Setting up ws2007FederationHttpBinding on a BizTalk Receive Location RRS feed

  • Question

  • Hi Everyone,

    There is not a lot of information available on this online, but I am having a hard time setting up a WCF Receive Location to receive messages along with a SAML token. The IDM is ThinkTecture.

    I have a client app that authenticates against the IDM and gets a valid token. I now need to call my BizTalk WCF service and pass the token. But I am not getting as far as successfully standing up the WCF Receive Location.

    The issue I have is certificate related. The certificates in the FederationMetadata.xml file do not seem to have private keys or at least I think that is the issue. I installed the certificate from the FederationMetadata.xml file into local computer stores and stores for the isolated host instance service account. The port setup seems to be finding the cert ok.

    When browsing to the .svc, the following error occurs:

    It is likely that certificate 'CN=IdentityTokenSigning' may not have a private key that is capable of key exchange or the process may not have access rights for the private key. Please see inner exception for detail.

    Any assistance would be appreciated!


    Saturday, December 20, 2014 6:31 PM

All replies

  • I actually managed to make some progress here, just to run into another stumbling block. I generated a self signed cert with a public and private key and configured it as such on the receive location behavior > ServiceCredentials -> ServiceCertificate.

    So now I have my own generated cert installed as the servicecertificate and I have the ThinkTecture public cert installed under the WS2007FederationHTTPBindingElement -> Security -> Message -> IssuerMetadata -> Identity -> CertificateReference.

    Now I am getting this error: No version of the CardSpace service was found to be installed on the machine. Please install CardSpace and retry the operation

    I am running .NET 4.0 and Windows 2012. As far as I know CardSpace is long gone.

    Saturday, December 20, 2014 10:43 PM
  • From the error message above, please make sure you have installed CardSpace service.
    Monday, December 22, 2014 2:30 AM