Problem in STS Communication
Hi
We have created a managed card provider and STS. We have followed the following steps
1. Installed the Card provider certificates
2. Provided ACL for those certificates
3. Hosted the STS in IIS
4. Set SSL for the Card Provider Certificate
Now when we use the card, the cardspace is unable to retrieve the Security token from the STS. The Error log displays the following
"There was a failure making a WS-Trust exchange with an external application. The Identity provider end point was not found."
We are unable to trace where the exact problem is. Could someone tell us how to configure the endpoints in STS
I'll post a couple of quick points, as it may help, but this sounds like it could turn bigger :D.
The STS's endpoint should be visible from the browser (ie: http://foo.bar.com/STS) , but, the MEX endpoint for that MUST be protected with SSL (ie: https://foo.bar.com/STS/MEX).
So, are you using the STS sample that we provided? (it's not configured for hosting under IIS yet).
If not, try that first, and post back.
Hi Garett/Ragu,
We are facing issues in creating Managed Cards.
Could you please help us understand how to create Managed Provider cards. We are able to use Self-issued cards. However, we are getting the below exception when using Managed Provider cards from thr RP application:
An unsecured or incorrectly secured fault was received from the other party. See the inner FaultException for the fault code and detail, With inner Exception as "An error occurred when processing the security tokens in the message."
TIA.
Hey Mahalax,
We are facing issues in creating Managed Cards.
Could you please help us understand how to create Managed Provider cards. We are able to use Self-issued cards. However, we are getting the below exception when using Managed Provider cards from thr RP application:
An unsecured or incorrectly secured fault was received from the other party. See the inner FaultException for the fault code and detail, With inner Exception as "An error occurred when processing the security tokens in the message."
I think I'm going to need more information before I can help you.
Describe your scenario a bit... What are you using as your STS? and what are you doing at the RP?
Thanks,
Raguvind,
What is the purpose of Setting giving ACL to IIS for all the certificates when the STS is not hosted in IIS.
Well, it's two-fold.
First, the RP needs the ACLs on the private keys set to read them, and so I set them in my standard install scripts to make that easy.
Secondly, I intend on having it work in IIS, so I will need them eventually. :D
Thanks,
