identityserver Issue Tracker Rss Feed

Created Issue: Connecting wsfederation issuer from visual studio IIS express [9831]

tsathiyas — Wed, 09 Jan 2013 14:42:41 GMT

I have hosted Identity Server in my local IIS as a website. I am trying to connect to this Identity Server using my MVC application that is running through visual studio IIS express. I am getting an Access Denied error. In my system I login as domain user who is not in local administrator group. Please suggest me.

Thanks,
sathya

Commented Issue: https://localhost/sts/issue/wstrust/mex doesn't return anything... [8855]

DominickBaier — Tue, 08 Jan 2013 05:56:53 GMT

Hi 
 
Does someone know why mex endpoint doesn't return anything, ? I downloaded latest version as well but it doesn't return any information,
it returns HTTP/1.1 400 Bad Request, 
I tried ACS mex endpoint
https://xxxxx.accesscontrol.appfabriclabs.com/v2/wstrust/mex
 
and it does return WSDL, also 
https://localhost/sts/issue/wstrust?wsdl return WSDL 
 
why mex endpoint returns Bad request? is it a bug or do I have to any configuration.
 
I have been using STS for a while and for .NET clients this wasn't be a problem. But recently I tried connecting WCF protected with STS and i'm getting following error, so then i just checked the mex endpoint and it returns Bad Request, can someone help me on this.
 
Oct 26, 2011 3:54:40 PM com.sun.xml.wss.jaxws.impl.SecurityClientTube invokeTrustPlugin
SEVERE: WSSTUBE0035: Recieved Exception during IssuedToken Creation.
com.sun.xml.ws.api.security.trust.WSTrustException: WST0017:Could not obtain STS metadata. MEX call to STS https://mydomain.com/issue/wstrust/mex failed.
 at com.sun.xml.ws.security.trust.impl.TrustPluginImpl.doMexRequest(TrustPluginImpl.java:682)
 
at com.sun.xml.ws.security.trust.impl.TrustPluginImpl.invokeRST(TrustPluginImpl.java:5
 
 
Thanks

Comments: ** Comment from web user: DominickBaier **

Is this IdentityServer v1 or v2 ? - for v2 please use

https://github.com/thinktecture/Thinktecture.IdentityServer.v2/issues?state=open

Commented Issue: https://localhost/sts/issue/wstrust/mex doesn't return anything... [8855]

mkessel — Mon, 07 Jan 2013 12:47:37 GMT

Have you found a solution to this error? I am currently experiencing the same issue.

Commented Issue: User which belongs to more than one role crashes the SimpleWebTokenHandler.CreateUnsignedToken method [9644]

wvdd007 — Mon, 01 Oct 2012 09:27:26 GMT

When a user has more than one role, the SimpleWebTokenHandler serialization crashes (because it is dictionary based). When it tries to add the second role claim to the dictionary it complaims that the key is already in the dictionary.
Is it a constraint for SWT that claims can only occur once or is this a small oversight ?
Comments: ** Comment from web user: wvdd007 **

I know it's the wrong place. Unfortunately both the SimpleWebTokenHandler and JsonWebTokenHandler are in the ThinkTecture.IdentityModel assembly, which is not accessible (in source code) from this project. I therefore has to resort to the poor mans solution with an ugly if statement.

Commented Issue: User which belongs to more than one role crashes the SimpleWebTokenHandler.CreateUnsignedToken method [9644]

DominickBaier — Mon, 01 Oct 2012 07:09:16 GMT

Hi,

where did you fix this? in the token service itself.

That's the wrong place. The claims handling needs to be done in the SimpleWebTokenHandler. Have a look at the latest JsonWebTokenHandler...

Commented Issue: User which belongs to more than one role crashes the SimpleWebTokenHandler.CreateUnsignedToken method [9644]

wvdd007 — Sun, 30 Sep 2012 16:24:48 GMT

Hello, here is a quickfix the solves the problem for multi-valued claims.

Commented Issue: User which belongs to more than one role crashes the SimpleWebTokenHandler.CreateUnsignedToken method [9644]

wvdd007 — Mon, 24 Sep 2012 11:51:18 GMT

Ok, those work. On SourceForge however, the "source code" tab has "connection instructions" that point to https://identityserver.svn.codeplex.com/svn. Those were empty.
I'll have a look at the fixes. I'll post you an svn patch file if and when I'm done.

Commented Issue: User which belongs to more than one role crashes the SimpleWebTokenHandler.CreateUnsignedToken method [9644]

DominickBaier — Mon, 24 Sep 2012 07:30:02 GMT

Which exact version of identity server are you using..?

The most recent source code can be found either at:

https://github.com/thinktecture/Thinktecture.IdentityServer.45
or
https://github.com/thinktecture/Thinktecture.IdentityServer

all my new development goes into the 4.5 version.

Commented Issue: User which belongs to more than one role crashes the SimpleWebTokenHandler.CreateUnsignedToken method [9644]

wvdd007 — Sun, 23 Sep 2012 15:43:11 GMT

Sure, I want to fix this. The problem is in in both SWT and JWT. I only don't know how I can fix it. If I checkout from SVN, the instructions on this site just give me an empty directory.

Commented Issue: User which belongs to more than one role crashes the SimpleWebTokenHandler.CreateUnsignedToken method [9644]

DominickBaier — Sun, 23 Sep 2012 13:33:39 GMT

Well both i guess -

first - in SWT only one claim per type is allowed - you need to separate the values with a ",'.
..but this should be handled of course by the plumbing to give the end-user the familiar List<Claim> programming interface.

So i guess it is a bug. I am rarely using SWT.

Do you want to fix it?

Created Issue: User which belongs to more than one role crashes the SimpleWebTokenHandler.CreateUnsignedToken method [9644]

wvdd007 — Wed, 19 Sep 2012 12:40:17 GMT

Commented Issue: Trying to specify a certificate overflows the string buffer [9256]

Sarafian — Mon, 02 Jul 2012 12:56:31 GMT

I have IdentityServer setup and was specifying a new relying party in the admin pages but after choosing a certificate and clicking submit I get an error on screen:

•An error occurred while updating the entries. See the inner exception for details.

So then I attach to process and attempt to track down the error and the text version of my certificate (beginning with MII*) is 2120 characters when it is expecting 2048. Here is the messge and stack trace:

An error occurred while updating the entries. See the inner exception for details.

at System.Data.Entity.Internal.InternalContext.SaveChanges()
at Thinktecture.IdentityServer.Repositories.Sql.RelyingPartyRepository.Update(RelyingParty relyingParty) in C:\Projects\SingleSignOn\IdentityServer\ADFSRP\Thinktecture.IdentityServer.Core.Repositories\RelyingPartyRepository.cs:line 98
at Thinktecture.IdentityServer.Web.Controllers.RelyingPartiesAdminController.Edit(RelyingPartyModel relyingParty) in C:\Projects\SingleSignOn\IdentityServer\ADFSRP\WebSite\Controllers\Admin\RelyingPartiesAdminController.cs:line 85

I was trying to specify one of my .cer files. I also tried with a smaller .cer file and it worked. The larger file was 1.5K and the smaller one was 716 bytes. So I think this just has to do with the size of the .cer file.
Comments: ** Comment from web user: Sarafian **

I have the same issue. I did as clineer suggested and works.
Possible problem is that SQL Server compact restricts column size to 4K. My certificate was like 2.3K.

Thanks for the app.

Commented Issue: Cannot add relying party as https [8211]

johnxjcheng — Tue, 26 Jun 2012 18:21:36 GMT

After succesfully adding a relying party with a https url the url changes to http.

I saw that the real is saved in the database without a protocol prefix.

I found the problem:

When the real is filled:

Realm = new Uri("http://" + rpEntity.Realm)

When the real is saved:
Realm = relyingParty.Realm.AbsoluteUri.StripProtocolMoniker()

Is there are reason to strip the protocol?
Comments: ** Comment from web user: johnxjcheng **

I thought it should accept https as well, but later on realized it’s not necessary. Thinktecture does not store protocol as a port of the realm in the repository. It trims the protocol off before saving and add it back before displaying. So, I guess this allows the realm work against either http or https. When you do Add STS reference, you may choose to use https. This works fine for me.

Commented Issue: antiforgery [9438]

macseinsfeld — Fri, 08 Jun 2012 04:53:58 GMT

hi, i got the antiforgery-error when calling global configuration.
Comments: ** Comment from web user: macseinsfeld **

sorry, wrote this via Handy. should be in the discussion-section. please close it...

Created Issue: antiforgery [9438]

macseinsfeld — Thu, 07 Jun 2012 08:43:54 GMT

hi, i got the antiforgery-error when calling global configuration.

Commented Issue: Init setup failes when running Non-SQL Compact [9397]

jakenk — Thu, 17 May 2012 15:28:18 GMT

After the needed configuration to run on a real SQL the setup will never start with the error:

No signing certificate found in database.

This is caused by multiple calles like (also to check if the setup has to run):
if (!string.IsNullOrWhiteSpace(ConfigurationRepository.SigningCertificate.SubjectDistinguishedName))

But this call always throws a:
if (cert == null)
{
throw new ConfigurationErrorsException("No signing certificate found in database");
}
Comments: ** Comment from web user: jakenk **

If this is the same problem I had, I had to insert default certificates into the Certificates table. The rest of the config options were fine empty & defaulted cleanly, but these had to be inserted manually.

INSERT INTO dbo.Certificates
( Name, SubjectDistinguishedName )
VALUES ( N'SSL', -- Name - nvarchar(100)
N'CN=localhost' -- SubjectDistinguishedName - nvarchar(200)
)
INSERT INTO dbo.Certificates
( Name, SubjectDistinguishedName )
VALUES ( N'SigningCertificate', -- Name - nvarchar(100)
N'CN=localhost' -- SubjectDistinguishedName - nvarchar(200)
)

Created Issue: Init setup failes when running Non-SQL Compact [9397]

jmvermeulen — Mon, 14 May 2012 09:09:31 GMT

Commented Issue: https://localhost/sts/issue/wstrust/mex doesn't return anything... [8855]

ramesh1312 — Thu, 22 Mar 2012 13:51:27 GMT

Hi

Does someone know why mex endpoint doesn't return anything, ? I downloaded latest version as well but it doesn't return any information,
it returns HTTP/1.1 400 Bad Request,
I tried ACS mex endpoint
https://xxxxx.accesscontrol.appfabriclabs.com/v2/wstrust/mex

and it does return WSDL, also
https://localhost/sts/issue/wstrust?wsdl return WSDL

why mex endpoint returns Bad request? is it a bug or do I have to any configuration.

I have been using STS for a while and for .NET clients this wasn't be a problem. But recently I tried connecting WCF protected with STS and i'm getting following error, so then i just checked the mex endpoint and it returns Bad Request, can someone help me on this.

Oct 26, 2011 3:54:40 PM com.sun.xml.wss.jaxws.impl.SecurityClientTube invokeTrustPlugin
SEVERE: WSSTUBE0035: Recieved Exception during IssuedToken Creation.
com.sun.xml.ws.api.security.trust.WSTrustException: WST0017:Could not obtain STS metadata. MEX call to STS https://mydomain.com/issue/wstrust/mex failed.
at com.sun.xml.ws.security.trust.impl.TrustPluginImpl.doMexRequest(TrustPluginImpl.java:682)

at com.sun.xml.ws.security.trust.impl.TrustPluginImpl.invokeRST(TrustPluginImpl.java:5

Thanks
Comments: ** Comment from web user: ramesh1312 **

sfsfsafsaf

Commented Issue: Trying to specify a certificate overflows the string buffer [9256]

DominickBaier — Tue, 20 Mar 2012 08:40:17 GMT

OK. Thanks! Will add that to the "to fix" list for v.next.

Commented Issue: Trying to specify a certificate overflows the string buffer [9256]

clineer — Mon, 19 Mar 2012 19:44:17 GMT

I was able to solve this issue by opening the SQL CE database up in WebMatrix and then making the RelyingParties.EncryptionCertificate column length to 3000.

Thanks!