locked
ADFS Claim App server error-Line 22: public class TrustedIssuerNameRegistry : IssuerNameRegistry RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote

    ADFS App server error-

    Line 22: public class TrustedIssuerNameRegistry : IssuerNameRegistry

    Can you pls help.

    Cheers,

    Biswajit

    Technical Consultant – Active Directory-Microsoft PKI-Windows 2012 R2

      Linkedin:

    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.


    • Edited by bshwjt Friday, July 7, 2017 12:58 PM
    Friday, July 7, 2017 12:57 PM

Answers

  • Question
    Sign in to vote
    0
    Sign in to vote

    Issue fixed. validIssuers name is case sensitive in web.config 

    This one only.

              <validIssuers>
            <add name="http://STS.CONTOSO.COM/adfs/services/trust" />
          </validIssuers>

    Cheers,

    Biswajit

    Technical Consultant – Active Directory-Microsoft PKI-Windows 2012 R2

      

    Linkedin:

    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.




    • Marked as answer by bshwjt Tuesday, July 11, 2017 8:04 PM
    • Edited by bshwjt Thursday, July 13, 2017 5:48 PM
    Tuesday, July 11, 2017 8:04 PM

All replies

  • Question
    Sign in to vote
    0
    Sign in to vote

    We need way more information to help you out.

    What sample are you using? What version of IIS? How did you create the trust? Can you share the web.config file?

    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    Friday, July 7, 2017 9:23 PM
  • Question
    Sign in to vote
    0
    Sign in to vote 
    <?xml version="1.0"?>
<!-- 
    Note: As an alternative to hand editing this file you can use the 
    web admin tool to configure settings for your application. Use
    the Website->Asp.Net Configuration option in Visual Studio.
    A full list of settings and comments can be found in 
    machine.config.comments usually located in 
    \Windows\Microsoft.Net\Framework\v2.x\Config 
-->
<configuration>
  <configSections>
    <!-- Registers the microsoft.IdentityModel configuration section -->
    <section name="microsoft.identityModel" type="Microsoft.IdentityModel.Configuration.MicrosoftIdentityModelSection, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
  </configSections>
  <appSettings>
    <add key="FederationMetadataLocation" value="https://sts.contoso.com/federationmetadata/2007-06/federationmetadata.xml" />
  </appSettings>
  <connectionStrings />
  <location path="FederationMetadata">
    <system.web>
      <authorization>
        <allow users="*" />
      </authorization>
    </system.web>
  </location>
  <system.web>
    <!-- 
        Set compilation debug="true" to insert debugging 
        symbols into the compiled page. Because this 
        affects performance, set this value to true only 
        during development.
    -->
    <compilation debug="False" targetFramework="4.0">
      <assemblies>
        <add assembly="Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
        <add assembly="System.Design, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
        <add assembly="System.Security, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
        <add assembly="System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
      </assemblies>
    </compilation>
    <!--
        The <authentication> section enables configuration 
        of the security authentication mode used by 
        ASP.NET to identify an incoming user. 
    -->
    <authentication mode="None" />
    <authorization>
      <deny users="?" />
    </authorization>
    <!--
        The <customErrors> section enables configuration 
        of what to do if/when an unhandled error occurs 
        during the execution of a request. Specifically, 
        it enables developers to configure html error pages 
        to be displayed in place of a error stack trace.

        <customErrors mode="RemoteOnly" defaultRedirect="GenericErrorPage.htm">
            <error statusCode="403" redirect="NoAccess.htm" />
            <error statusCode="404" redirect="FileNotFound.htm" />
        </customErrors> 
    -->
    <pages controlRenderingCompatibilityVersion="3.5" />
    <httpRuntime requestValidationType="SampleRequestValidator" />
    <httpModules>
      <!-- Register SessionAuthenticationModule in IIS6 classic ASP.Net apps -->
      <add name="SessionAuthenticationModule" type="Microsoft.IdentityModel.Web.SessionAuthenticationModule, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
      <!-- Register WSFederatedAuthenticationModule in IIS6 classic ASP.Net apps -->
      <add name="WSFederationAuthenticationModule" type="Microsoft.IdentityModel.Web.WSFederationAuthenticationModule, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
    </httpModules>
  </system.web>
  <!-- 
        The system.webServer section is required for running ASP.NET AJAX under Internet
        Information Services 7.0.  It is not necessary for previous version of IIS.
    -->
  <system.webServer>
    <validation validateIntegratedModeConfiguration="false" />
    <modules>
      <add name="SessionAuthenticationModule" type="Microsoft.IdentityModel.Web.SessionAuthenticationModule, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" preCondition="managedHandler" />
      <add name="WSFederationAuthenticationModule" type="Microsoft.IdentityModel.Web.WSFederationAuthenticationModule, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" preCondition="managedHandler" />
    </modules>
  </system.webServer>
  <!-- 
  Comment the lines below to disable WIF tracing to: WIFTrace.e2e. 
  Open the trace file using the SvcTraceViewer.exe tool (shipped with the WCF SDK available from Microsoft) or a xml viewer.
  Refer to MSDN if you wish to add WCF tracing.
  -->
  <system.diagnostics>
    <sources>
      <source name="Microsoft.IdentityModel" switchValue="Verbose">
        <listeners>
          <add name="xml" type="System.Diagnostics.XmlWriterTraceListener" initializeData="WIFTrace.e2e" />
        </listeners>
      </source>
    </sources>
    <trace autoflush="true" />
  </system.diagnostics>
  <microsoft.identityModel>
    <service>
      <audienceUris>
        <add value="https://app-001.contoso.com/claimapp" />
      </audienceUris>
      <applicationService>
        <claimTypeRequired>
          <!--Following are the claims offered by STS 'http://STS.CONTOSO.COM/adfs/services/trust'. Add or uncomment claims that you require by your application and then update the federation metadata of this application.-->
          <claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" optional="true" />
          <claimType type="http://schemas.microsoft.com/ws/2008/06/identity/claims/role" optional="true" />
          <!--<claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" optional="true" />-->
          <!--<claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" optional="true" />-->
          <!--<claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn" optional="true" />-->
          <!--<claimType type="http://schemas.xmlsoap.org/claims/CommonName" optional="true" />-->
          <!--<claimType type="http://schemas.xmlsoap.org/claims/EmailAddress" optional="true" />-->
          <!--<claimType type="http://schemas.xmlsoap.org/claims/Group" optional="true" />-->
          <!--<claimType type="http://schemas.xmlsoap.org/claims/UPN" optional="true" />-->
          <!--<claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname" optional="true" />-->
          <!--<claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifier" optional="true" />-->
          <!--<claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier" optional="true" />-->
          <!--<claimType type="http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationinstant" optional="true" />-->
          <!--<claimType type="http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod" optional="true" />-->
          <!--<claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlysid" optional="true" />-->
          <!--<claimType type="http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlyprimarysid" optional="true" />-->
          <!--<claimType type="http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlyprimarygroupsid" optional="true" />-->
          <!--<claimType type="http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid" optional="true" />-->
          <!--<claimType type="http://schemas.microsoft.com/ws/2008/06/identity/claims/primarygroupsid" optional="true" />-->
          <!--<claimType type="http://schemas.microsoft.com/ws/2008/06/identity/claims/primarysid" optional="true" />-->
          <!--<claimType type="http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname" optional="true" />-->
          <!--<claimType type="http://schemas.microsoft.com/2012/01/devicecontext/claims/isregistereduser" optional="true" />-->
          <!--<claimType type="http://schemas.microsoft.com/2012/01/devicecontext/claims/identifier" optional="true" />-->
          <!--<claimType type="http://schemas.microsoft.com/2012/01/devicecontext/claims/registrationid" optional="true" />-->
          <!--<claimType type="http://schemas.microsoft.com/2012/01/devicecontext/claims/displayname" optional="true" />-->
          <!--<claimType type="http://schemas.microsoft.com/2012/01/devicecontext/claims/ostype" optional="true" />-->
          <!--<claimType type="http://schemas.microsoft.com/2012/01/devicecontext/claims/osversion" optional="true" />-->
          <!--<claimType type="http://schemas.microsoft.com/2012/01/devicecontext/claims/ismanaged" optional="true" />-->
          <!--<claimType type="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-forwarded-client-ip" optional="true" />-->
          <!--<claimType type="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-client-application" optional="true" />-->
          <!--<claimType type="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-client-user-agent" optional="true" />-->
          <!--<claimType type="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-client-ip" optional="true" />-->
          <!--<claimType type="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-endpoint-absolute-path" optional="true" />-->
          <!--<claimType type="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-proxy" optional="true" />-->
          <!--<claimType type="http://schemas.microsoft.com/2012/01/requestcontext/claims/relyingpartytrustid" optional="true" />-->
          <!--<claimType type="http://schemas.microsoft.com/2012/12/certificatecontext/extension/applicationpolicy" optional="true" />-->
          <!--<claimType type="http://schemas.microsoft.com/2012/12/certificatecontext/extension/authoritykeyidentifier" optional="true" />-->
          <!--<claimType type="http://schemas.microsoft.com/2012/12/certificatecontext/extension/basicconstraints" optional="true" />-->
          <!--<claimType type="http://schemas.microsoft.com/2012/12/certificatecontext/extension/eku" optional="true" />-->
          <!--<claimType type="http://schemas.microsoft.com/2012/12/certificatecontext/field/issuer" optional="true" />-->
          <!--<claimType type="http://schemas.microsoft.com/2012/12/certificatecontext/field/issuername" optional="true" />-->
          <!--<claimType type="http://schemas.microsoft.com/2012/12/certificatecontext/extension/keyusage" optional="true" />-->
          <!--<claimType type="http://schemas.microsoft.com/2012/12/certificatecontext/field/notafter" optional="true" />-->
          <!--<claimType type="http://schemas.microsoft.com/2012/12/certificatecontext/field/notbefore" optional="true" />-->
          <!--<claimType type="http://schemas.microsoft.com/2012/12/certificatecontext/extension/certificatepolicy" optional="true" />-->
          <!--<claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/rsa" optional="true" />-->
          <!--<claimType type="http://schemas.microsoft.com/2012/12/certificatecontext/field/rawdata" optional="true" />-->
          <!--<claimType type="http://schemas.microsoft.com/2012/12/certificatecontext/extension/san" optional="true" />-->
          <!--<claimType type="http://schemas.microsoft.com/ws/2008/06/identity/claims/serialnumber" optional="true" />-->
          <!--<claimType type="http://schemas.microsoft.com/2012/12/certificatecontext/field/signaturealgorithm" optional="true" />-->
          <!--<claimType type="http://schemas.microsoft.com/2012/12/certificatecontext/field/subject" optional="true" />-->
          <!--<claimType type="http://schemas.microsoft.com/2012/12/certificatecontext/extension/subjectkeyidentifier" optional="true" />-->
          <!--<claimType type="http://schemas.microsoft.com/2012/12/certificatecontext/field/subjectname" optional="true" />-->
          <!--<claimType type="http://schemas.microsoft.com/2012/12/certificatecontext/extension/certificatetemplateinformation" optional="true" />-->
          <!--<claimType type="http://schemas.microsoft.com/2012/12/certificatecontext/extension/certificatetemplatename" optional="true" />-->
          <!--<claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/thumbprint" optional="true" />-->
          <!--<claimType type="http://schemas.microsoft.com/2012/12/certificatecontext/field/x509version" optional="true" />-->
          <!--<claimType type="http://schemas.microsoft.com/ws/2012/01/insidecorporatenetwork" optional="true" />-->
          <!--<claimType type="http://schemas.microsoft.com/ws/2012/01/passwordexpirationtime" optional="true" />-->
          <!--<claimType type="http://schemas.microsoft.com/ws/2012/01/passwordexpirationdays" optional="true" />-->
          <!--<claimType type="http://schemas.microsoft.com/ws/2012/01/passwordchangeurl" optional="true" />-->
          <!--<claimType type="http://schemas.microsoft.com/claims/authnmethodsreferences" optional="true" />-->
          <!--<claimType type="http://schemas.microsoft.com/2012/01/requestcontext/claims/client-request-id" optional="true" />-->
          <!--<claimType type="http://schemas.microsoft.com/ws/2013/11/alternateloginid" optional="true" />-->
        </claimTypeRequired>
      </applicationService>
      <federatedAuthentication>
        <wsFederation passiveRedirectEnabled="true" issuer="https://sts.contoso.com/adfs/ls/" realm="https://app-001.contoso.com/claimapp" requireHttps="true" />
        <cookieHandler requireSsl="true" />
      </federatedAuthentication>
      <issuerNameRegistry type="Microsoft.IdentityModel.Tokens.ConfigurationBasedIssuerNameRegistry, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35">
        <trustedIssuers>
          <add thumbprint="9AE841C71A0BAA70DCD81E670BAFA117BAC0023A" name="http://STS.CONTOSO.COM/adfs/services/trust" />
        </trustedIssuers>
      </issuerNameRegistry>
    </service>
  </microsoft.identityModel>
</configuration>

    Using this (C:\Program Files (x86)\Windows Identity Foundation SDK\v4.0\Samples\Quick Start\Web Application\PassiveRedirectBasedClaimsAwareWebApp\*.*) as app in C:\inetpub\Claimapp

    Cheers,

    Biswajit

    Technical Consultant – Active Directory-Microsoft PKI-Windows 2012 R2

      

    Linkedin:

    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.




    • Edited by bshwjt Sunday, July 9, 2017 4:41 AM
    Saturday, July 8, 2017 4:43 PM
  • Question
    Sign in to vote
    0
    Sign in to vote

    What about the thumbprint: 9AE841C71A0BAA70DCD81E670BAFA117BAC0023A

    Is that really the thumbprint of your current tokenSigning cert?

    Can you check with the output of Get-ADFSCertificate ?

    Monday, July 10, 2017 5:40 PM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Same thumbprint. Please find the below snap.

    Cheers,

    Biswajit

    Technical Consultant – Active Directory-Microsoft PKI-Windows 2012 R2

      Linkedin:

    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    Tuesday, July 11, 2017 1:22 PM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Issue fixed. validIssuers name is case sensitive in web.config 

    This one only.

              <validIssuers>
            <add name="http://STS.CONTOSO.COM/adfs/services/trust" />
          </validIssuers>

    Cheers,

    Biswajit

    Technical Consultant – Active Directory-Microsoft PKI-Windows 2012 R2

      

    Linkedin:

    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.




    • Marked as answer by bshwjt Tuesday, July 11, 2017 8:04 PM
    • Edited by bshwjt Thursday, July 13, 2017 5:48 PM
    Tuesday, July 11, 2017 8:04 PM