhK3WW/iKT1U1g04YluHyxdlo0fiEYXikndhbNassN7fVF27FL0uCBNv75D5W0+KlYpWlSaYnBMqXMLm2Aw5cgIQueCGzMPCZf5yapP8BZUzBrURxYOiEbPPrLDzQZnSVfGDJJ9qBMBpDgtFE7fQVp11HUwwdps4bgrn1f0uTjf9G08eFTRV9jKKrhKnBZFRqNpiM97n5w+YuzTVwV4RcgXIqanZbd0q6lstQo6Ls9sg46yUQUmage6PWf/OBRdCU+1Rk0ve7uPYHATAP0gOu4HuEYbGU9Nz0BRQfGf/+Hf5xqJp1O1MzMMXpCn5kDhqZuNJRuHN26dVgk9EgviLsYSyeHJaG/yYpk3ZtRiTQU/fOKbaX8lpgCON/0UKS1rCPrf9ub1+rsZGQOYtJOGbnXulTcY8mcb//7SXTPJxPsgA51d+yZ6EgjQLc1G1E2HWzWNLSjSkd4vICoSqgM1uCecF+uacE9u9qlqaugRqT6LH65Nw6RCOlvmyJjzNh9R2xmjOqewz0QPzeojuF0DqxHmJfgyLqhv3bUrdoo3ESQ1yJPwl9srHejn0vK8MPdKB6GOocYg/Gh4fNGqxNXTG9Kz0sAw90qKByA4AfYPH7/7sscsHg+Mr3o0Ih5AJsJ9/JUBdhqMEYAVOC9kEMNgu+5HXY1aO7CfTCD/T+EuI8qYg3Dj9yVt1G0fXmCor+u7ETD2Sq8coiYJ03uCEsNqOLvCyUmZOlcBt2ZwWeNGhWokgEm9ybXQFjLhBTQ4qNrFww70oQk7Utxxgsdq/X/TWeBKWZwXDYxwiEs0mANp+YuvrDd/IrMHinThFP5wMoMG+mGapdX8uEGu6PByfd3kwzdVLPRA/dE/qxJEvVX1U8kthcxlhR3KZtmGvBDu6RZjldNVEGkjN8k8eOxMuCdiyPHRhBFHVEhEOvxkrmPtwGURFdY/7sgCXW8wYSYxmQkOzbi+6qymtcPOGxpDPHlN6ValdZih1QCotonxTF+cFVc9i41v5/VeQ9g283ujbr9P0+gqwt89mdZjG3fLPWgp4sNf9FUKo5/oHz2wkFqkdwpakNxB6KEOFIi7KgW2QP862z40waTW8/t8U6PsaYPGt2yLyssx0rHJunI0DgpxvB3FatR7EzU4xedcvribCKkX744p+iaDtIavvmVdiAPyvdZFun8fHatWK6gB9S6asrfRAK0y0yEcAU0PuLeA+h4a5VqFaRiqRxKH4sGEaYM8bsXuZPzpDeCCq1UAiaqAELGt3DFLB0OpbO3mS4ilL9kw9P/cvz/wX/nghiPRvj6Mm9qeonm/PBBfNmsnJeidGNCP3ZUD1iFkMxNIaA3oXayXwBd4+2FwY6m/jT8Gx0YseOZ4uoAiZnOBY6rrex/1pzMH/si696NtbUzw5d0RShZ13zS5LAw76QrZDsCK0YkFOnJm3Rcf6CfNDe1Efv+rTmsGwgT3tgWXp3UEeidTFrgaeMAFIfIsjKy1BSbx9ALhmORjfafEJLmZko06TWOr6fNWHIg/gWFkdFv2KmPy6/3xrqJm4vHbWdGnRSjEgnRVDZGwqTJEv35JO+CV7K78uU14VzUakgU7thEgS00hquoysOeK6Ibw3xun4NljPdb8++8u0kFXtjjFfNjpkzF82hfzurSbeF1NCPOxsP2og9xRCCmLFPcYvuHgjGGbx997lOnffoC3rfmKKnwKe40ugD6P2/+k/KKkzU1Dao+Tz/a2at69iLNLbrn8sVjFaBRadWV8eacl/kdw9f4vTNaqj4oCzqtJRKV4GDTbSwqjAi5HKI2ZjKw4KSLDnNxU7KoAZ0FBK99MBsRjN7lG/Gfm/ymF86S91Jh3z8O/FUFoi0EK+V2Z5B9vk=</xenc:CipherValue> </xenc:CipherData> </xenc:EncryptedData> </trust:RequestedSecurityToken> <trust:RequestedAttachedReference> <o:SecurityTokenReference xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> <o:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID">_a4e312b7-af54-4623-9c36-9d1da05b16de</o:KeyIdentifier> </o:SecurityTokenReference> </trust:RequestedAttachedReference> <trust:RequestedUnattachedReference> <o:SecurityTokenReference xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> <o:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID">_a4e312b7-af54-4623-9c36-9d1da05b16de</o:KeyIdentifier> </o:SecurityTokenReference> </trust:RequestedUnattachedReference> <trust:TokenType>urn:oasis:names:tc:SAML:1.0:assertion</trust:TokenType> <trust:RequestType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue</trust:RequestType> <trust:KeyType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Bearer</trust:KeyType> </trust:RequestSecurityTokenResponse> </trust:RequestSecurityTokenResponseCollection> </wresult> <wctx>rm=0&id=passive&ru=%2fPassiveRedirectBasedClaimsAwareWebApp%2fdefault.aspx</wctx> </Request> </PassiveMessageTraceRecord> </TraceRecord> </DataItem> </TraceData> </ApplicationData> </E2ETraceEvent>

Reference

Reference トレースには、SignedInfo 内の参照に関する情報 (ReferenceId (URI)、等値を示すブール値、計算されたダイジェスト、参照ダイジェスト) が保存されます。

Reference トレースの例を次に示します。

<E2ETraceEvent xmlns="https://schemas.microsoft.com/2004/06/E2ETraceEvent"> <System xmlns="https://schemas.microsoft.com/2004/06/windows/eventlog/system"> <EventID>1</EventID> <Type>3</Type> <SubType Name="Verbose">0</SubType> <Level>16</Level> <TimeCreated SystemTime="2009-11-04T01:36:22.2969573Z" /> <Source Name="Microsoft.IdentityModel" /> <Correlation ActivityID="{00000000-0000-0000-0000-000000000000}" /> <Execution ProcessName="w3wp" ProcessID="3680" ThreadID="5" /> <Channel /> <Computer>MyComputer</Computer> </System> <ApplicationData> <TraceData> <DataItem> <TraceRecord xmlns="https://schemas.microsoft.com/2009/10/IdentityModel/TraceRecord" Severity="Verbose"> <Description>Computing and checking digest of reference.</Description> <AppDomain>/LM/W3SVC/1/ROOT/PassiveRedirectBasedClaimsAwareWebApp-1-129017721800312308</AppDomain> <ReferenceTraceRecord xmlns="https://schemas.microsoft.com/2009/06/IdentityModel/ReferenceTraceRecord"> <Reference>#_a4e312b7-af54-4623-9c36-9d1da05b16de</Reference> <Equal>True</Equal> <ComputedDigestBase64>Y0WvY8uYETf/oWAYd+x6kPHxzgvH4XqcibGwt67PsZA=</ComputedDigestBase64> <ReferenceDigestBase64>Y0WvY8uYETf/oWAYd+x6kPHxzgvH4XqcibGwt67PsZA=</ReferenceDigestBase64> </ReferenceTraceRecord> </TraceRecord> </DataItem> </TraceData> </ApplicationData> </E2ETraceEvent>

Token

Token トレースには、トークンに関する情報が保存されます。 現時点では、SessionTokens (Saml11 トークンおよび Saml2 トークン) のみが読み取り時にトレースされます。 このトレースに含まれる情報は、トークンの種類によって異なります。

Token トレースの例を次に示します。

<E2ETraceEvent xmlns="https://schemas.microsoft.com/2004/06/E2ETraceEvent"> <System xmlns="https://schemas.microsoft.com/2004/06/windows/eventlog/system"> <EventID>1</EventID> <Type>3</Type> <SubType Name="Verbose">0</SubType> <Level>16</Level> <TimeCreated SystemTime="2009-11-04T01:36:22.2969573Z" /> <Source Name="Microsoft.IdentityModel" /> <Correlation ActivityID="{00000000-0000-0000-0000-000000000000}" /> <Execution ProcessName="w3wp" ProcessID="3680" ThreadID="5" /> <Channel /> <Computer>MyComputer</Computer> </System> <ApplicationData> <TraceData> <DataItem> <TraceRecord xmlns="https://schemas.microsoft.com/2009/10/IdentityModel/TraceRecord" Severity="Verbose"> <Description>Validating SecurityToken.</Description> <AppDomain>/LM/W3SVC/1/ROOT/PassiveRedirectBasedClaimsAwareWebApp-1-129017721800312308</AppDomain> <TokenTraceRecord xmlns="https://schemas.microsoft.com/2009/06/IdentityModel/TokenTraceRecord"> <SecurityToken Type="System.IdentityModel.Tokens.SamlSecurityToken"> <saml:Assertion MajorVersion="1" MinorVersion="1" AssertionID="_a4e312b7-af54-4623-9c36-9d1da05b16de" Issuer="PassiveSigninSTS" IssueInstant="2009-11-04T01:36:22.156Z" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"> <saml:Conditions NotBefore="2009-11-04T01:36:22.156Z" NotOnOrAfter="2009-11-04T02:36:22.156Z"> <saml:AudienceRestrictionCondition> <saml:Audience>https://localhost/PassiveRedirectBasedClaimsAwareWebApp</saml:Audience> </saml:AudienceRestrictionCondition> </saml:Conditions> <saml:AttributeStatement> <saml:Subject> <saml:SubjectConfirmation> <saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:bearer</saml:ConfirmationMethod> </saml:SubjectConfirmation> </saml:Subject> <saml:Attribute AttributeName="name" AttributeNamespace="https://schemas.xmlsoap.org/ws/2005/05/identity/claims"> <saml:AttributeValue>MyName</saml:AttributeValue> </saml:Attribute> <saml:Attribute AttributeName="myID" AttributeNamespace="http://WindowsIdentityFoundationSamples"> <saml:AttributeValue>myemail@contoso.com</saml:AttributeValue> </saml:Attribute> <saml:Attribute AttributeName="AgeClaim" AttributeNamespace="http://WindowsIdentityFoundationSamples/2008/05"> <saml:AttributeValue a:type="tn:integer" xmlns:a="http://www.w3.org/2001/XMLSchema-instance" xmlns:tn="http://www.w3.org/2001/XMLSchema">50</saml:AttributeValue> </saml:Attribute> </saml:AttributeStatement> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:CanonicalizationMethod> <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"></ds:SignatureMethod> <ds:Reference URI="#_a4e312b7-af54-4623-9c36-9d1da05b16de"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"></ds:Transform> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:Transform> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"></ds:DigestMethod> <ds:DigestValue>Y0WvY8uYETf/oWAYd+x6kPHxzgvH4XqcibGwt67PsZA=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue>NtLi5N5V/fOqTLxJZLMjODgPoAPxMllaPN1xsboU712EDk6TZ5RrdZjvjprKFEYKHCKG1bg779VXoXGYZImi0enBoyL0kXYtdfEtHTmYBwpXyib1bbhP0IuFAVQ7JCkhFDmODWA6nDLYBtlz2FQwEVqGnNM5OCDZZ6ItLvq7rnI=</ds:SignatureValue> <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> <X509Data> <X509Certificate>MIIB7jCCAVugAwIBAgIQ3Vh0/hsIm4RA2OvQLeSjvjAJBgUrDgMCHQUAMBQxEjAQBgNVBAMTCWxvY2FsaG9zdDAeFw0wMDAxMDEwODAwMDBaFw0zNjAxMDEwODAwMDBaMBQxEjAQBgNVBAMTCWxvY2FsaG9zdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAtINoa5bYMLtbJoewBFrajwnQu3K8lahVL3EokQLuXZNA59DFzf1KJTjeAa+otkydNZygMqYj6odA/PHS1v36Kt+9KU88jj+HmxCY3zlzLLLAeLphMNboV69qrv8Xhjl9Av8p3+YEQWecN+z2NT4jN/b93zHuum0UOHxgpzeuBF0CAwEAAaNJMEcwRQYDVR0BBD4wPIAQ7LJlFrGxniplf/NwIOqPJ6EWMBQxEjAQBgNVBAMTCWxvY2FsaG9zdIIQ3Vh0/hsIm4RA2OvQLeSjvjAJBgUrDgMCHQUAA4GBAB+WKIcbd7DhDmThLxlH5M2YoGNKnwx4YqPKz5J7MaM+G5D1YGG9PQfQtxLi7E6G+slSIJ73Vhhf7odZ9VE7znnh2qLISe0THnWg8NUqm9eSLpUEixzoxQQsqZf24z0qtzVlsrjJNc4EnY2F71vUc0+1FlTZvZU0CVVNX349wiUc</X509Certificate> </X509Data> </KeyInfo> </ds:Signature> </saml:Assertion> </SecurityToken> </TokenTraceRecord> </TraceRecord> </DataItem> </TraceData> </ApplicationData> </E2ETraceEvent>

WsFedMessage

WsFedMessage トレースには、WSFederationMessges 受け取り時の情報 (CanReadSignInResponse、GetReturnUrlFromResponse、CreateSignInResponse、および GetSignInResponse) が保存されます。

WsFedMessage トレースの例を次に示します。

<E2ETraceEvent xmlns="https://schemas.microsoft.com/2004/06/E2ETraceEvent"> <System xmlns="https://schemas.microsoft.com/2004/06/windows/eventlog/system"> <EventID>1</EventID> <Type>3</Type> <SubType Name="Information">0</SubType> <Level>8</Level> <TimeCreated SystemTime="2009-11-04T01:36:22.2657059Z" /> <Source Name="Microsoft.IdentityModel" /> <Correlation ActivityID="{00000000-0000-0000-0000-000000000000}" /> <Execution ProcessName="w3wp" ProcessID="3680" ThreadID="5" /> <Channel /> <Computer>MyComputer</Computer> </System> <ApplicationData> <TraceData> <DataItem> <TraceRecord xmlns="https://schemas.microsoft.com/2009/10/IdentityModel/TraceRecord" Severity="Information"> <Description>GetSignInResponseMessage</Description> <AppDomain>/LM/W3SVC/1/ROOT/PassiveRedirectBasedClaimsAwareWebApp-1-129017721800312308</AppDomain> <WSFederationMessageTraceRecord xmlns="https://schemas.microsoft.com/2009/06/IdentityModel/WSFederationMessageTraceRecord"> <WSFederationMessage> <BaseUri>https://localhost/PassiveRedirectBasedClaimsAwareWebApp/Default.aspx</BaseUri> <wa>wsignin1.0</wa> <wresult> <trust:RequestSecurityTokenResponseCollection xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512"> <trust:RequestSecurityTokenResponse Context="rm=0&id=passive&ru=%2fPassiveRedirectBasedClaimsAwareWebApp%2fdefault.aspx"> <trust:Lifetime> <wsu:Created xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">2009-11-04T01:36:22.156Z</wsu:Created> <wsu:Expires xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">2009-11-04T02:36:22.156Z</wsu:Expires> </trust:Lifetime> <wsp:AppliesTo xmlns:wsp="https://schemas.xmlsoap.org/ws/2004/09/policy"> <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> <Address>https://localhost/PassiveRedirectBasedClaimsAwareWebApp</Address> </EndpointReference> </wsp:AppliesTo> <trust:RequestedSecurityToken> <xenc:EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"> <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"></xenc:EncryptionMethod> <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> <e:EncryptedKey xmlns:e="http://www.w3.org/2001/04/xmlenc#"> <e:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"> <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></DigestMethod> </e:EncryptionMethod> <KeyInfo> <o:SecurityTokenReference xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> <X509Data> <X509IssuerSerial> <X509IssuerName>CN=localhost</X509IssuerName> <X509SerialNumber>-46063684837087187425230596485139881026</X509SerialNumber> </X509IssuerSerial> </X509Data> </o:SecurityTokenReference> </KeyInfo> <e:CipherData> <e:CipherValue>Hjwt9Qfo/+fSaIqxy2vFIaVuPhKxHjmfYZsWLIAe8KZg4mNz4IH9j1eeMuJUdSiNY7yiv7SXVbVNmpi/lsSON8H9vVVpMgfYbr23tgbWjTKSJp59VWwzURx/MqyNOerlRc8GOSNz9S8AgVVm6twFYw/ZgScYFklYQuNKCEAYChU=</e:CipherValue> </e:CipherData> </e:EncryptedKey> </KeyInfo> <xenc:CipherData> <xenc:CipherValue>hrt5PmmAaa3frZjz928PcWhXlUf+xzsR7pUSAosRfQ4MkNvyJtC12Bf4RdEYmauF59Pi2g+5WMggZj8RHfekTzV1k87jmNPxzQ9zcN8JVuz1UsqP3ADgEZiesnhSlhpfaogD3fgmFpCBikwFLg4I60y2X/0yQt+hBHqLcvu3LKbAy81tkPPx9qJYy+1y1FBbm0Wt55GdDwo+f9akJMXJkXc0MhYbNRKIsMWuWbVo73TF3aHJ8AqYjJy7kuWXdvxqbCo6yW0SkEiid6FYAG1/Rl6tB8BOaye8YlpPJRBeFkojHaa9RohnSZ73KPFH9JbFXERQfpN9Z5I1yLvkSkWbu81O3z4epgFVBcr+ARuRc5RnVnuQg7IUMeQFm5d2HD80DuonqrUkJC7+kr3ur//Hdc5WTSxCCVRTrR/YLuFRLDKjXfJ8gYXUkTCI8Ca9yoMesjNZWAT6nf0pu3P/DHh0IczdcGhMYelZiHTY6C5au0ZqMvJudgbLyLvhkM+tTX8Nt0MZFt7FEYz/QXrBjh6t5/WbItFf+2P6ZPQuGQFCMsJo0zMonmxQzUBMJbrG1hNrb2w27+RXAh5Xhvie/4njwaAmcb3nWanohs8AEU41kODsYrjbq+7VfqyyIIWvnL+8T1QEABXuGPbme+Jkp6xHViL5FHPLsHR9l9IAQwWTn85D+/LBlmSPA/avPst1nIUk5cCkwwg06W0g+ZL4zK9w7v7xTff6sinm7cNw3UcQfWbo8/R7DTEph4KFIzHPvy5kuAFk1A13uwrGvodapoh/gDyZ6laCA53S/nDy6nFeNtr3TYer8FXlZGXXe9DglBXWtYLcOc6pEM8r3rab13sbev5KgJOPUcg/ebtH6voyF/dfvsTh+hDRMtpOS+7JTV89Bn4zcDm9/8/2DzAEDhxb28YUKwgdVM30sF4e3/4+qedafQr2OIMRJqRFMxaDD6amvXw09qmp48edKDEQRCmqKi/iGPZQUtZNxrNBld+iOj8l/53dgum5DTQgrWhioeEgueWWmhLjepSpfrxW8HgeFTQMc/Eev8ASD2f1tL7rOC3XxTkQgxvLBpNm1UucI0GC/f3u0DOwL8R6z4gG2ZF5sQy0grAxiKRQOOHslw2OdKcEJCZPx8Dt53zHN5C/MhazWZcsIXS4sBE7lafC7cPS/C/kV5rNv+hvuLSrvaT3IEGx9Bfrt391FGssaqL1f6HeFBtSk7+IuGLJIFWurZ/LuZnGBcJZ9TBB7a9dpO5yj6trn/QTuaVoE7wsYJmtCpEkg/jjlQ2/SZMZlf9zUsauebwJKlm5l7U6aIlu6lsOkTdtGsNcTE2qgmN/3vZjguDCg+0/cVDQE6iyDafpatojv9/+7JAxd/Hf2ITmYb04GRn2TqPy0HPcBj4czkwJ7+q59oj49E8leFdQx/dFRFmwHk8N4XD8/Sn1rSrc3LnDcBu//xhBKf1pUoEjq2AEDYGIiY1j1Aoa1h11DxQdEx1qc4uKoVL6PHm/NA9LA5fKtwjfCmebNaVGmFx+Oq+EcHdMnL3g8GEYWkd59u0BgRaW1XeTTdF7lksNYqtwNii8fhw50oiquGwlcADksrGCxQtzrTSLq8Zt0npiOaXe1hKGuQEAsNRm5nzu7fruf2AKkQwh9RKyU1lpAux/y2cWQcvjRqldY0ZAuim7c+YmnXoWEe/xQ3k4QHn+xSooCrRjwbrV3bbMl2JdPyC4tt2MRjF/LIsH3lNWOTAXT4saFKO6dyigZoQvW88xaDPCiOIKMbL9yy9dGp5JQnk1AQv1/4UjyVgUdVakGEep0iR7euqh9m+vu1/o8WsE+lbO2S5X2WQxFxxzTnBT24AgoK2Qy9FXfmL9VQWTcif6I0tGFwGnQpp1n0Cn+37Ta+jYXtllWg1AmX8PtE18qjW/gHGh/U1aMHOLSJ6n/VmJyk9IUmmtA2q3D1tFCSGtCjd661kipUpBvi1u8dvRXz1jhrWIu0uKZ9FhMvsR4zi/oB98ZkEUSB0aUd0dCrJe7c9FHtUdDo5g7YfHY7Ch4yLMuvhfkmQa+dddXwuQNcmHdLq27PNah3v7A9SUgqZyHi+I4efjy17K3WxqxO9DJY7iaqa2KJkJifdAZ/YNRzmiL9RO4NRnheF7vc0W9fF5Ih/r1nxwLwbjyOZwIToksEgot1C2wfJpc6ylObuTCL2+/KpYKh1NGjZHRdQtEHxAaRxPhK3WW/iKT1U1g04YluHyxdlo0fiEYXikndhbNassN7fVF27FL0uCBNv75D5W0+KlYpWlSaYnBMqXMLm2Aw5cgIQueCGzMPCZf5yapP8BZUzBrURxYOiEbPPrLDzQZnSVfGDJJ9qBMBpDgtFE7fQVp11HUwwdps4bgrn1f0uTjf9G08eFTRV9jKKrhKnBZFRqNpiM97n5w+YuzTVwV4RcgXIqanZbd0q6lstQo6Ls9sg46yUQUmage6PWf/OBRdCU+1Rk0ve7uPYHATAP0gOu4HuEYbGU9Nz0BRQfGf/+Hf5xqJp1O1MzMMXpCn5kDhqZuNJRuHN26dVgk9EgviLsYSyeHJaG/yYpk3ZtRiTQU/fOKbaX8lpgCON/0UKS1rCPrf9ub1+rsZGQOYtJOGbnXulTcY8mcb//7SXTPJxPsgA51d+yZ6EgjQLc1G1E2HWzWNLSjSkd4vICoSqgM1uCecF+uacE9u9qlqaugRqT6LH65Nw6RCOlvmyJjzNh9R2xmjOqewz0QPzeojuF0DqxHmJfgyLqhv3bUrdoo3ESQ1yJPwl9srHejn0vK8MPdKB6GOocYg/Gh4fNGqxNXTG9Kz0sAw90qKByA4AfYPH7/7sscsHg+Mr3o0Ih5AJsJ9/JUBdhqMEYAVOC9kEMNgu+5HXY1aO7CfTCD/T+EuI8qYg3Dj9yVt1G0fXmCor+u7ETD2Sq8coiYJ03uCEsNqOLvCyUmZOlcBt2ZwWeNGhWokgEm9ybXQFjLhBTQ4qNrFww70oQk7Utxxgsdq/X/TWeBKWZwXDYxwiEs0mANp+YuvrDd/IrMHinThFP5wMoMG+mGapdX8uEGu6PByfd3kwzdVLPRA/dE/qxJEvVX1U8kthcxlhR3KZtmGvBDu6RZjldNVEGkjN8k8eOxMuCdiyPHRhBFHVEhEOvxkrmPtwGURFdY/7sgCXW8wYSYxmQkOzbi+6qymtcPOGxpDPHlN6ValdZih1QCotonxTF+cFVc9i41v5/VeQ9g283ujbr9P0+gqwt89mdZjG3fLPWgp4sNf9FUKo5/oHz2wkFqkdwpakNxB6KEOFIi7KgW2QP862z40waTW8/t8U6PsaYPGt2yLyssx0rHJunI0DgpxvB3FatR7EzU4xedcvribCKkX744p+iaDtIavvmVdiAPyvdZFun8fHatWK6gB9S6asrfRAK0y0yEcAU0PuLeA+h4a5VqFaRiqRxKH4sGEaYM8bsXuZPzpDeCCq1UAiaqAELGt3DFLB0OpbO3mS4ilL9kw9P/cvz/wX/nghiPRvj6Mm9qeonm/PBBfNmsnJeidGNCP3ZUD1iFkMxNIaA3oXayXwBd4+2FwY6m/jT8Gx0YseOZ4uoAiZnOBY6rrex/1pzMH/si696NtbUzw5d0RShZ13zS5LAw76QrZDsCK0YkFOnJm3Rcf6CfNDe1Efv+rTmsGwgT3tgWXp3UEeidTFrgaeMAFIfIsjKy1BSbx9ALhmORjfafEJLmZko06TWOr6fNWHIg/gWFkdFv2KmPy6/3xrqJm4vHbWdGnRSjEgnRVDZGwqTJEv35JO+CV7K78uU14VzUakgU7thEgS00hquoysOeK6Ibw3xun4NljPdb8++8u0kFXtjjFfNjpkzF82hfzurSbeF1NCPOxsP2og9xRCCmLFPcYvuHgjGGbx997lOnffoC3rfmKKnwKe40ugD6P2/+k/KKkzU1Dao+Tz/a2at69iLNLbrn8sVjFaBRadWV8eacl/kdw9f4vTNaqj4oCzqtJRKV4GDTbSwqjAi5HKI2ZjKw4KSLDnNxU7KoAZ0FBK99MBsRjN7lG/Gfm/ymF86S91Jh3z8O/FUFoi0EK+V2Z5B9vk=</xenc:CipherValue> </xenc:CipherData> </xenc:EncryptedData> </trust:RequestedSecurityToken> <trust:RequestedAttachedReference> <o:SecurityTokenReference xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> <o:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID">_a4e312b7-af54-4623-9c36-9d1da05b16de</o:KeyIdentifier> </o:SecurityTokenReference> </trust:RequestedAttachedReference> <trust:RequestedUnattachedReference> <o:SecurityTokenReference xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> <o:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID">_a4e312b7-af54-4623-9c36-9d1da05b16de</o:KeyIdentifier> </o:SecurityTokenReference> </trust:RequestedUnattachedReference> <trust:TokenType>urn:oasis:names:tc:SAML:1.0:assertion</trust:TokenType> <trust:RequestType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue</trust:RequestType> <trust:KeyType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Bearer</trust:KeyType> </trust:RequestSecurityTokenResponse> </trust:RequestSecurityTokenResponseCollection> </wresult> <wctx>rm=0&id=passive&ru=%2fPassiveRedirectBasedClaimsAwareWebApp%2fdefault.aspx</wctx> </WSFederationMessage> </WSFederationMessageTraceRecord> </TraceRecord> </DataItem> </TraceData> </ApplicationData> </E2ETraceEvent>

例外

WIF 例外は完全なスタックを持つトレースです。 例外のトレースの例を次に示します。

<E2ETraceEvent xmlns="https://schemas.microsoft.com/2004/06/E2ETraceEvent">

  <System xmlns="https://schemas.microsoft.com/2004/06/windows/eventlog/system"> <EventID>8</EventID> <Type>3</Type> <SubType Name="Error">0</SubType> <Level>2</Level> <TimeCreated SystemTime="2009-08-28T01:04:27.2624325Z" /> <Source Name="Microsoft.IdentityModel" /> <Correlation ActivityID="{00000000-0000-0000-0000-000000000000}" /> <Execution ProcessName="ActiveStsExample.vshost" ProcessID="8908" ThreadID="11" /> <Channel/> <Computer>MyComputer</Computer> </System>

  <ApplicationData> <TraceData> <DataItem> <TraceRecord xmlns="https://schemas.microsoft.com/2009/10/IdentityModel/TraceRecord" Severity="Error">

          <Description>Handled exception.</Description>

          <AppDomain>ActiveStsExample.vshost.exe</AppDomain>

          <Exception>

            <ExceptionType>System.Security.AccessControl.PrivilegeNotHeldException, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</ExceptionType>

            <Message>The process does not possess the 'SeTcbPrivilege' privilege which is required for this operation.</Message>

            <StackTrace> at Microsoft.IdentityModel.Privilege.EnableTokenPrivilege(SafeCloseHandle threadToken) at Microsoft.IdentityModel.Privilege.Enable() at Microsoft.IdentityModel.Tokens.X509SecurityTokenHandler.KerberosCertificateLogon(X509Certificate2 certificate) at Microsoft.IdentityModel.Claims.WindowsClaimsIdentity.CertificateLogon(X509Certificate2 x509Certificate) at Microsoft.IdentityModel.Claims.WindowsClaimsIdentity.CreateFromCertificate(X509Certificate2 certificate, Boolean useWindowsTokenService) at Microsoft.IdentityModel.Tokens.X509SecurityTokenHandler.ValidateToken(SecurityToken token) at Microsoft.IdentityModel.Tokens.WrappedX509SecurityTokenAuthenticator.ValidateTokenCore(SecurityToken token) at System.IdentityModel.Selectors.SecurityTokenAuthenticator.ValidateToken(SecurityToken token) at System.ServiceModel.Security.TlsnegoTokenAuthenticator.ValidateSspiNegotiation(ISspiNegotiation sspiNegotiation) at System.ServiceModel.Security.SspiNegotiationTokenAuthenticator.ProcessNegotiation(SspiNegotiationTokenAuthenticatorState negotiationState, Message incomingMessage, BinaryNegotiation incomingNego) at System.ServiceModel.Security.NegotiationTokenAuthenticator`1.ProcessRequestCore(Message request) at System.ServiceModel.Security.NegotiationTokenAuthenticator`1.NegotiationHost.NegotiationSyncInvoker.Invoke(Object instance, Object[] inputs, Object[]&amp;amp; outputs) at System.ServiceModel.Dispatcher.DispatchOperationRuntime.InvokeBegin(MessageRpc&amp;amp; rpc) at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage5(MessageRpc&amp;amp; rpc) at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage4(MessageRpc&amp;amp; rpc) at System.ServiceModel.Dispatcher.MessageRpc.Process(Boolean isOperationContextSet) at System.ServiceModel.Dispatcher.ChannelHandler.DispatchAndReleasePump(RequestContext request, Boolean cleanThread, OperationContext currentOperationContext) at System.ServiceModel.Dispatcher.ChannelHandler.HandleRequest(RequestContext request, OperationContext currentOperationContext) at System.ServiceModel.Dispatcher.ChannelHandler.AsyncMessagePump(IAsyncResult result) at System.ServiceModel.Diagnostics.Utility.AsyncThunk.UnhandledExceptionFrame(IAsyncResult result) at System.ServiceModel.AsyncResult.Complete(Boolean completedSynchronously) at System.ServiceModel.Channels.InputQueue`1.AsyncQueueReader.Set(Item item) at System.ServiceModel.Channels.InputQueue`1.Dispatch() at System.ServiceModel.Channels.InputQueue`1.OnDispatchCallback(Object state) at System.ServiceModel.Channels.IOThreadScheduler.CriticalHelper.WorkItem.Invoke2() at System.Security.SecurityContext.Run(SecurityContext securityContext, ContextCallback callback, Object state) at System.ServiceModel.Channels.IOThreadScheduler.CriticalHelper.WorkItem.Invoke() at System.ServiceModel.Channels.IOThreadScheduler.CriticalHelper.ProcessCallbacks() at System.ServiceModel.Channels.IOThreadScheduler.CriticalHelper.CompletionCallback(Object state) at System.ServiceModel.Channels.IOThreadScheduler.CriticalHelper.ScheduledOverlapped.IOCallback(UInt32 errorCode, UInt32 numBytes, NativeOverlapped* nativeOverlapped) at System.ServiceModel.Diagnostics.Utility.IOCompletionThunk.UnhandledExceptionFrame(UInt32 error, UInt32 bytesRead, NativeOverlapped* nativeOverlapped) at System.Threading._IOCompletionCallback.PerformIOCompletionCallback(UInt32 errorCode, UInt32 numBytes, NativeOverlapped* pOVERLAP) </StackTrace>

            <ExceptionString>System.Security.AccessControl.PrivilegeNotHeldException: The process does not possess the 'SeTcbPrivilege' privilege which is required for this operation.</ExceptionString>

          </Exception> </TraceRecord> </DataItem> </TraceData> </ApplicationData>

</E2ETraceEvent>

AppDomain アンロード

AppDomain アンロードは WIF でトレースされます。 AppDomain アンロードのトレースの例を次に示します。

<E2ETraceEvent xmlns="https://schemas.microsoft.com/2004/06/E2ETraceEvent">

  <System xmlns="https://schemas.microsoft.com/2004/06/windows/eventlog/system"> <EventID>2</EventID> <Type>3</Type> <SubType Name="Information">0</SubType> <Level>8</Level> <TimeCreated SystemTime="2009-08-28T01:04:44.0647095Z" /> <Source Name="Microsoft.IdentityModel" /> <Correlation ActivityID="{00000000-0000-0000-0000-000000000000}" /> <Execution ProcessName="ActiveStsExample.vshost" ProcessID="8908" ThreadID="2" /> <Channel/> <Computer>MyComputer</Computer> </System>

  <ApplicationData> <TraceData> <DataItem> <TraceRecord xmlns="https://schemas.microsoft.com/2009/10/IdentityModel/TraceRecord" Severity="Information">

          <Description>AppDomain unloading.</Description>

          <AppDomain>ActiveStsExample.vshost.exe</AppDomain>

          <AppDomain.FriendlyName>ActiveStsExample.vshost.exe</AppDomain.FriendlyName>

          <ProcessName>ActiveStsExample.vshost</ProcessName>

          <ProcessId>8908</ProcessId>

        </TraceRecord> </DataItem> </TraceData> </ApplicationData>

</E2ETraceEvent>

トレースと証明書利用者アプリケーション

次の図に、証明書利用者アプリケーションのパイプライン内のイベントとトレースとの対応を示します。

RP トレース