You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Nov 9, 2017. It is now read-only.
I am getting an error when attempting to request a new token from ADFS based on a saml assertion. Based on the error my suspicion is that it has something to do with my ADFS Encryption certificate, but I don't really know for sure. Do you have any suggestions on which parts of the code/setup I should look at to fix this?
This is the error I'm seeing in the trace log:
Error while communicating with ADFS: System.ServiceModel.Security.MessageSecurityException: An unsecured or incorrectly secured fault was received from the other party. See the inner FaultException for the fault code and detail. ---> System.ServiceModel.FaultException: An error occurred when processing the security tokens in the message.
--- End of inner exception stack trace ---
Server stack trace:
at System.ServiceModel.Channels.SecurityChannelFactory1.SecurityRequestChannel.ProcessReply(Message reply, SecurityProtocolCorrelationState correlationState, TimeSpan timeout) at System.ServiceModel.Channels.SecurityChannelFactory1.SecurityRequestChannel.Request(Message message, TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)
Exception rethrown at [0]:
at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
at System.ServiceModel.Security.IWSTrustContract.Issue(Message message)
at System.ServiceModel.Security.WSTrustChannel.Issue(RequestSecurityToken rst, RequestSecurityTokenResponse& rstr)
at System.ServiceModel.Security.WSTrustChannel.Issue(RequestSecurityToken rst)
at Thinktecture.IdentityServer.Protocols.AdfsIntegration.AdfsBridge.Authenticate(ClaimsIdentity identity, String appliesTo)
at Thinktecture.IdentityServer.Protocols.AdfsIntegration.AdfsController.ProcessSamlRequest(TokenRequest request)
The text was updated successfully, but these errors were encountered:
Looking through the AdfsBridge code it appears the only ver that it uses for those steps is the ADFS Encryption cert. I had to modify my version of the IdServer site so that the ADFS cert is chosen from the local certificate store via a drop down. It then uses the same code for grabbing the cert that you had for grabbing the signing cert from the personal certificate store. Are there any special permissions I need to set for the app pool identity in order to get all the pieces it needs from the ADFS cert? Since that cert is public key only I wouldn't think I need any other permissions besides access to the store itself, which I can confirm it has since the IdServer signing cert can be accessed and used just fine. Are there any more trust steps that I may be missing?
I'm embarrassed to admit that I found out the problem was just a matter of different certificates being used. ADFS was expecting a temp cert I had set up before, but IdServer was using a newer cert instead, so the issue step was failing.
I am getting an error when attempting to request a new token from ADFS based on a saml assertion. Based on the error my suspicion is that it has something to do with my ADFS Encryption certificate, but I don't really know for sure. Do you have any suggestions on which parts of the code/setup I should look at to fix this?
This is the error I'm seeing in the trace log:
Error while communicating with ADFS: System.ServiceModel.Security.MessageSecurityException: An unsecured or incorrectly secured fault was received from the other party. See the inner FaultException for the fault code and detail. ---> System.ServiceModel.FaultException: An error occurred when processing the security tokens in the message.
--- End of inner exception stack trace ---
Server stack trace:
at System.ServiceModel.Channels.SecurityChannelFactory
1.SecurityRequestChannel.ProcessReply(Message reply, SecurityProtocolCorrelationState correlationState, TimeSpan timeout) at System.ServiceModel.Channels.SecurityChannelFactory
1.SecurityRequestChannel.Request(Message message, TimeSpan timeout)at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)
Exception rethrown at [0]:
at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
at System.ServiceModel.Security.IWSTrustContract.Issue(Message message)
at System.ServiceModel.Security.WSTrustChannel.Issue(RequestSecurityToken rst, RequestSecurityTokenResponse& rstr)
at System.ServiceModel.Security.WSTrustChannel.Issue(RequestSecurityToken rst)
at Thinktecture.IdentityServer.Protocols.AdfsIntegration.AdfsBridge.Authenticate(ClaimsIdentity identity, String appliesTo)
at Thinktecture.IdentityServer.Protocols.AdfsIntegration.AdfsController.ProcessSamlRequest(TokenRequest request)
The text was updated successfully, but these errors were encountered: