locked
Problem running sample program 'Stock Quote Service using Identity Manager' RRS feed

  • Question

  • Hi,

    I am working on CSF Development Lite version. I downloaded the sample program 'Stock Quote Service using Identity Manager' from MSDN and trying to run that. The session is created successfully. But the message is not routed to the Service Logic web service. It shows the error - "Unable to find the secondary credential. Message will be dropped".

    This is the content of the Session manifest file:

    <Session xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" timestamp="0001-01-01T00:00:00.0000000-08:00" timeout="30" serialize="None" routeAnyAction="true" ackOnRouteMsgToParticipants="false"  xmlns="http://Microsoft/ConnectedServices/2006/06/Session/">
      <SessionName>StockQuoteIdmSample</SessionName>
      <Participants>
        <Participant timeout="30" role="Service" inChannelResponse="false" type="WebService">
          <ParticipantName>ServiceLogic</ParticipantName>
          <ParticipantID>ServiceLogic</ParticipantID>
          <ParticipantUrl>http://TVMKVMTT727/ServiceLogic/ServiceLogic.ashx</ParticipantUrl>
          <PolicyDocument>
            <Reference>ServiceParticipantPolicy</Reference>
            <Include>
              <SecondaryCredentialMap>
                <PrimaryCredentialForMessage>Persona</PrimaryCredentialForMessage>
                <PrimaryCredentialForTransport transportAuthenticationType="Digest">None</PrimaryCredentialForTransport>
              </SecondaryCredentialMap>
            </Include>
          </PolicyDocument>
        </Participant>
        <Participant timeout="30" role="Service" inChannelResponse="false" type="WebService">
          <ParticipantName>EmailSender</ParticipantName>
          <ParticipantID>EmailSender</ParticipantID>
          <ParticipantUrl>http://TVMKVMTT727/EmailSender/EmailSender.ashx</ParticipantUrl>
        </Participant>
        <Participant timeout="30" role="Service" inChannelResponse="false" type="WebService">
          <ParticipantName>UIParticipant</ParticipantName>
          <ParticipantID>UIParticipant</ParticipantID>
          <ParticipantUrl>soap.tcp://TVMKVMTT727:9100/UiFormService</ParticipantUrl>
        </Participant>
        <Participant timeout="300" role="Service" inChannelResponse="true" type="WebService">
          <ParticipantName>QuoteWebService</ParticipantName>
          <ParticipantID>QuoteWebService</ParticipantID>
          <ParticipantUrl>http://localhost/StockQuote/StockQuote.asmx</ParticipantUrl>
        </Participant>
        <Participant timeout="30" role="Persona" inChannelResponse="false" type="WebService">
          <SoapVersion>Soap12</SoapVersion>
          <ParticipantName>PersonaParticipant</ParticipantName>
          <ParticipantID>PersonaParticipant</ParticipantID>
          <ParticipantUrl>http://TVMKVMTT727/IdentityManager30/IdentityManager.ashx</ParticipantUrl>
          <SecurityToken>
            <UsernameToken>
              <Username>Session-Service</Username>
              <Password>passw0rd!</Password>
            </UsernameToken>
          </SecurityToken>

          <PolicyDocument>
            <Reference>PersonaParticipantPolicy</Reference>
          </PolicyDocument>
        </Participant>
      </Participants>
      <RoutingTable version="0" timestamp="0001-01-01T00:00:00.0000000-08:00">
        <Routes>
          <Route>
            <Criteria>(ACTION EQ 'http://www.contoso.com/stockquote/servicelogic/SendStockQuoteEmail')</Criteria>
            <Destination>ServiceLogic[http://www.contoso.com/stockquote/servicelogic/SendStockQuoteEmail]</Destination>
          </Route>
          <Route>
            <Criteria>((ACTION EQ 'http://www.contoso.com/stockquote/servicelogic/SendStockQuoteEmailResponse') AND (SOURCE EQ 'ServiceLogic'))</Criteria>
            <Destination>QuoteWebService[http://tempuri.org/GetQuickQuote]</Destination>
          </Route>
          <Route>
            <Criteria>(ACTION EQ 'http://tempuri.org/GetQuickQuoteResponse')</Criteria>
            <Destination>UIParticipant[http://www.contoso.com/SampleServices/RouteResponse]</Destination>
          </Route>
          <Route>
            <Criteria>(ACTION EQ 'http://tempuri.org/GetQuickQuoteResponse')</Criteria>
            <Destination>ServiceLogic[http://www.contoso.com/stockquote/servicelogic/ProcessGetQuoteResponse]</Destination>
          </Route>
          <Route>
            <Criteria>((ACTION EQ 'http://www.contoso.com/stockquote/emailsender/SendEmail') AND (SOURCE EQ 'ServiceLogic'))</Criteria>
            <Destination>EmailSender[http://www.contoso.com/stockquote/emailsender/SendEmail]</Destination>
          </Route>
        </Routes>
      </RoutingTable>
    </Session>

    The username and password which are mentioned in the usernametoken in the manifest file are present in the default usermaps.xml provided by the Identity manager component.

    What can be the problem?

    Thanks, Siddhartha

    Friday, December 1, 2006 5:34 AM

Answers

  • Siddhartha - If you look at the participant manifest for Service logic (SL) , it requires secondary credential which means Session needs to send a UNT when sending a message to the SL.

    <Participant timeout="30" role="Service" inChannelResponse="false" type="WebService">
          <ParticipantName>ServiceLogic</ParticipantName>
          <ParticipantID>ServiceLogic</ParticipantID>
          <ParticipantUrl>http://TVMKVMTT727/ServiceLogic/ServiceLogic.ashx</ParticipantUrl>
          <PolicyDocument>
            <Reference>ServiceParticipantPolicy</Reference>
            <Include>
              <SecondaryCredentialMap>
                <PrimaryCredentialForMessage>Persona</PrimaryCredentialForMessage>
                <PrimaryCredentialForTransport transportAuthenticationType="Digest">None</PrimaryCredentialForTransport>
              </SecondaryCredentialMap>
            </Include>
          </PolicyDocument>
        </Participant>

    It order to send the UNT, Session will go to IDM (in your case Identity Manager Lite) which is shipped with Devlite for secondary credentials. If the secondary credentials are not present in the IDM for the Persona User Session-Service in this case, then Session will just drop the messsage saying it cannot route the message.

    To fix this issue, you need to add an entry in the xml file which contains the secondary credentials  for IDM Lite and for enterprise edition you could use the MMC for IDM to create the secondary credential map which is stored in ESSO.

    You can find more detailed documentation on the following location.

    http://msdn2.microsoft.com/en-us/library/aa303491.aspx

    Thanks

     

    Wednesday, December 6, 2006 6:24 AM
  • You missed one piece of information. You need to make sure the ApplicationID in your UserMap.xml match the participant ID in the Participant manifest.

    <Participant timeout="30" role="Service" inChannelResponse="false" type="WebService">
          <ParticipantName>ServiceLogic</ParticipantName>
          <!--ParticipantID>ServiceLogic</ParticipantID-->

          <ParticipantID>Application1</ParticipantID>

          <ParticipantUrl>http://TVMKVMTT727/ServiceLogic/ServiceLogic.ashx</ParticipantUrl>
          <PolicyDocument>
            <Reference>ServiceParticipantPolicy</Reference>
            <Include>
              <SecondaryCredentialMap>
                <PrimaryCredentialForMessage>Persona</PrimaryCredentialForMessage>
                <PrimaryCredentialForTransport transportAuthenticationType="Digest">None</PrimaryCredentialForTransport>
              </SecondaryCredentialMap>
            </Include>
          </PolicyDocument>
        </Participant>

    You are having the participant ID as ServiceLogic. Instead you need to change that to Application1

    If you make that one small change, things should work for you.

    Thursday, December 7, 2006 7:51 PM

All replies

  • Siddhartha - If you look at the participant manifest for Service logic (SL) , it requires secondary credential which means Session needs to send a UNT when sending a message to the SL.

    <Participant timeout="30" role="Service" inChannelResponse="false" type="WebService">
          <ParticipantName>ServiceLogic</ParticipantName>
          <ParticipantID>ServiceLogic</ParticipantID>
          <ParticipantUrl>http://TVMKVMTT727/ServiceLogic/ServiceLogic.ashx</ParticipantUrl>
          <PolicyDocument>
            <Reference>ServiceParticipantPolicy</Reference>
            <Include>
              <SecondaryCredentialMap>
                <PrimaryCredentialForMessage>Persona</PrimaryCredentialForMessage>
                <PrimaryCredentialForTransport transportAuthenticationType="Digest">None</PrimaryCredentialForTransport>
              </SecondaryCredentialMap>
            </Include>
          </PolicyDocument>
        </Participant>

    It order to send the UNT, Session will go to IDM (in your case Identity Manager Lite) which is shipped with Devlite for secondary credentials. If the secondary credentials are not present in the IDM for the Persona User Session-Service in this case, then Session will just drop the messsage saying it cannot route the message.

    To fix this issue, you need to add an entry in the xml file which contains the secondary credentials  for IDM Lite and for enterprise edition you could use the MMC for IDM to create the secondary credential map which is stored in ESSO.

    You can find more detailed documentation on the following location.

    http://msdn2.microsoft.com/en-us/library/aa303491.aspx

    Thanks

     

    Wednesday, December 6, 2006 6:24 AM
  • Hi Senthil,

    The usermap.xml file already contains the entry for the userid and password which i am specifying in the usernametoken in the manifest file.

    <UserMapManagerReadResponse xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://Microsoft/ConnectedServices/2006/06/IdentityManager/">
     <UserMaps>
      <UserMap>
       <UserId>TVMKVMTT727\Session-Service</UserId>
       <ApplicationId>Application1</ApplicationId>
       <ApplicationUserId>Session-Service@TVMKVMTT727</ApplicationUserId>
       <ApplicationUserCredential>passw0rd!</ApplicationUserCredential>
       <ApplicationCredentialType>Password</ApplicationCredentialType>
      </UserMap>
      <UserMap>
       <UserId>CONTOSO\someuser</UserId>
       <ApplicationId>Application2</ApplicationId>
       <ApplicationUserId>anotheruser@anotherCompany.com</ApplicationUserId>
       <ApplicationUserCredential>passw0rd!</ApplicationUserCredential>
       <ApplicationCredentialType>Password</ApplicationCredentialType>
      </UserMap>
     </UserMaps>
    </UserMapManagerReadResponse>

    Do i still need to add a new entry in the XML file?

    Thursday, December 7, 2006 4:29 AM
  • You missed one piece of information. You need to make sure the ApplicationID in your UserMap.xml match the participant ID in the Participant manifest.

    <Participant timeout="30" role="Service" inChannelResponse="false" type="WebService">
          <ParticipantName>ServiceLogic</ParticipantName>
          <!--ParticipantID>ServiceLogic</ParticipantID-->

          <ParticipantID>Application1</ParticipantID>

          <ParticipantUrl>http://TVMKVMTT727/ServiceLogic/ServiceLogic.ashx</ParticipantUrl>
          <PolicyDocument>
            <Reference>ServiceParticipantPolicy</Reference>
            <Include>
              <SecondaryCredentialMap>
                <PrimaryCredentialForMessage>Persona</PrimaryCredentialForMessage>
                <PrimaryCredentialForTransport transportAuthenticationType="Digest">None</PrimaryCredentialForTransport>
              </SecondaryCredentialMap>
            </Include>
          </PolicyDocument>
        </Participant>

    You are having the participant ID as ServiceLogic. Instead you need to change that to Application1

    If you make that one small change, things should work for you.

    Thursday, December 7, 2006 7:51 PM