Friday, July 13, 2012 10:49 AM
I have configured my Sharepoint with ACS and behind ACS I have a custom STS for authentication as IdP. I have a just one IdP configured in ACS as of now. Now when I log in to the SharePoint site by typing the SharePoint site URL, it takes me to the STS page and I can log in and I am taken back to the original SharePoint page that I had navigated to and everything works fine.
But when I use the login URL for my IdP provided by the JSON feed, the user authenticates and when it is redirected back to SharePoint from ACS it takes it to the SharePoint error page instead of SharePoint site . Navigating to the SharePoint site now allows user to access it as it is authenticated now.
Using fiddler, when I check the difference between the URLs and parameters that are sent to STS, the only difference is that the "wctx" parameter in the STS url received from the JSON feed is smaller than the one generated when ACS itself redirects to the STS.
Since the "wctx" parameter seems to be encrypted I don't know what information is sent in it.
I have set "https://sharepoint url/_trust/" as the return address for my relying party in ACS.
Hung up on it for days and I can't seem to get the head or tails of it.
Monday, July 16, 2012 3:10 AMModeratorI don't know much of SharePoint. But on a normal ASP.NET site, if you want to use WIF, you have to disable ASP.NET request validation, as described on http://msdn.microsoft.com/en-us/library/ee517280.aspx. Since SharePoint is ASP.NET based, try the same workaround.
Tuesday, July 17, 2012 6:02 AMI actually did find what I was looking for. I had to send the URL to which I wanted to navigate after authentication, as context parameter to my JSON request to ACS. It encrypts this information in the "wctx" parameter in the login URL for the IdP. And when this URL is used for custom logins, ACS automatically sends the specified URL to SharePoint and SharePoint is able to redirect to the required URL.
- Marked As Answer by Ubaid Tahir Tuesday, July 17, 2012 6:02 AM