Closed nstubi closed 10 years ago
Maybe because the configuration.WSFederation.EnableFederation was set to false by default?
In the file ConfigurationDatabaseInitializer, the EnableHrd seems to be problematic (false):
private static WSFederationConfiguration CreateDefaultWSFederationConfiguration() { return new WSFederationConfiguration { AllowReplyTo = false, EnableAuthentication = true, Enabled = true, EnableFederation = false, EnableHrd = false, RequireReplyToWithinRealm = true, RequireSslForReplyTo = true }; }
By the way, what is HRD?
Best Regards, Nicolas
EnableFederation = false is problematic, sorry.
I had to set it to true.
Now I get the following response from IDS when trying to login with my 1st application:
Choose an Identity Provider to Login
No Identity Providers configured. Contact your administrator.
Please Help,
Best Regards, Nicolas Stubi
I think you are using the wrong endpoint. For authentication you want to use /issue/wsfed.
Why are you using /hrd?
Hi Dominick,
You’re right, I was using the wrong endpoint. It’s working fine now.
I’m now modifying IdentityServer to use it against our own users management database. This is great project, very useful and well architected.
Do you have any ideas on the release date (v1, not beta) of IdentityServer v3?
Apart from using the latest technologies (OWIN/katana self-hosting), why would you recommend to replace IdentityServer v2 by v3?
Best Regards,
Nicolas Stubi PHILIP MORRIS INTERNATIONAL MANAGEMENT SA Illicit Trade Strategies & Prevention Technology Center Avenue de Rhodanie 50 1007 Lausanne, Switzerland Phone: +41 (0)58 242 63 48 Email: nicolas.stubi@pmi.commailto:nicolas.stubi@pmi.com Please think of the environment before printing this email
NOTICE: This e-mail may contain confidential information, which should not be copied or distributed without authorization. If you have received this e-mail message by mistake, please inform the sender and delete it from your system. Please note that, for the efficient preservation of Company records that may be required for litigation, e-mail messages sent to the author of this message will be copied and may be retained in a secure repository.
From: Dominick Baier [mailto:notifications@github.com] Sent: mercredi 27 août 2014 22:01 To: thinktecture/Thinktecture.IdentityServer.v2 Cc: Stubi, Nicolas Subject: Re: [Thinktecture.IdentityServer.v2] 1st web application 404 error (#778)
I think you are using the wrong endpoint. For authentication you want to use /issue/wsfed.
Why are you using /hrd?
— Reply to this email directly or view it on GitHubhttps://github.com/thinktecture/Thinktecture.IdentityServer.v2/issues/778#issuecomment-53631664.
Cool!
Well v2 focuses on WS-Fed and WS-Trust - v3 on OAuth2 and OpenID Connect (and a WS-Fed plugin).
Different technology waves.
Thank you.
Now I remember why I used HRD: when using Identity and Access Tool and uploading the WS Federation Metadata document, by default my client configuration is done with HRD. This is because of the metadata (as you can see in attached file).
I guess this is a configuration on IdentityServer that should specify to use HRD by default.
Could you please point me to the configuration change I need to do to in order to use wsfed by default and have it in the metadata document?
Best Regards,
Nicolas Stubi PHILIP MORRIS INTERNATIONAL MANAGEMENT SA Illicit Trade Strategies & Prevention Technology Center Avenue de Rhodanie 50 1007 Lausanne, Switzerland Phone: +41 (0)58 242 63 48 Email: nicolas.stubi@pmi.commailto:nicolas.stubi@pmi.com Please think of the environment before printing this email
NOTICE: This e-mail may contain confidential information, which should not be copied or distributed without authorization. If you have received this e-mail message by mistake, please inform the sender and delete it from your system. Please note that, for the efficient preservation of Company records that may be required for litigation, e-mail messages sent to the author of this message will be copied and may be retained in a secure repository.
From: Dominick Baier [mailto:notifications@github.com] Sent: jeudi 28 août 2014 11:15 To: thinktecture/Thinktecture.IdentityServer.v2 Cc: Stubi, Nicolas Subject: Re: [Thinktecture.IdentityServer.v2] 1st web application 404 error (#778)
Cool!
Well v2 focuses on WS-Fed and WS-Trust - v3 on OAuth2 and OpenID Connect (and a WS-Fed plugin).
Different technology waves.
— Reply to this email directly or view it on GitHubhttps://github.com/thinktecture/Thinktecture.IdentityServer.v2/issues/778#issuecomment-53692086.
What's the URL of the metadata document you use?
https://localhost/AITPortalIdentityServer/FederationMetadataRP/2007-06/FederationMetadata.xml
locally on my development workstation.
BUT because I’m having some trouble using it directly, I save the file locally (C:\Temp...) and it’s only working like this.
Trouble when using the URL (a stupid 401 error):
[cid:image001.png@01CFC2B5.D2CC0990]
Best Regards,
Nicolas Stubi PHILIP MORRIS INTERNATIONAL MANAGEMENT SA Illicit Trade Strategies & Prevention Technology Center Avenue de Rhodanie 50 1007 Lausanne, Switzerland Phone: +41 (0)58 242 63 48 Email: nicolas.stubi@pmi.commailto:nicolas.stubi@pmi.com Please think of the environment before printing this email
NOTICE: This e-mail may contain confidential information, which should not be copied or distributed without authorization. If you have received this e-mail message by mistake, please inform the sender and delete it from your system. Please note that, for the efficient preservation of Company records that may be required for litigation, e-mail messages sent to the author of this message will be copied and may be retained in a secure repository.
From: Dominick Baier [mailto:notifications@github.com] Sent: jeudi 28 août 2014 11:41 To: thinktecture/Thinktecture.IdentityServer.v2 Cc: Stubi, Nicolas Subject: Re: [Thinktecture.IdentityServer.v2] 1st web application 404 error (#778)
What's the URL of the metadata document you use?
— Reply to this email directly or view it on GitHubhttps://github.com/thinktecture/Thinktecture.IdentityServer.v2/issues/778#issuecomment-53696669.
that's the wrong one
try
https://localhost/AITPortalIdentityServer/FederationMetadata/2007-06/FederationMetadata.xml
Working fine – thanks. Still having the 401 error but by saving the file locally it worked.
Best Regards,
Nicolas Stubi PHILIP MORRIS INTERNATIONAL MANAGEMENT SA Illicit Trade Strategies & Prevention Technology Center Avenue de Rhodanie 50 1007 Lausanne, Switzerland Phone: +41 (0)58 242 63 48 Email: nicolas.stubi@pmi.commailto:nicolas.stubi@pmi.com Please think of the environment before printing this email
NOTICE: This e-mail may contain confidential information, which should not be copied or distributed without authorization. If you have received this e-mail message by mistake, please inform the sender and delete it from your system. Please note that, for the efficient preservation of Company records that may be required for litigation, e-mail messages sent to the author of this message will be copied and may be retained in a secure repository.
From: Dominick Baier [mailto:notifications@github.com] Sent: jeudi 28 août 2014 11:49 To: thinktecture/Thinktecture.IdentityServer.v2 Cc: Stubi, Nicolas Subject: Re: [Thinktecture.IdentityServer.v2] 1st web application 404 error (#778)
that's the wrong one
try
https://localhost/AITPortalIdentityServer/FederationMetadata/2007-06/FederationMetadata.xml
— Reply to this email directly or view it on GitHubhttps://github.com/thinktecture/Thinktecture.IdentityServer.v2/issues/778#issuecomment-53697549.
Hello,
May I ask you to have a look at my question here:
http://leastprivilege.com/2013/05/17/customizing-identityserver/comment-page-1/#comment-33572
Best Regards,
Nicolas Stubi PHILIP MORRIS INTERNATIONAL MANAGEMENT SA Illicit Trade Strategies & Prevention Technology Center Avenue de Rhodanie 50 1007 Lausanne, Switzerland Phone: +41 (0)58 242 63 48 Email: nicolas.stubi@pmi.commailto:nicolas.stubi@pmi.com Please think of the environment before printing this email
NOTICE: This e-mail may contain confidential information, which should not be copied or distributed without authorization. If you have received this e-mail message by mistake, please inform the sender and delete it from your system. Please note that, for the efficient preservation of Company records that may be required for litigation, e-mail messages sent to the author of this message will be copied and may be retained in a secure repository.
From: Dominick Baier [mailto:notifications@github.com] Sent: jeudi 28 août 2014 11:59 To: thinktecture/Thinktecture.IdentityServer.v2 Cc: Stubi, Nicolas Subject: Re: [Thinktecture.IdentityServer.v2] 1st web application 404 error (#778)
Closed #778https://github.com/thinktecture/Thinktecture.IdentityServer.v2/issues/778.
— Reply to this email directly or view it on GitHubhttps://github.com/thinktecture/Thinktecture.IdentityServer.v2/issues/778#event-158316943.
Please open a new issue for that.
Dear Dominick,
I've been able to successfully setup IDS with your video tutorial.
I'm now trying to configure and use my first RP. I'm redirected to IDS sign-in, only, when I click on sign in like you (3min31sec of the video http://vimeo.com/51666380), I get an error 404:
Error Summary HTTP Error 404.0 - Not Found
The resource you are looking for has been removed, had its name changed, or is temporarily unavailable.
Detailed Error Information
Module IIS Web Core
Notification MapRequestHandler
Handler StaticFile
Error Code 0x80070002
Requested URL https://localhost:443/AITPortalIdentityServer/issue/hrd?wa=wsignin1.0&wtrealm=http%3a%2f%2flocalhost%3a57780%2f&wctx=rm%3d0%26id%3dpassive%26ru%3d%252f&wct=2014-08-26T08%3a23%3a25Z&wreply=http%3a%2f%2flocalhost%3a57780%2f
Physical Path C:\dev\xTaT\AIT Portal\Version2\Client\STS\Thinktecture.IdentityServer.v2-master\src\OnPremise\WebSite\issue\hrd
Logon Method IdentityServer
Logon User admin
Maybe a track to follow: when I used the Identity and Access Tool, I was missing the "reply" element in the web.config. I had to add it manually: