I have installed ADFS on Windows Server 2012 R2 and I am able to hit the following URLs:-
https://hostname.test.com/adfs/ls/idpinitiatedsignon.aspx
https://hostname.test.com/adfs/services/trust/mex
and even the login is successful on ADFs using idpinitiatedsignon.
However I am unable to create SP initiated flow on it. I am unable to hit the following URL :-
https://hostname.test.com/adfs/services/trust/
that is present in Federation Service Identifier in the Federation Service Properties.
This URL returns :-
HTTP Error 503. The service is unavailable.
Related
In Company where I work, we have an ASP.NET web application that is hosted on IIS server and binded already with CertificateA. This certificate is owned by the company.
There is another Company let say CompanyB that is providing some Rest API service based on paid subscription.
CompanyB provides subscribers with CertificateB and ask them to send CirtificateB along with the http request when invoking the Rest service.
We have subscribed and received a copy of the CertificateB.
We imported CertificateB on the server and uses Restsharp package from NuGet library to achieve the goal.
It works perfectly and get the proper response when I run the application from within Visual Studio.
However, when I publish it on IIS and run the application I am getting error says:
"The request was aborted: Could not create SSL/TLS secure channel."
Provided that both IIS and visual studio installed on the same machine.
As I said the binding of our web application is already using CertificateA.
Is there any configuration on IIS need to be done regarding CertificateB.
Thank u
I wish we get rid of this error
I got the issue resolved. All I have to do is to give the right permission to the application pool identity to be able to access the certificate.
Looking for help with a BizTalk disaster recovery scenario.
We have failed over to our DR server and have restored the database using the Microsoft standard log shipping method. All has run without issues but I cannot change any port settings in the administration console as the admin console is trying to connect to the original SSO servers.
This is the error displayed by the admin console is with just the server names removed. :-
Could not store transport type data for Primary Transport of Send Port 'DRTestAppSendPort' to config store. Both SSO Servers (Primary='{Old clustered SSO instance}' and Backup='{Old app server}') failed. Backup server failure: Could not contact the SSO server '{Old app server}'. Check that SSO is configured and that the SSO service is running on that server.
(Microsoft.BizTalk.ExplorerOM)
The SampleUpdateInfo.xml has been updated correctly and the restore scripts have been run twice now from C:\Program Files (x86)\Microsoft BizTalk Server 2013 R2\Bins32\Schema\Restore.
The BizTalk management DB contains the correct server name in the [adm_OtherDatabases]
The registry settings are all correct after the scripts have run.
SSOConfig –Status and the SSOAdministration utility report the
correct DR app server as the master secret.
The BizTalk group has been removed and re-added to the administration console.
The SSO master secret has been restored successfully on the DR server.
The windows management instrumentation service has been restarted..
Totally run out of ideas how to fix this, so any ideas would be much appreciated.
The issue's been resolved - there was a step missing in the Microsoft deployment guide, which is documented in a TechNet article.
Here's the step that was missing which has resolved the issue:
(Under Appendix 6):
Update the SSO Server name as displayed in the Group Properties dialog box available in the BizTalk Server Administration console. To update the SSO Server name, launch the BizTalk Server Administration console, click to expand BizTalk Server Administration, right-click the BizTalk Group node and select Properties to display the General tab of the BizTalk Server Administration console. Then enter the name of the Enterprise Single Sign-On server that this computer will use to access the configuration information for the adapters. This is the name of the SSO server used to connect to the SSO database.
Platform: Windows 7 with VS2013, Microsoft Server 2008 R2 and Microsoft SQL Server 2012.
Good Day to All.
My partner and I recently created an MVC application which works in localhost with a local database hosted in Microsoft SQL Server 2012 within the computer.
But now what we would like to do is to host this application on a website for our users to use the application.
Hosting has been done, where we managed to get the front page to show, but the issue lies with database connection to the MS SQL Server 2012 within the server.
When we check our SQL error log we see this:
2015-05-26 12:04:38.26 Logon Error: 18456, Severity: 14, State:
38. 2015-05-26 12:04:38.26 Logon Login failed for user 'NT AUTHORITY\NETWORK SERVICE'. Reason: Failed to open the explicitly
specified database 'HRMS.Models.EmployeeDBContext'. [CLIENT: <local machine>]
May I seek some advice as to how we can set up the MVC application on the server to talk to the MS SQL 2012 installed within the server?
We're both new to MVC and ASP.Net, Please guide us in the simplest way possible.
Thanks in advance!
Your connection string most probably indicates an integrated authentication (integrated security=true) which means that the identity of the worker process is trying to connect to the database.
The problem is that you haven't set the identity in an explicit way or rather you set it to the Network Service built-in account.
And this account is not listed as permitted to access the database.
You have two options:
add permissions to the Network Service to access the database (not recommended)
create a separate identity (user) in the server's operating system (or a domain account if you have a catalog) and both assign the identity to the application pool in IIS (so that the ASP.NET process is run under this account) and give this user permissions to access the database.
More on that here:
http://www.iis.net/learn/manage/configuring-security/application-pool-identities
I successfully configured WSO2 API Manager 1.8.0 [e.g. https://wso2am.com:9443] and WSO2 Identity Server 5.0.0 SP1 [IS] acting as Key Manager [e.g. https://wso2is.com:9443] in a clustered setup on 2 different servers.
I also configured a Service Provider in the IS using a SAML SSO Inbound Authenticator and tested it with travelocity.com sample app.
The sample app builds the SAML request in the right way, but https://wso2am.com:9443/samlsso?SAMLRequest=[base64stuff] returns an HTTP Status 405 - HTTP method GET is not supported by this URL.
Changing the url in https://wso2is.com:9443/samlsso?SAMLRequest=[base64stuff]
leads to successful authentication.
Basically I want to be redirected to wso2am login page and not wso2is login page.
In this way, I could deploy in DMZ WSO2AM only, leaving WSOIS in the internal network.
How can I do?
Thanks
In this scenario I think your authentication request must be directed to IS server, not APIM. The IS server is the one who does the authentication. Hence it acts as the IDP. APIM is just a service provider (SP). Even if you succeeded (even it's not the correct behaviour) with sending a SAML request to https://wso2am.com:9443/samlsso endpoint, it will redirect you to the login page in IS server. So you have to send the SAML request to the https://wso2is.com:9443/samlsso endpoint for successful authentication & for the correct behavior.
I followed the instructions here to set up crendentails for Windows Azure deployment
but I keep getting this error :
authentication failed verify that your credentials are valid or download them again
The HTTP request was forbidden with client authentication scheme 'Anonymous'.
The remote server returned an error: (403) Forbidden.
What might be the cause
This error means that the specified in Visual Studio certificate/SubscriptionID are not matching in Windows Azure portal.
Ensure that you've uploaded a correct public key (.cer) to your Windows Azure Management Certificates area (not SSL certificates area).
Also, make sure that you have the private key in your certificate store.