none
Remove & Add again the same WS-Federation IP. Error ACS60006

    Question

  • Hi every one,

    After changing my FederationMetadata in my custom STS I wanted to update the ACS Identity Provider as well as my rule group for the relying party application to pass the new claims I added (NameIdentifier, GivenName).

    Because I could not get it to generate the new claims I Deleted the "Relying party application", "Rule group", and "My custom IP". When I tried to create the Identity Provider from scratch (Add WS-Federation Identity Provider) using the url I previously used and worked fine I get the following error:

    An unexpected error occurred while processing your request. 

    HTTP Error Code: 400

    Message: ACS60006: Attempted to insert a new copy of an object that already exists in the database.

    Trace ID: ee7672a3-524e-408d-945a-d3ca655b6ea6

    Timestamp: 2012-03-21 15:06:48Z

    Does anyone knows what is happening?! All lists are empty there shouldnt be any conflicts because I have already deleted all "Relying party applications", "Rule groups", and "custom IPs".  

    Constantinos


    Constantinos Leftheris. http://www.indice.gr

    Wednesday, March 21, 2012 3:15 PM

Answers

  • In reply to my question:

    I removed the NameIdentity claim from my STS and the problem went away. This error is totaly misleading!!! I sould have got something like your updated FederationMetadata has a problem or something.

    Anyway...

    In general do not use the NameIdentifier in your own custom STS without knowing exactly what you are doing. For example I wanted to expose a unique Guid for the user but this is not its purpose as it seems. You can find out more here http://blogs.msdn.com/b/card/archive/2010/02/17/name-identifiers-in-saml-assertions.aspx

    Regards

    C.


    Constantinos Leftheris. http://www.indice.gr

    • Marked as answer by Indice Wednesday, March 21, 2012 4:02 PM
    Wednesday, March 21, 2012 4:02 PM

All replies

  • In reply to my question:

    I removed the NameIdentity claim from my STS and the problem went away. This error is totaly misleading!!! I sould have got something like your updated FederationMetadata has a problem or something.

    Anyway...

    In general do not use the NameIdentifier in your own custom STS without knowing exactly what you are doing. For example I wanted to expose a unique Guid for the user but this is not its purpose as it seems. You can find out more here http://blogs.msdn.com/b/card/archive/2010/02/17/name-identifiers-in-saml-assertions.aspx

    Regards

    C.


    Constantinos Leftheris. http://www.indice.gr

    • Marked as answer by Indice Wednesday, March 21, 2012 4:02 PM
    Wednesday, March 21, 2012 4:02 PM
  • Hi,

    Thank you for sharing your answer.


    Please mark the replies as answers if they help or unmark if not. If you have any feedback about my replies, please contact msdnmg@microsoft.com Microsoft One Code Framework

    Thursday, March 22, 2012 6:16 AM
    Moderator