Incoming policy failed validation.
-
Wednesday, August 13, 2008 6:46 PM
Hello,
I got the exception when an ActiveX object of CardSpace was created by javascript, the code like this:
Code Snippet<input id="Button2" type="button" onclick="b();" value="dynamic token" />
<script type="text/javascript">function b() {
var _informationCard = document.createElement("object");
_informationCard.id = "_token";
_informationCard.name = "$token";
_informationCard.type = "application/x-informationcard";var tokenType = document.createElement("param");
tokenType.name = "tokenType";
tokenType.value = 'urn:oasis:names:tc:SAML:1.0:assertion';var requiredClaims = document.createElement("param");
requiredClaims.name = "requiredClaims";
requiredClaims.value = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname";var optionalClaims = document.createElement("param");
optionalClaims.name = "optionalClaims";
optionalClaims.value = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/streetaddress";_informationCard.appendChild(tokenType);
_informationCard.appendChild(requiredClaims);
_informationCard.appendChild(optionalClaims);var heads = document.getElementsByTagName("head");
heads[0].appendChild(_informationCard);
var value = null;
try {
value = _informationCard.value;
} catch (e) { }}
</script>But if I write the same object element in head or body, it works well. Following is the code:
Code Snippet<input id="Button1" type="button" onclick="aa();" value="static token" />
<OBJECT id=static_token type=application/x-informationcard><PARAM NAME="tokenType" VALUE="urn:oasis:names:tc:SAML:1.0:assertion"><PARAM NAME="requiredClaims" VALUE="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"><PARAM NAME="optionalClaims" VALUE="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/streetaddress"></OBJECT>
<script type="text/javascript">
function aa() {
var t = document.getElementById("static_token");
var value = null;
try {
value = t.value;
} catch (e) { }}
</script>Why are they difference? whether the object can not be created by javascript?
All Replies
-
Thursday, August 14, 2008 12:34 AMCan you provide the details of the exception you see? Is there any event log entry for the error?
-
Thursday, August 14, 2008 2:28 AM
Yes, there is an event log entry for the error, the following is the detials of the exception:
- System - Provider [ Name] CardSpace 3.0.0.0 - EventID 267 [ Qualifiers] 49157 Level 2 Task 1 Keywords 0x80000000000000 - TimeCreated [ SystemTime] 2008-08-14T02:24:44.000Z EventRecordID 59925 Channel Application Computer WIN-24B68V7EGV2 - Security [ UserID] S-1-5-21-3035648049-429238614-2600490272-500 - EventData No valid claim elements were found in the policy XML. Additional Information: at System.Environment.GetStackTrace(Exception e, Boolean needFileInfo) at System.Environment.get_StackTrace() at Microsoft.InfoCards.Diagnostics.InfoCardTrace.BuildMessage(InfoCardBaseException ie) at Microsoft.InfoCards.Diagnostics.InfoCardTrace.TraceAndLogException(Exception e) at Microsoft.InfoCards.Diagnostics.InfoCardTrace.ThrowHelperError(Exception e) at Microsoft.InfoCards.Policy.ReadClaims(XmlReader reader) at Microsoft.InfoCards.Policy.ParsePolicyXml(String policyXml) at Microsoft.InfoCards.Policy..ctor(String originalPolicyXml, String rstPolicyXml) at Microsoft.InfoCards.PolicyFactory.CreatePolicyFromUnwrappedPolicyXml(String originalPolicyXml) at Microsoft.InfoCards.InfoCardPolicy.ParseIncomingPolicy(ParsedPolicy parsedPolicy) at Microsoft.InfoCards.InfoCardPolicy..ctor(EndpointAddress immediateTokenRecipient, EndpointAddress issuer, ParsedPolicy policy, PolicyUsageContext policyUsageContext, String privacyUrl, UInt32 privacyVersion, RecipientIdentity recipientIdentity, Boolean isManaged) at Microsoft.InfoCards.PolicyFactory.CreatePolicyForGetBrowserTokenRequest(CardSpacePolicyElement policyElement, Uri recipientPolicyNoticeLink, UInt32 recipientPolicyNoticeVersion, RecipientIdentity recipientIdentity, PolicyUsageContext usageContext) at Microsoft.InfoCards.GetBrowserTokenRequest.CreateInfoCardPolicyFromBrowserParams() at Microsoft.InfoCards.GetBrowserTokenRequest.OnMarshalInArgs() at Microsoft.InfoCards.Request.PreProcessRequest() at Microsoft.InfoCards.ClientUIRequest.PreProcessRequest() at Microsoft.InfoCards.Request.DoProcessRequest(String& extendedMessage) at Microsoft.InfoCards.RequestFactory.ProcessNewRequest(Int32 parentRequestHandle, IntPtr rpcHandle, IntPtr inArgs, IntPtr& outArgs) -
Thursday, August 14, 2008 9:14 PM
Try this mechanism of dynamically configuring properties:
Code Snippetfunction b() {
var _informationCard = document.createElement("object");
_informationCard.id = "_token";
_informationCard.name = "$token";
_informationCard.type = "application/x-informationcard";_informationCard.tokenType = 'urn:oasis:names:tc:SAML:1.0:assertion';
_informationCard.requiredClaims.Add("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname");
_informationCard.optionalClaims.Add("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/streetaddress");
var heads = document.getElementsByTagName("head");
heads[0].appendChild(_informationCard);
var value = null;
try {
value = _informationCard.value;
} catch (e) { }
} -
Friday, August 15, 2008 3:28 AM
This problem was resolved.
Thank you for your help!
-
Monday, October 20, 2008 2:38 PM
Dynamic property configuration didn't help me. I still got some weird problems: all unset properties have their default values (issuer also) and selector says I need a card that I don't have (a managed card, obviously, though issuer is "").
But I modified the dynamic HTML approach that Easy Company originally used and it worked. All I did was just setting the "type" attribute _after_ all parameters are added (and I set it as an attribute: selector.setAttribute("type", "application/x-informationcard")).
-
Friday, December 31, 2010 8:42 AM
Replacing CRM Dynamics with CRM 2011 in my post leads to authentication policy error. Any ideas?
http://raotayyabali.wordpress.com/2010/12/30/ms-crm-dynamics-online-and-claim-based-authentication/
Tayyab
-
Friday, September 23, 2011 3:02 PM
