Welcome to MSDN Blogs Sign in | Join | Help

SAML STS for WSE 3.0 (reposted)

Every week or so I get another email asking where the sample code for the SAML STS for WSE 3.0 has been moved to now that GotDotNet GotNuked. It wasn't moved anywhere. So I figured I would repost it here for those that needs i. For those new to this you should also take a look at Pablo Cibraro's blog (Pablo was one of the developers on this sample) as he extended this to support credential caching and more.

A few caveats that people should be aware of when looking at this sample code:

  • For obvious reasons, where at all possibly you should seek a WCF based solution first. There still appear to be a few people that cannot use WCF yet - which is why I am reposting this.
  • We did do interop testing between a RC version of WCF and this STS - but this was released before WCF went gold - so if interop is important to you then you should test that.
  • The code within this requires extensive knowledge of .NET security API's. Do not consider deploying this if you do not understand the entire solution.
  • As with all things security related you should ensure you put together an appropriate security threat model and as part of your solution design...
  • And of course batteries are not included!

Most common issues encountered:

  • Configuring the access rights to the certifcates is probably the number one issue people run into. If you need help managing certs / permissions download this awesome tool.

 

Published Tuesday, November 20, 2007 10:36 PM by Jason Hogg
Attachment(s): SAML_STS_for_WSE3_Jan06.zip

Comment Notification

If you would like to receive an email when updates are made to this post, please register here

Subscribe to this post's comments using RSS

Comments

# MSDN Blog Postings » SAML STS for WSE 3.0 (reposted)

PingBack from http://msdnrss.thecoderblogs.com/2007/11/21/saml-sts-for-wse-30-reposted/

Wednesday, November 21, 2007 3:24 AM by MSDN Blog Postings » SAML STS for WSE 3.0 (reposted)

# SAML STS implementation for WSE 3.0 (Reposted)

Since the Gotdot.net site disappears along with the code of this implementation, my friend Jason Hogg

Thursday, November 22, 2007 11:31 AM by Pablo M. Cibraro (aka Cibrax)

# re: SAML STS for WSE 3.0 (reposted)

I keep getting the following error when running this sample...  I followed the installation directions twice on 2 different machines and can't get the sample to work...

Any ideas?

txtResponse.Text "Microsoft.Web.Services3.AsynchronousOperationException: WSE101: An asynchronous operation raised an exception. ---> System.Net.WebException: The remote server returned an error: (401) Unauthorized.\r\n\r\nServer stack trace: \r\n   at System.Net.HttpWebRequest.GetResponse()\r\n   at Microsoft.Web.Services3.Messaging.SoapHttpTransport.Send(SoapEnvelope message, EndpointReference destination, SoapHttpChannelOptions options)\r\n   at Microsoft.Web.Services3.Messaging.SoapHttpOutputChannel.Send(SoapEnvelope message)\r\n   at System.Runtime.Remoting.Messaging.StackBuilderSink._PrivateProcessMessage(IntPtr md, Object[] args, Object server, Int32 methodPtr, Boolean fExecuteInContext, Object[]& outArgs)\r\n   at System.Runtime.Remoting.Messaging.StackBuilderSink.PrivateProcessMessage(RuntimeMethodHandle md, Object[] args, Object server, Int32 methodPtr, Boolean fExecuteInContext, Object[]& outArgs)\r\n   at System.Runtime.Remoting.Messaging.StackBuilderSink.AsyncProcessMessage(IMessage msg, IMessageSink replySink)\r\n\r\nException rethrown at [0]: \r\n   at System.Runtime.Remoting.Proxies.RealProxy.EndInvokeHelper(Message reqMsg, Boolean bProxyCase)\r\n   at System.Runtime.Remoting.Proxies.RemotingProxy.Invoke(Object NotUsed, MessageData& msgData)\r\n   at Microsoft.Web.Services3.Messaging.SoapOutputChannel.SendDelegate.EndInvoke(IAsyncResult result)\r\n   at Microsoft.Web.Services3.Messaging.SoapOutputChannel.EndSend(IAsyncResult result)\r\n   at Microsoft.Web.Services3.Messaging.SoapSender.EndSend(IAsyncResult result)\r\n   at Microsoft.Web.Services3.Messaging.SoapClient.SoapClientAsyncResult.OnSendComplete(IAsyncResult result)\r\n   --- End of inner exception stack trace ---\r\n   at Microsoft.Web.Services3.AsyncResult.End(IAsyncResult result)\r\n   at Microsoft.Web.Services3.Messaging.SoapClient.SendRequestResponse(String methodname, SoapEnvelope envelope)\r\n   at Microsoft.Web.Services3.Security.SecurityTokenServiceClient.RequestSecurityToken(SecurityTokenMessage request, String methodName)\r\n   at Microsoft.Practices.WSSP.WSE3.QuickStart.SamlAssertion.SamlTokenServiceClient.RequestSamlToken(AppliesTo appliesTo, Entropy entropy) in C:\\Projects\\ZDW Next Gen POC\\SAML_STS_for_WSE3_Jan06\\WseSaml\\SamlTokenServiceClient.cs:line 115\r\n   at Microsoft.Practices.WSSP.WSE3.QuickStart.SamlAssertion.SamlTokenServiceClient.IssueSamlToken(AppliesTo appliesTo, Entropy entropy) in C:\\Projects\\ZDW Next Gen POC\\SAML_STS_for_WSE3_Jan06\\WseSaml\\SamlTokenServiceClient.cs:line 100\r\n   at Microsoft.Practices.WSSP.WSE3.QuickStart.SamlAssertion.ExplicitClient.MainForm.GetSamlToken() in C:\\Projects\\ZDW Next Gen POC\\SAML_STS_for_WSE3_Jan06\\ExplicitClient\\MainForm.cs:line 76\r\n   at Microsoft.Practices.WSSP.WSE3.QuickStart.SamlAssertion.ExplicitClient.MainForm.btnConsume_Click(Object sender, EventArgs e) in C:\\Projects\\ZDW Next Gen POC\\SAML_STS_for_WSE3_Jan06\\ExplicitClient\\MainForm.cs:line 38" string

Monday, February 11, 2008 10:01 AM by Andrew Krowczyk

# re: SAML STS for WSE 3.0 (reposted)

Almost all errors that people received are due to security permissions on the private keys associated with certificates. See if the aforementioned certificate tool can help you ensure you have granted appropriate access rights.

Saturday, March 22, 2008 5:23 PM by Jason Hogg

# re: SAML STS for WSE 3.0 (reposted)

Unfortunately I got the same error like Andrew Krowczyk.

WSE101: An asynchronous operation raised an exception.

The internal message is:

{"The remote server returned an error: (500) Internal Server Error."}

I can not find any solution. The private keys got ASP.NET rights.

CAN YOU HELP ME PLEASE?!?!?!

Thursday, June 05, 2008 4:38 AM by Martin

# re: SAML STS for WSE 3.0 (reposted)

The other area that was tricky was ensuring your configuration policies were symetric - ie - your client was configured as your service required. Double check those and your permissions...

Friday, June 20, 2008 11:20 AM by Jason Hogg

Leave a Comment

(required) 
required 
(required) 
 
Page view tracker