Answered by:
ADFS Claim App server error-Line 22: public class TrustedIssuerNameRegistry : IssuerNameRegistry

Question
-
ADFS App server error-
Line 22: public class TrustedIssuerNameRegistry : IssuerNameRegistry
Can you pls help.
Cheers,
Biswajit
Technical Consultant – Active Directory-Microsoft PKI-Windows 2012 R2
Linkedin:
Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.
- Edited by bshwjt Friday, July 7, 2017 12:58 PM
Friday, July 7, 2017 12:57 PM
Answers
-
Issue fixed. validIssuers name is case sensitive in web.config
This one only.
<validIssuers> <add name="http://STS.CONTOSO.COM/adfs/services/trust" /> </validIssuers>
Cheers,
Biswajit
Technical Consultant – Active Directory-Microsoft PKI-Windows 2012 R2
Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.
Tuesday, July 11, 2017 8:04 PM
All replies
-
We need way more information to help you out.
What sample are you using? What version of IIS? How did you create the trust? Can you share the web.config file?
Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.
Friday, July 7, 2017 9:23 PM -
<?xml version="1.0"?> <!-- Note: As an alternative to hand editing this file you can use the web admin tool to configure settings for your application. Use the Website->Asp.Net Configuration option in Visual Studio. A full list of settings and comments can be found in machine.config.comments usually located in \Windows\Microsoft.Net\Framework\v2.x\Config --> <configuration> <configSections> <!-- Registers the microsoft.IdentityModel configuration section --> <section name="microsoft.identityModel" type="Microsoft.IdentityModel.Configuration.MicrosoftIdentityModelSection, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" /> </configSections> <appSettings> <add key="FederationMetadataLocation" value="https://sts.contoso.com/federationmetadata/2007-06/federationmetadata.xml" /> </appSettings> <connectionStrings /> <location path="FederationMetadata"> <system.web> <authorization> <allow users="*" /> </authorization> </system.web> </location> <system.web> <!-- Set compilation debug="true" to insert debugging symbols into the compiled page. Because this affects performance, set this value to true only during development. --> <compilation debug="False" targetFramework="4.0"> <assemblies> <add assembly="Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" /> <add assembly="System.Design, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" /> <add assembly="System.Security, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" /> <add assembly="System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" /> </assemblies> </compilation> <!-- The <authentication> section enables configuration of the security authentication mode used by ASP.NET to identify an incoming user. --> <authentication mode="None" /> <authorization> <deny users="?" /> </authorization> <!-- The <customErrors> section enables configuration of what to do if/when an unhandled error occurs during the execution of a request. Specifically, it enables developers to configure html error pages to be displayed in place of a error stack trace. <customErrors mode="RemoteOnly" defaultRedirect="GenericErrorPage.htm"> <error statusCode="403" redirect="NoAccess.htm" /> <error statusCode="404" redirect="FileNotFound.htm" /> </customErrors> --> <pages controlRenderingCompatibilityVersion="3.5" /> <httpRuntime requestValidationType="SampleRequestValidator" /> <httpModules> <!-- Register SessionAuthenticationModule in IIS6 classic ASP.Net apps --> <add name="SessionAuthenticationModule" type="Microsoft.IdentityModel.Web.SessionAuthenticationModule, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" /> <!-- Register WSFederatedAuthenticationModule in IIS6 classic ASP.Net apps --> <add name="WSFederationAuthenticationModule" type="Microsoft.IdentityModel.Web.WSFederationAuthenticationModule, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" /> </httpModules> </system.web> <!-- The system.webServer section is required for running ASP.NET AJAX under Internet Information Services 7.0. It is not necessary for previous version of IIS. --> <system.webServer> <validation validateIntegratedModeConfiguration="false" /> <modules> <add name="SessionAuthenticationModule" type="Microsoft.IdentityModel.Web.SessionAuthenticationModule, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" preCondition="managedHandler" /> <add name="WSFederationAuthenticationModule" type="Microsoft.IdentityModel.Web.WSFederationAuthenticationModule, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" preCondition="managedHandler" /> </modules> </system.webServer> <!-- Comment the lines below to disable WIF tracing to: WIFTrace.e2e. Open the trace file using the SvcTraceViewer.exe tool (shipped with the WCF SDK available from Microsoft) or a xml viewer. Refer to MSDN if you wish to add WCF tracing. --> <system.diagnostics> <sources> <source name="Microsoft.IdentityModel" switchValue="Verbose"> <listeners> <add name="xml" type="System.Diagnostics.XmlWriterTraceListener" initializeData="WIFTrace.e2e" /> </listeners> </source> </sources> <trace autoflush="true" /> </system.diagnostics> <microsoft.identityModel> <service> <audienceUris> <add value="https://app-001.contoso.com/claimapp" /> </audienceUris> <applicationService> <claimTypeRequired> <!--Following are the claims offered by STS 'http://STS.CONTOSO.COM/adfs/services/trust'. Add or uncomment claims that you require by your application and then update the federation metadata of this application.--> <claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" optional="true" /> <claimType type="http://schemas.microsoft.com/ws/2008/06/identity/claims/role" optional="true" /> <!--<claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" optional="true" />--> <!--<claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" optional="true" />--> <!--<claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn" optional="true" />--> <!--<claimType type="http://schemas.xmlsoap.org/claims/CommonName" optional="true" />--> <!--<claimType type="http://schemas.xmlsoap.org/claims/EmailAddress" optional="true" />--> <!--<claimType type="http://schemas.xmlsoap.org/claims/Group" optional="true" />--> <!--<claimType type="http://schemas.xmlsoap.org/claims/UPN" optional="true" />--> <!--<claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname" optional="true" />--> <!--<claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifier" optional="true" />--> <!--<claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier" optional="true" />--> <!--<claimType type="http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationinstant" optional="true" />--> <!--<claimType type="http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod" optional="true" />--> <!--<claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlysid" optional="true" />--> <!--<claimType type="http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlyprimarysid" optional="true" />--> <!--<claimType type="http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlyprimarygroupsid" optional="true" />--> <!--<claimType type="http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid" optional="true" />--> <!--<claimType type="http://schemas.microsoft.com/ws/2008/06/identity/claims/primarygroupsid" optional="true" />--> <!--<claimType type="http://schemas.microsoft.com/ws/2008/06/identity/claims/primarysid" optional="true" />--> <!--<claimType type="http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname" optional="true" />--> <!--<claimType type="http://schemas.microsoft.com/2012/01/devicecontext/claims/isregistereduser" optional="true" />--> <!--<claimType type="http://schemas.microsoft.com/2012/01/devicecontext/claims/identifier" optional="true" />--> <!--<claimType type="http://schemas.microsoft.com/2012/01/devicecontext/claims/registrationid" optional="true" />--> <!--<claimType type="http://schemas.microsoft.com/2012/01/devicecontext/claims/displayname" optional="true" />--> <!--<claimType type="http://schemas.microsoft.com/2012/01/devicecontext/claims/ostype" optional="true" />--> <!--<claimType type="http://schemas.microsoft.com/2012/01/devicecontext/claims/osversion" optional="true" />--> <!--<claimType type="http://schemas.microsoft.com/2012/01/devicecontext/claims/ismanaged" optional="true" />--> <!--<claimType type="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-forwarded-client-ip" optional="true" />--> <!--<claimType type="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-client-application" optional="true" />--> <!--<claimType type="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-client-user-agent" optional="true" />--> <!--<claimType type="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-client-ip" optional="true" />--> <!--<claimType type="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-endpoint-absolute-path" optional="true" />--> <!--<claimType type="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-proxy" optional="true" />--> <!--<claimType type="http://schemas.microsoft.com/2012/01/requestcontext/claims/relyingpartytrustid" optional="true" />--> <!--<claimType type="http://schemas.microsoft.com/2012/12/certificatecontext/extension/applicationpolicy" optional="true" />--> <!--<claimType type="http://schemas.microsoft.com/2012/12/certificatecontext/extension/authoritykeyidentifier" optional="true" />--> <!--<claimType type="http://schemas.microsoft.com/2012/12/certificatecontext/extension/basicconstraints" optional="true" />--> <!--<claimType type="http://schemas.microsoft.com/2012/12/certificatecontext/extension/eku" optional="true" />--> <!--<claimType type="http://schemas.microsoft.com/2012/12/certificatecontext/field/issuer" optional="true" />--> <!--<claimType type="http://schemas.microsoft.com/2012/12/certificatecontext/field/issuername" optional="true" />--> <!--<claimType type="http://schemas.microsoft.com/2012/12/certificatecontext/extension/keyusage" optional="true" />--> <!--<claimType type="http://schemas.microsoft.com/2012/12/certificatecontext/field/notafter" optional="true" />--> <!--<claimType type="http://schemas.microsoft.com/2012/12/certificatecontext/field/notbefore" optional="true" />--> <!--<claimType type="http://schemas.microsoft.com/2012/12/certificatecontext/extension/certificatepolicy" optional="true" />--> <!--<claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/rsa" optional="true" />--> <!--<claimType type="http://schemas.microsoft.com/2012/12/certificatecontext/field/rawdata" optional="true" />--> <!--<claimType type="http://schemas.microsoft.com/2012/12/certificatecontext/extension/san" optional="true" />--> <!--<claimType type="http://schemas.microsoft.com/ws/2008/06/identity/claims/serialnumber" optional="true" />--> <!--<claimType type="http://schemas.microsoft.com/2012/12/certificatecontext/field/signaturealgorithm" optional="true" />--> <!--<claimType type="http://schemas.microsoft.com/2012/12/certificatecontext/field/subject" optional="true" />--> <!--<claimType type="http://schemas.microsoft.com/2012/12/certificatecontext/extension/subjectkeyidentifier" optional="true" />--> <!--<claimType type="http://schemas.microsoft.com/2012/12/certificatecontext/field/subjectname" optional="true" />--> <!--<claimType type="http://schemas.microsoft.com/2012/12/certificatecontext/extension/certificatetemplateinformation" optional="true" />--> <!--<claimType type="http://schemas.microsoft.com/2012/12/certificatecontext/extension/certificatetemplatename" optional="true" />--> <!--<claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/thumbprint" optional="true" />--> <!--<claimType type="http://schemas.microsoft.com/2012/12/certificatecontext/field/x509version" optional="true" />--> <!--<claimType type="http://schemas.microsoft.com/ws/2012/01/insidecorporatenetwork" optional="true" />--> <!--<claimType type="http://schemas.microsoft.com/ws/2012/01/passwordexpirationtime" optional="true" />--> <!--<claimType type="http://schemas.microsoft.com/ws/2012/01/passwordexpirationdays" optional="true" />--> <!--<claimType type="http://schemas.microsoft.com/ws/2012/01/passwordchangeurl" optional="true" />--> <!--<claimType type="http://schemas.microsoft.com/claims/authnmethodsreferences" optional="true" />--> <!--<claimType type="http://schemas.microsoft.com/2012/01/requestcontext/claims/client-request-id" optional="true" />--> <!--<claimType type="http://schemas.microsoft.com/ws/2013/11/alternateloginid" optional="true" />--> </claimTypeRequired> </applicationService> <federatedAuthentication> <wsFederation passiveRedirectEnabled="true" issuer="https://sts.contoso.com/adfs/ls/" realm="https://app-001.contoso.com/claimapp" requireHttps="true" /> <cookieHandler requireSsl="true" /> </federatedAuthentication> <issuerNameRegistry type="Microsoft.IdentityModel.Tokens.ConfigurationBasedIssuerNameRegistry, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"> <trustedIssuers> <add thumbprint="9AE841C71A0BAA70DCD81E670BAFA117BAC0023A" name="http://STS.CONTOSO.COM/adfs/services/trust" /> </trustedIssuers> </issuerNameRegistry> </service> </microsoft.identityModel> </configuration>
Using this (C:\Program Files (x86)\Windows Identity Foundation SDK\v4.0\Samples\Quick Start\Web Application\PassiveRedirectBasedClaimsAwareWebApp\*.*) as app in C:\inetpub\Claimapp
Cheers,
Biswajit
Technical Consultant – Active Directory-Microsoft PKI-Windows 2012 R2
Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.
- Edited by bshwjt Sunday, July 9, 2017 4:41 AM
Saturday, July 8, 2017 4:43 PM -
What about the thumbprint: 9AE841C71A0BAA70DCD81E670BAFA117BAC0023A
Is that really the thumbprint of your current tokenSigning cert?
Can you check with the output of Get-ADFSCertificate ?
- Edited by Pierre Audonnet [MSFT]Microsoft employee Monday, July 10, 2017 5:48 PM
Monday, July 10, 2017 5:40 PM -
Same thumbprint. Please find the below snap.
Cheers,
Biswajit
Technical Consultant – Active Directory-Microsoft PKI-Windows 2012 R2
Linkedin:
Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.
Tuesday, July 11, 2017 1:22 PM -
Issue fixed. validIssuers name is case sensitive in web.config
This one only.
<validIssuers> <add name="http://STS.CONTOSO.COM/adfs/services/trust" /> </validIssuers>
Cheers,
Biswajit
Technical Consultant – Active Directory-Microsoft PKI-Windows 2012 R2
Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.
Tuesday, July 11, 2017 8:04 PM