Microsoft Connect: Most Recent Feedback - Windows Identity Foundation Extensions

Error when enumerating through claims collection

MonkeyTennis

Intermittently we see the following error when browsing a website: Collection was modified; enumeration operation may not execute. Exception type: System.InvalidOperationException StackTrace: at System.Collections.Generic.List`1.Enumerator.MoveNextRare() at Microsoft.IdentityModel.Claims.ClaimCollection.CopyWithSubject(IClaimsIdentity subject) at Microsoft.IdentityModel.Claims.WindowsClaimsIdentity.Copy() at Microsoft.IdentityModel.Claims.WindowsClaimsPrincipal..ctor(WindowsClaimsIdentity ident...

Status: Active, 4 Up-Votes, 0 Down-Votes, 2 validations, 0 workarounds, 1 comment, feedback id: 763742

Integration with SharePoint 2010

Joseph Scarano

Are these extensions compatible with SharePoint 2010?

Status: Active, 2 Up-Votes, 0 Down-Votes, 0 validations, 0 workarounds, 1 comment, feedback id: 741335

ADFS/C2WTS identity impersonation failure after an IIS reset

MonkeyTennis

The problem is easily reproduced using the following steps: •Create an empty ASP.NET website and set up federation with ADFS ◦Ensure that a UPN claim is emitted by ADFS •Modify C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe.config to allow access to authenticated users •Start the C2WTS service via start-run-services.msc •Modify the ASP.NET web.config file to enable identity impersonation •Log in via ADFS •Perform an IIS reset •Refresh the page The following error will occur: ...

Status: Active, 1 Up-Vote, 0 Down-Votes, 0 validations, 2 workarounds, 0 comments, feedback id: 733737

Need for extend enum values of Microsoft.IdentityModel.Protocols.OAuth.Client.AuthorizationResponseType

Naohiro Fujie

In the WIF extension for OAuth, the values of Microsoft.IdentityModel.Protocols.OAuth.Client.AuthorizationResponseType are fixed to 'code','token','code and token', but in the real world, some extensions for the specification of OAuth such as OpenID Connect are proceeding. For example, I want to set 'id_token' as the response type parameter of OAuthClient.RedirectToEndUserEndpoint() method to connect openid provider endpoint supporting openid connect, but now its parameter does not support cust...

Status: Active, 1 Up-Vote, 0 Down-Votes, 0 validations, 0 workarounds, 0 comments, feedback id: 731837

Will these extensions ever see the light of day?

jgrenier

It has been seven months since the SAML 2.0 extensions CTP was released, and not a word from the WIF team on whether or when they will be RTM (or if there will be another CTP). I have spent the last month working around the lack of SAML 2.0 protocol support in the current version of WIF. This after spending some time working with the extensions then realizing that I could not recommend their use when there is absolutely no communication from Microsoft to the developer community regarding their r...

Status: Active, 6 Up-Votes, 0 Down-Votes, 0 validations, 0 workarounds, 1 comment, feedback id: 714031

Schedule and release

Bobby_D

We really appreciate these extensions having been released. I have some customers interested in using these libraries as soonas possible but I am hesitant to use them in a production environment because of the licensing restrictions. I checked MSDN as well as the web in general and have not seen a release date for these extensions. Is there any word yet on when/whether we can use these extensions in production?

Status: Active, 5 Up-Votes, 0 Down-Votes, 0 validations, 0 workarounds, 2 comments, feedback id: 703417

Test

roiderevez

Test

Status: Active, 1 Up-Vote, 0 Down-Votes, 0 validations, 0 workarounds, 0 comments, feedback id: 700944

Test

roiderevez

Test

Status: Active, 1 Up-Vote, 0 Down-Votes, 0 validations, 0 workarounds, 0 comments, feedback id: 700942

Test

roiderevez

Test

Status: Active, 1 Up-Vote, 0 Down-Votes, 0 validations, 0 workarounds, 0 comments, feedback id: 700940

Test

roiderevez

Test

Status: Active, 1 Up-Vote, 0 Down-Votes, 0 validations, 0 workarounds, 0 comments, feedback id: 700939

Test

roiderevez

Test

Status: Active, 2 Up-Votes, 0 Down-Votes, 0 validations, 0 workarounds, 1 comment, feedback id: 700938

TestCase

roiderevez

TestCase

Status: Active, 1 Up-Vote, 0 Down-Votes, 0 validations, 0 workarounds, 0 comments, feedback id: 700928

Future plans for OAuth 2 support in WIF

the black labrador

I have looked at the ACS/OAuth 2 sample and got it to work with no problems but it seems to be a bit inconsistent with the WS-Federation approach used in the existing RTM WIF. In particular, would have expected to have a mirror of the WSFederationAuthenticationModule and SessionAuthenticatonModule from WIF. The sample has an OAuthClient and an OAuthAuthenticationModule, which together seem to be analogous to the WSFAM, but they are configured in the Global.asax and you have to wire events up you...

Status: Active, 3 Up-Votes, 0 Down-Votes, 0 validations, 0 workarounds, 0 comments, feedback id: 698301

WIF and SAML 2.0

lcarrion

We are trying to use this extension in our PoC, this works fine if we used web app, but we have problem when we put our web app in a Azure Web Role, apparently it can’t redirect to our default page in azure emulator. Any help will be very appreciated

Status: Active, 2 Up-Votes, 0 Down-Votes, 0 validations, 0 workarounds, 0 comments, feedback id: 695293

SAml extension and Web parms.

Atef Abdou

There are several issues with running the extension in a web farm environment. First all url’s that are supposed to be stored by either the sing-in or sign-out methods do not use a cookie but rather a session based object and thus does not work in a web farm scenario. The single signoutservice also uses a session based object in the form of SessionParticipantStorage . This means that when attempting to initiate a sps sign-out , no items are found in the storage and thus no SAML request is sent...

Status: Active, 1 Up-Vote, 0 Down-Votes, 0 validations, 0 workarounds, 0 comments, feedback id: 692663

honor Saml2ProtocolSerializer(null) ctor or option to avoid automatic SignatureValidation

Calvin Charles

Even after passing the signatureTokenResolver as null (to indicate signatures should not be validated) still the serializer.ReadMessage(XmlReader) throws SignatureVerificationFailedException. It seems like Saml2SecurityTokenHandler.ReadAssertion calls reader3.TryReadSignature(); which causing EnvelopedSignatureReader.ResolveSigningCredentials() call on EnvelopedSignatureReader.OnEndOfRootElement().

Status: Active, 1 Up-Vote, 0 Down-Votes, 0 validations, 0 workarounds, 0 comments, feedback id: 690798

Error when adding STS-Reference in German Visual Studio 2010

patorgjep

In the German Version of Visual Studio 2010 I got an error message when I want to add a STS reference. After selecting "New STS project..." on the second page of the "Administrator: Federation Utility"-wizard and finishing it, i got the error message "HRESULT: 0x80070002" (a file-not-found execption). This problem is caused on all german versions of Visual Studio 2010 in our company, but it works fine with the english Visual Studios. Other users describe the same problem in this discussion: ht...

Status: Active, 3 Up-Votes, 0 Down-Votes, 2 validations, 0 workarounds, 1 comment, feedback id: 690346

Identity Developer training kit for Visual Studio 2010 out of date

Marco Kroonwijk

Just want to put a remark that the Identity Developer training kit for Visual Studio 2010 is out of date. This can give problems with the labs. For example, I had the following problem reported during EXERCISE 2: ACCEPTING TOKENS FROM AN ACTIVE DIRECTORY FEDERATION SERVICES (ADFS) STS: "The server certificate with name 'CN=ip-sts-01.federatedidentity.net' failed identity verification because its thumbprint ('DE74CFE7D20E8DC2B6E6E700E4D2A940CB08B268') does not match the one specified in the en...

Status: Active, 1 Up-Vote, 0 Down-Votes, 0 validations, 1 workaround, 0 comments, feedback id: 685692

"ID6018: Digest verification failed for reference" when adding element to a SAML2 assertion .

robert411

We have a requirement to create a SAML 2 assertion that should add a element to the assertion's element. This is part of a federated identity scenario with a WIF based custom STS. A custom Saml2SecurityTokenHandler was added to the STS and the WriteConditions() method was overriden to add the element. This is an example of the assertion that results: