none
WCF-Adapter SSO Tickets RRS feed

  • Question

  •  

    Hi Everyone,

     

     

    I'm trying to use the WCF-Adapter to access an Oracle Database.

     

    I'm trying to use SSO to provide credentials to send ports rather than manually enter the password.

     

    I've deployed the BTS application, created the SSO affiliate application assigned the mappings etc but when I try to run the application I get the following error.

     

     

    Details:"System.Runtime.InteropServices.COMException (0x80004005): Unable to redeem ticket, no ticket exists in the message.


       at Microsoft.BizTalk.Interop.IBTSTicket.ValidateAndRedeemTicket(Object message, String applicationName, Int32 flags, String& externalUserName)
       at Microsoft.BizTalk.Adapter.Wcf.Runtime.WcfClient`2.ApplyClientCredentials(ClientCredentials clientCredentials, IBaseMessage message)
       at Microsoft.BizTalk.Adapter.Wcf.Runtime.WcfClient`2.CreateChannelFactory[TChannel](IBaseMessage bizTalkMessage)
       at Microsoft.BizTalk.Adapter.Wcf.Runtime.WcfClient`2.GetChannel[TChannel](IBaseMessage bizTalkMessage, ChannelFactory`1& cachedFactory)
       at Microsoft.BizTalk.Adapter.Wcf.Runtime.WcfClient`2.SendMessage(IBaseMessage bizTalkMessage)".

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

     

    Obviously the problem is I haven't issued a ticket to the message, which I understand is done by a WCF receive location. I don't have any of those, I use Send/Receive ports to access the Oracle DB. The only receive ports I use are for SQL Server and File.

     

    Can anyone explain how I am supposed to issue tickets to messages?

     

     

    Thanks

    Friday, October 10, 2008 3:16 AM

Answers

  •  

    You have two options:

    1. use the SSOTicket that is associated with a message received earlier

    2. issue a SSOTicket.

     

    As you mentioned earlier, there are many scenarios where you will not have SSO Ticket associated with a prior message.

     

    So you are left with option 2. You need to do the following:

     

    ISSOTicket sso = new ISSOTicket();

    Message(BTS.SSOTicket) = sso.IssueTicket(0);

     

    But you will have problems instantiating the ISSOTicket within BTS orchestration. Therefore the solution is to create a helper class-library with following code:

     

    using System;

    using System.Collections.Generic;

    using System.Text;

    using Microsoft.BizTalk.SSOClient.Interop;

    namespace SSOHelper

    {

    [Serializable]

    public static class SSOTicket

    {

    public static string IssueTicket()

    {

    ISSOTicket sso = new ISSOTicket();

    return sso.IssueTicket(0);

    }

    }

    }

     

     

    and call it from the message assignment shape, like so:

    Message(BTS.SSOTicket) = SSOHelper.SSOTicket.IssueTicket();

     

    and voila - it works

     

     

    Some things to note:

    1. the argument value must be zero and is ignored in the currentversion of the SSO library

    2. You can only issue the ticket to yourself. Need to map the OriginatorSID in the SSO Affiliate Application to the external users required.

    3. The Issued ticket can time out. I would prefer to issue ticket as many times as required, rather than a long time out period.

     

    HTH

    Wednesday, October 15, 2008 5:26 AM

All replies

  • On the receive location for the WCF-Custom adapter where you have specified OracleDBBinding, there is a tab called "Other" where you can specify the credential details. Choose the radio button "Issue Single Sign-On Ticket." You can alternately choose to associate the port with an affiliate application on this tab.

     

    Thanks,

     

    Tuesday, October 14, 2008 1:31 AM
    Moderator
  • Hi Ben,

     

     

    Thanks for your response. That will enable me to use SSO when I receive data from Oracle, however it only helps when a receive port is bound to a WCF-Custom receive location.

     

    Is there a way to issue SSO Tickets using a WCF-Custom send/receive port when the only receive locations uses another adapter. I'm specifically interested in SQL or FILE adapters?

     

     

    Thanks

     

    Stuart

    Tuesday, October 14, 2008 10:10 PM
  •  

    You have two options:

    1. use the SSOTicket that is associated with a message received earlier

    2. issue a SSOTicket.

     

    As you mentioned earlier, there are many scenarios where you will not have SSO Ticket associated with a prior message.

     

    So you are left with option 2. You need to do the following:

     

    ISSOTicket sso = new ISSOTicket();

    Message(BTS.SSOTicket) = sso.IssueTicket(0);

     

    But you will have problems instantiating the ISSOTicket within BTS orchestration. Therefore the solution is to create a helper class-library with following code:

     

    using System;

    using System.Collections.Generic;

    using System.Text;

    using Microsoft.BizTalk.SSOClient.Interop;

    namespace SSOHelper

    {

    [Serializable]

    public static class SSOTicket

    {

    public static string IssueTicket()

    {

    ISSOTicket sso = new ISSOTicket();

    return sso.IssueTicket(0);

    }

    }

    }

     

     

    and call it from the message assignment shape, like so:

    Message(BTS.SSOTicket) = SSOHelper.SSOTicket.IssueTicket();

     

    and voila - it works

     

     

    Some things to note:

    1. the argument value must be zero and is ignored in the currentversion of the SSO library

    2. You can only issue the ticket to yourself. Need to map the OriginatorSID in the SSO Affiliate Application to the external users required.

    3. The Issued ticket can time out. I would prefer to issue ticket as many times as required, rather than a long time out period.

     

    HTH

    Wednesday, October 15, 2008 5:26 AM