search

IdentityServer / IdentityServer2

[deprecated] Thinktecture IdentityServer is a light-weight security token service built with .NET 4.5, MVC 4, Web API and WCF.
Other
410 stars 291 forks source link

1st web application 404 error #778

Closed nstubi closed 10 years ago

nstubi commented 10 years ago

Dear Dominick,

I've been able to successfully setup IDS with your video tutorial.

I'm now trying to configure and use my first RP. I'm redirected to IDS sign-in, only, when I click on sign in like you (3min31sec of the video http://vimeo.com/51666380), I get an error 404:

Error Summary HTTP Error 404.0 - Not Found

The resource you are looking for has been removed, had its name changed, or is temporarily unavailable.

Detailed Error Information

Module IIS Web Core

Notification MapRequestHandler

Handler StaticFile

Error Code 0x80070002

Requested URL https://localhost:443/AITPortalIdentityServer/issue/hrd?wa=wsignin1.0&wtrealm=http%3a%2f%2flocalhost%3a57780%2f&wctx=rm%3d0%26id%3dpassive%26ru%3d%252f&wct=2014-08-26T08%3a23%3a25Z&wreply=http%3a%2f%2flocalhost%3a57780%2f

Physical Path C:\dev\xTaT\AIT Portal\Version2\Client\STS\Thinktecture.IdentityServer.v2-master\src\OnPremise\WebSite\issue\hrd

Logon Method IdentityServer

Logon User admin

Maybe a track to follow: when I used the Identity and Access Tool, I was missing the "reply" element in the web.config. I had to add it manually:

Could you please advise? Best Regards Nicolas Stubi
nstubi commented 10 years ago

Maybe because the configuration.WSFederation.EnableFederation was set to false by default?

nstubi commented 10 years ago

In the file ConfigurationDatabaseInitializer, the EnableHrd seems to be problematic (false):

private static WSFederationConfiguration CreateDefaultWSFederationConfiguration() { return new WSFederationConfiguration { AllowReplyTo = false, EnableAuthentication = true, Enabled = true, EnableFederation = false, EnableHrd = false, RequireReplyToWithinRealm = true, RequireSslForReplyTo = true }; }

By the way, what is HRD?

Best Regards, Nicolas

nstubi commented 10 years ago

EnableFederation = false is problematic, sorry.

I had to set it to true.

nstubi commented 10 years ago

Now I get the following response from IDS when trying to login with my 1st application:

Choose an Identity Provider to Login

No Identity Providers configured. Contact your administrator.

Please Help,

Best Regards, Nicolas Stubi

leastprivilege commented 10 years ago

I think you are using the wrong endpoint. For authentication you want to use /issue/wsfed.

Why are you using /hrd?

nstubi commented 10 years ago

Hi Dominick,

You’re right, I was using the wrong endpoint. It’s working fine now.

I’m now modifying IdentityServer to use it against our own users management database. This is great project, very useful and well architected.

Do you have any ideas on the release date (v1, not beta) of IdentityServer v3?

Apart from using the latest technologies (OWIN/katana self-hosting), why would you recommend to replace IdentityServer v2 by v3?

Best Regards,

Nicolas Stubi PHILIP MORRIS INTERNATIONAL MANAGEMENT SA Illicit Trade Strategies & Prevention Technology Center Avenue de Rhodanie 50 1007 Lausanne, Switzerland Phone: +41 (0)58 242 63 48 Email: nicolas.stubi@pmi.commailto:nicolas.stubi@pmi.com Please think of the environment before printing this email

NOTICE: This e-mail may contain confidential information, which should not be copied or distributed without authorization. If you have received this e-mail message by mistake, please inform the sender and delete it from your system. Please note that, for the efficient preservation of Company records that may be required for litigation, e-mail messages sent to the author of this message will be copied and may be retained in a secure repository.

From: Dominick Baier [mailto:notifications@github.com] Sent: mercredi 27 août 2014 22:01 To: thinktecture/Thinktecture.IdentityServer.v2 Cc: Stubi, Nicolas Subject: Re: [Thinktecture.IdentityServer.v2] 1st web application 404 error (#778)

I think you are using the wrong endpoint. For authentication you want to use /issue/wsfed.

Why are you using /hrd?

— Reply to this email directly or view it on GitHubhttps://github.com/thinktecture/Thinktecture.IdentityServer.v2/issues/778#issuecomment-53631664.

leastprivilege commented 10 years ago

Cool!

Well v2 focuses on WS-Fed and WS-Trust - v3 on OAuth2 and OpenID Connect (and a WS-Fed plugin).

Different technology waves.

nstubi commented 10 years ago

Thank you.

Now I remember why I used HRD: when using Identity and Access Tool and uploading the WS Federation Metadata document, by default my client configuration is done with HRD. This is because of the metadata (as you can see in attached file).

I guess this is a configuration on IdentityServer that should specify to use HRD by default.

Could you please point me to the configuration change I need to do to in order to use wsfed by default and have it in the metadata document?

Best Regards,

Nicolas Stubi PHILIP MORRIS INTERNATIONAL MANAGEMENT SA Illicit Trade Strategies & Prevention Technology Center Avenue de Rhodanie 50 1007 Lausanne, Switzerland Phone: +41 (0)58 242 63 48 Email: nicolas.stubi@pmi.commailto:nicolas.stubi@pmi.com Please think of the environment before printing this email

NOTICE: This e-mail may contain confidential information, which should not be copied or distributed without authorization. If you have received this e-mail message by mistake, please inform the sender and delete it from your system. Please note that, for the efficient preservation of Company records that may be required for litigation, e-mail messages sent to the author of this message will be copied and may be retained in a secure repository.

From: Dominick Baier [mailto:notifications@github.com] Sent: jeudi 28 août 2014 11:15 To: thinktecture/Thinktecture.IdentityServer.v2 Cc: Stubi, Nicolas Subject: Re: [Thinktecture.IdentityServer.v2] 1st web application 404 error (#778)

Cool!

Well v2 focuses on WS-Fed and WS-Trust - v3 on OAuth2 and OpenID Connect (and a WS-Fed plugin).

Different technology waves.

— Reply to this email directly or view it on GitHubhttps://github.com/thinktecture/Thinktecture.IdentityServer.v2/issues/778#issuecomment-53692086.

leastprivilege commented 10 years ago

What's the URL of the metadata document you use?

nstubi commented 10 years ago

https://localhost/AITPortalIdentityServer/FederationMetadataRP/2007-06/FederationMetadata.xml

locally on my development workstation.

BUT because I’m having some trouble using it directly, I save the file locally (C:\Temp...) and it’s only working like this.

Trouble when using the URL (a stupid 401 error):

[cid:image001.png@01CFC2B5.D2CC0990]

Best Regards,

Nicolas Stubi PHILIP MORRIS INTERNATIONAL MANAGEMENT SA Illicit Trade Strategies & Prevention Technology Center Avenue de Rhodanie 50 1007 Lausanne, Switzerland Phone: +41 (0)58 242 63 48 Email: nicolas.stubi@pmi.commailto:nicolas.stubi@pmi.com Please think of the environment before printing this email

NOTICE: This e-mail may contain confidential information, which should not be copied or distributed without authorization. If you have received this e-mail message by mistake, please inform the sender and delete it from your system. Please note that, for the efficient preservation of Company records that may be required for litigation, e-mail messages sent to the author of this message will be copied and may be retained in a secure repository.

From: Dominick Baier [mailto:notifications@github.com] Sent: jeudi 28 août 2014 11:41 To: thinktecture/Thinktecture.IdentityServer.v2 Cc: Stubi, Nicolas Subject: Re: [Thinktecture.IdentityServer.v2] 1st web application 404 error (#778)

What's the URL of the metadata document you use?

— Reply to this email directly or view it on GitHubhttps://github.com/thinktecture/Thinktecture.IdentityServer.v2/issues/778#issuecomment-53696669.

leastprivilege commented 10 years ago

that's the wrong one

try

https://localhost/AITPortalIdentityServer/FederationMetadata/2007-06/FederationMetadata.xml

nstubi commented 10 years ago

Working fine – thanks. Still having the 401 error but by saving the file locally it worked.

Best Regards,

Nicolas Stubi PHILIP MORRIS INTERNATIONAL MANAGEMENT SA Illicit Trade Strategies & Prevention Technology Center Avenue de Rhodanie 50 1007 Lausanne, Switzerland Phone: +41 (0)58 242 63 48 Email: nicolas.stubi@pmi.commailto:nicolas.stubi@pmi.com Please think of the environment before printing this email

NOTICE: This e-mail may contain confidential information, which should not be copied or distributed without authorization. If you have received this e-mail message by mistake, please inform the sender and delete it from your system. Please note that, for the efficient preservation of Company records that may be required for litigation, e-mail messages sent to the author of this message will be copied and may be retained in a secure repository.

From: Dominick Baier [mailto:notifications@github.com] Sent: jeudi 28 août 2014 11:49 To: thinktecture/Thinktecture.IdentityServer.v2 Cc: Stubi, Nicolas Subject: Re: [Thinktecture.IdentityServer.v2] 1st web application 404 error (#778)

that's the wrong one

try

https://localhost/AITPortalIdentityServer/FederationMetadata/2007-06/FederationMetadata.xml

— Reply to this email directly or view it on GitHubhttps://github.com/thinktecture/Thinktecture.IdentityServer.v2/issues/778#issuecomment-53697549.

nstubi commented 10 years ago

Hello,

May I ask you to have a look at my question here:

http://leastprivilege.com/2013/05/17/customizing-identityserver/comment-page-1/#comment-33572

Best Regards,

Nicolas Stubi PHILIP MORRIS INTERNATIONAL MANAGEMENT SA Illicit Trade Strategies & Prevention Technology Center Avenue de Rhodanie 50 1007 Lausanne, Switzerland Phone: +41 (0)58 242 63 48 Email: nicolas.stubi@pmi.commailto:nicolas.stubi@pmi.com Please think of the environment before printing this email

NOTICE: This e-mail may contain confidential information, which should not be copied or distributed without authorization. If you have received this e-mail message by mistake, please inform the sender and delete it from your system. Please note that, for the efficient preservation of Company records that may be required for litigation, e-mail messages sent to the author of this message will be copied and may be retained in a secure repository.

From: Dominick Baier [mailto:notifications@github.com] Sent: jeudi 28 août 2014 11:59 To: thinktecture/Thinktecture.IdentityServer.v2 Cc: Stubi, Nicolas Subject: Re: [Thinktecture.IdentityServer.v2] 1st web application 404 error (#778)

Closed #778https://github.com/thinktecture/Thinktecture.IdentityServer.v2/issues/778.

— Reply to this email directly or view it on GitHubhttps://github.com/thinktecture/Thinktecture.IdentityServer.v2/issues/778#event-158316943.

leastprivilege commented 10 years ago

Please open a new issue for that.