locked
ADFS Claim App server error-Line 22: public class TrustedIssuerNameRegistry : IssuerNameRegistry RRS feed

  • Question

  • ADFS App server error-

    Line 22: public class TrustedIssuerNameRegistry : IssuerNameRegistry

    Can you pls help.


    Cheers,

    Biswajit

    Technical Consultant – Active Directory-Microsoft PKI-Windows 2012 R2

      Linkedin:

    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.


    • Edited by bshwjt Friday, July 7, 2017 12:58 PM
    Friday, July 7, 2017 12:57 PM

Answers

  • Issue fixed. validIssuers name is case sensitive in web.config 

    This one only.

              <validIssuers>
                <add name="http://STS.CONTOSO.COM/adfs/services/trust" />
              </validIssuers>


    Cheers,

    Biswajit

    Technical Consultant – Active Directory-Microsoft PKI-Windows 2012 R2

      

    Linkedin:

    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.




    • Marked as answer by bshwjt Tuesday, July 11, 2017 8:04 PM
    • Edited by bshwjt Thursday, July 13, 2017 5:48 PM
    Tuesday, July 11, 2017 8:04 PM

All replies

  • We need way more information to help you out.

    What sample are you using? What version of IIS? How did you create the trust? Can you share the web.config file?


    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    Friday, July 7, 2017 9:23 PM
  • <?xml version="1.0"?>
    <!-- 
        Note: As an alternative to hand editing this file you can use the 
        web admin tool to configure settings for your application. Use
        the Website->Asp.Net Configuration option in Visual Studio.
        A full list of settings and comments can be found in 
        machine.config.comments usually located in 
        \Windows\Microsoft.Net\Framework\v2.x\Config 
    -->
    <configuration>
      <configSections>
        <!-- Registers the microsoft.IdentityModel configuration section -->
        <section name="microsoft.identityModel" type="Microsoft.IdentityModel.Configuration.MicrosoftIdentityModelSection, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
      </configSections>
      <appSettings>
        <add key="FederationMetadataLocation" value="https://sts.contoso.com/federationmetadata/2007-06/federationmetadata.xml" />
      </appSettings>
      <connectionStrings />
      <location path="FederationMetadata">
        <system.web>
          <authorization>
            <allow users="*" />
          </authorization>
        </system.web>
      </location>
      <system.web>
        <!-- 
            Set compilation debug="true" to insert debugging 
            symbols into the compiled page. Because this 
            affects performance, set this value to true only 
            during development.
        -->
        <compilation debug="False" targetFramework="4.0">
          <assemblies>
            <add assembly="Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
            <add assembly="System.Design, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
            <add assembly="System.Security, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
            <add assembly="System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
          </assemblies>
        </compilation>
        <!--
            The <authentication> section enables configuration 
            of the security authentication mode used by 
            ASP.NET to identify an incoming user. 
        -->
        <authentication mode="None" />
        <authorization>
          <deny users="?" />
        </authorization>
        <!--
            The <customErrors> section enables configuration 
            of what to do if/when an unhandled error occurs 
            during the execution of a request. Specifically, 
            it enables developers to configure html error pages 
            to be displayed in place of a error stack trace.
    
            <customErrors mode="RemoteOnly" defaultRedirect="GenericErrorPage.htm">
                <error statusCode="403" redirect="NoAccess.htm" />
                <error statusCode="404" redirect="FileNotFound.htm" />
            </customErrors> 
        -->
        <pages controlRenderingCompatibilityVersion="3.5" />
        <httpRuntime requestValidationType="SampleRequestValidator" />
        <httpModules>
          <!-- Register SessionAuthenticationModule in IIS6 classic ASP.Net apps -->
          <add name="SessionAuthenticationModule" type="Microsoft.IdentityModel.Web.SessionAuthenticationModule, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
          <!-- Register WSFederatedAuthenticationModule in IIS6 classic ASP.Net apps -->
          <add name="WSFederationAuthenticationModule" type="Microsoft.IdentityModel.Web.WSFederationAuthenticationModule, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
        </httpModules>
      </system.web>
      <!-- 
            The system.webServer section is required for running ASP.NET AJAX under Internet
            Information Services 7.0.  It is not necessary for previous version of IIS.
        -->
      <system.webServer>
        <validation validateIntegratedModeConfiguration="false" />
        <modules>
          <add name="SessionAuthenticationModule" type="Microsoft.IdentityModel.Web.SessionAuthenticationModule, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" preCondition="managedHandler" />
          <add name="WSFederationAuthenticationModule" type="Microsoft.IdentityModel.Web.WSFederationAuthenticationModule, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" preCondition="managedHandler" />
        </modules>
      </system.webServer>
      <!-- 
      Comment the lines below to disable WIF tracing to: WIFTrace.e2e. 
      Open the trace file using the SvcTraceViewer.exe tool (shipped with the WCF SDK available from Microsoft) or a xml viewer.
      Refer to MSDN if you wish to add WCF tracing.
      -->
      <system.diagnostics>
        <sources>
          <source name="Microsoft.IdentityModel" switchValue="Verbose">
            <listeners>
              <add name="xml" type="System.Diagnostics.XmlWriterTraceListener" initializeData="WIFTrace.e2e" />
            </listeners>
          </source>
        </sources>
        <trace autoflush="true" />
      </system.diagnostics>
      <microsoft.identityModel>
        <service>
          <audienceUris>
            <add value="https://app-001.contoso.com/claimapp" />
          </audienceUris>
          <applicationService>
            <claimTypeRequired>
              <!--Following are the claims offered by STS 'http://STS.CONTOSO.COM/adfs/services/trust'. Add or uncomment claims that you require by your application and then update the federation metadata of this application.-->
              <claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" optional="true" />
              <claimType type="http://schemas.microsoft.com/ws/2008/06/identity/claims/role" optional="true" />
              <!--<claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" optional="true" />-->
              <!--<claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" optional="true" />-->
              <!--<claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn" optional="true" />-->
              <!--<claimType type="http://schemas.xmlsoap.org/claims/CommonName" optional="true" />-->
              <!--<claimType type="http://schemas.xmlsoap.org/claims/EmailAddress" optional="true" />-->
              <!--<claimType type="http://schemas.xmlsoap.org/claims/Group" optional="true" />-->
              <!--<claimType type="http://schemas.xmlsoap.org/claims/UPN" optional="true" />-->
              <!--<claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname" optional="true" />-->
              <!--<claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifier" optional="true" />-->
              <!--<claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier" optional="true" />-->
              <!--<claimType type="http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationinstant" optional="true" />-->
              <!--<claimType type="http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod" optional="true" />-->
              <!--<claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlysid" optional="true" />-->
              <!--<claimType type="http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlyprimarysid" optional="true" />-->
              <!--<claimType type="http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlyprimarygroupsid" optional="true" />-->
              <!--<claimType type="http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid" optional="true" />-->
              <!--<claimType type="http://schemas.microsoft.com/ws/2008/06/identity/claims/primarygroupsid" optional="true" />-->
              <!--<claimType type="http://schemas.microsoft.com/ws/2008/06/identity/claims/primarysid" optional="true" />-->
              <!--<claimType type="http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname" optional="true" />-->
              <!--<claimType type="http://schemas.microsoft.com/2012/01/devicecontext/claims/isregistereduser" optional="true" />-->
              <!--<claimType type="http://schemas.microsoft.com/2012/01/devicecontext/claims/identifier" optional="true" />-->
              <!--<claimType type="http://schemas.microsoft.com/2012/01/devicecontext/claims/registrationid" optional="true" />-->
              <!--<claimType type="http://schemas.microsoft.com/2012/01/devicecontext/claims/displayname" optional="true" />-->
              <!--<claimType type="http://schemas.microsoft.com/2012/01/devicecontext/claims/ostype" optional="true" />-->
              <!--<claimType type="http://schemas.microsoft.com/2012/01/devicecontext/claims/osversion" optional="true" />-->
              <!--<claimType type="http://schemas.microsoft.com/2012/01/devicecontext/claims/ismanaged" optional="true" />-->
              <!--<claimType type="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-forwarded-client-ip" optional="true" />-->
              <!--<claimType type="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-client-application" optional="true" />-->
              <!--<claimType type="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-client-user-agent" optional="true" />-->
              <!--<claimType type="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-client-ip" optional="true" />-->
              <!--<claimType type="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-endpoint-absolute-path" optional="true" />-->
              <!--<claimType type="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-proxy" optional="true" />-->
              <!--<claimType type="http://schemas.microsoft.com/2012/01/requestcontext/claims/relyingpartytrustid" optional="true" />-->
              <!--<claimType type="http://schemas.microsoft.com/2012/12/certificatecontext/extension/applicationpolicy" optional="true" />-->
              <!--<claimType type="http://schemas.microsoft.com/2012/12/certificatecontext/extension/authoritykeyidentifier" optional="true" />-->
              <!--<claimType type="http://schemas.microsoft.com/2012/12/certificatecontext/extension/basicconstraints" optional="true" />-->
              <!--<claimType type="http://schemas.microsoft.com/2012/12/certificatecontext/extension/eku" optional="true" />-->
              <!--<claimType type="http://schemas.microsoft.com/2012/12/certificatecontext/field/issuer" optional="true" />-->
              <!--<claimType type="http://schemas.microsoft.com/2012/12/certificatecontext/field/issuername" optional="true" />-->
              <!--<claimType type="http://schemas.microsoft.com/2012/12/certificatecontext/extension/keyusage" optional="true" />-->
              <!--<claimType type="http://schemas.microsoft.com/2012/12/certificatecontext/field/notafter" optional="true" />-->
              <!--<claimType type="http://schemas.microsoft.com/2012/12/certificatecontext/field/notbefore" optional="true" />-->
              <!--<claimType type="http://schemas.microsoft.com/2012/12/certificatecontext/extension/certificatepolicy" optional="true" />-->
              <!--<claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/rsa" optional="true" />-->
              <!--<claimType type="http://schemas.microsoft.com/2012/12/certificatecontext/field/rawdata" optional="true" />-->
              <!--<claimType type="http://schemas.microsoft.com/2012/12/certificatecontext/extension/san" optional="true" />-->
              <!--<claimType type="http://schemas.microsoft.com/ws/2008/06/identity/claims/serialnumber" optional="true" />-->
              <!--<claimType type="http://schemas.microsoft.com/2012/12/certificatecontext/field/signaturealgorithm" optional="true" />-->
              <!--<claimType type="http://schemas.microsoft.com/2012/12/certificatecontext/field/subject" optional="true" />-->
              <!--<claimType type="http://schemas.microsoft.com/2012/12/certificatecontext/extension/subjectkeyidentifier" optional="true" />-->
              <!--<claimType type="http://schemas.microsoft.com/2012/12/certificatecontext/field/subjectname" optional="true" />-->
              <!--<claimType type="http://schemas.microsoft.com/2012/12/certificatecontext/extension/certificatetemplateinformation" optional="true" />-->
              <!--<claimType type="http://schemas.microsoft.com/2012/12/certificatecontext/extension/certificatetemplatename" optional="true" />-->
              <!--<claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/thumbprint" optional="true" />-->
              <!--<claimType type="http://schemas.microsoft.com/2012/12/certificatecontext/field/x509version" optional="true" />-->
              <!--<claimType type="http://schemas.microsoft.com/ws/2012/01/insidecorporatenetwork" optional="true" />-->
              <!--<claimType type="http://schemas.microsoft.com/ws/2012/01/passwordexpirationtime" optional="true" />-->
              <!--<claimType type="http://schemas.microsoft.com/ws/2012/01/passwordexpirationdays" optional="true" />-->
              <!--<claimType type="http://schemas.microsoft.com/ws/2012/01/passwordchangeurl" optional="true" />-->
              <!--<claimType type="http://schemas.microsoft.com/claims/authnmethodsreferences" optional="true" />-->
              <!--<claimType type="http://schemas.microsoft.com/2012/01/requestcontext/claims/client-request-id" optional="true" />-->
              <!--<claimType type="http://schemas.microsoft.com/ws/2013/11/alternateloginid" optional="true" />-->
            </claimTypeRequired>
          </applicationService>
          <federatedAuthentication>
            <wsFederation passiveRedirectEnabled="true" issuer="https://sts.contoso.com/adfs/ls/" realm="https://app-001.contoso.com/claimapp" requireHttps="true" />
            <cookieHandler requireSsl="true" />
          </federatedAuthentication>
          <issuerNameRegistry type="Microsoft.IdentityModel.Tokens.ConfigurationBasedIssuerNameRegistry, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35">
            <trustedIssuers>
              <add thumbprint="9AE841C71A0BAA70DCD81E670BAFA117BAC0023A" name="http://STS.CONTOSO.COM/adfs/services/trust" />
            </trustedIssuers>
          </issuerNameRegistry>
        </service>
      </microsoft.identityModel>
    </configuration>

    Using this (C:\Program Files (x86)\Windows Identity Foundation SDK\v4.0\Samples\Quick Start\Web Application\PassiveRedirectBasedClaimsAwareWebApp\*.*) as app in C:\inetpub\Claimapp


    Cheers,

    Biswajit

    Technical Consultant – Active Directory-Microsoft PKI-Windows 2012 R2

      

    Linkedin:

    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.




    • Edited by bshwjt Sunday, July 9, 2017 4:41 AM
    Saturday, July 8, 2017 4:43 PM
  • What about the thumbprint: 9AE841C71A0BAA70DCD81E670BAFA117BAC0023A

    Is that really the thumbprint of your current tokenSigning cert?

    Can you check with the output of Get-ADFSCertificate ?

    Monday, July 10, 2017 5:40 PM
  • Same thumbprint. Please find the below snap.


    Cheers,

    Biswajit

    Technical Consultant – Active Directory-Microsoft PKI-Windows 2012 R2

      Linkedin:

    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    Tuesday, July 11, 2017 1:22 PM
  • Issue fixed. validIssuers name is case sensitive in web.config 

    This one only.

              <validIssuers>
                <add name="http://STS.CONTOSO.COM/adfs/services/trust" />
              </validIssuers>


    Cheers,

    Biswajit

    Technical Consultant – Active Directory-Microsoft PKI-Windows 2012 R2

      

    Linkedin:

    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.




    • Marked as answer by bshwjt Tuesday, July 11, 2017 8:04 PM
    • Edited by bshwjt Thursday, July 13, 2017 5:48 PM
    Tuesday, July 11, 2017 8:04 PM