locked
Unable to access the cloud service using STS RRS feed

  • Question

  • I have created a WCF and wants to federate using following certificates from WCF Token Service,

    • Signing Certificate: CN=signingcertificate_ca, self-signing certificate<//span>
    • Encryption Certificate: CN=claimawarewcf.cloudapp.net, issued by CN=signingcertificate_ca<//span>

    The above certificates are being trusted within their respective stores. I have added the STS Reference to my WCF and corresponding web.config and federation file is also generated, but when I upload this WCF as cloud service on Windows Azure with the corresponding certificates being uploaded under the service, the service access gives the Server Error. If I do the same without federating, the WCF on Azure works properly and corresponding Authentication occurs, also if I federate the service with STSTestCert and Default Encryption Certificate(CN = DefaultApplicationCertificate), federation works fine. How can I federate Cloud Service using Signing Certificate: CN=signingcertificate_ca and Encryption Certificate: CN=claimawarewcf.cloudapp.net.


    Thanks & Regards Rohan Chikhale (Software Engineer)

    Thursday, September 27, 2012 7:25 AM

Answers

All replies

  • Thank you posting!

    This is a quick note to let you know that I am performing research on this issue and will get back to you as soon as possible. I appreciate your patience.


    • Edited by Jiang Yun Friday, September 28, 2012 5:34 AM
    Friday, September 28, 2012 5:29 AM
  • Self signed certificates may not work properly as by default they're not trusted. It is recommended to use purchased certificates. If it is needed, you can try to configure the cloud machine to trust self signed certificates using a startup task together with some certificate tools like http://msdn.microsoft.com/en-US/library/e78byta0(v=vs.100).aspx. For more information about federation, you can also post a question on http://social.msdn.microsoft.com/Forums/en-US/Geneva/threads.
    Friday, September 28, 2012 7:48 AM
  • Hi Jiang Yun,

    I checked out the cert tool link you posted, but my certificates are already in the Trusted Authority. Also one of the tutorial to use STS on the cloud is using Selft Signed Certificate, you can check the below link,

    http://msdn.microsoft.com/en-us/windowsazure/wazplatformtrainingcourse_webservicesandidentityinthecloud2010_topic3

    Also my certificates works fine on cloud without using STS federation.... I am unable to figure out why the certificates are not working for the STS Federation.... do i need some more configurations on the cloud?????

    Also when I test the service using WcfTestClient.exe I get following message,

    Error: Cannot obtain Metadata from https://claimawarewcf.cloudapp.net/ If this is a Windows (R) Communication Foundation service to which you have access, please check that you have enabled metadata publishing at the specified address. For help enabling metadata publishing, please refer to the MSDN documentation at http://go.microsoft.com/fwlink/?LinkId=65455.WS-Metadata Exchange Error URI: https://claimawarewcf.cloudapp.net/ Metadata contains a reference that cannot be resolved: 'https://claimawarewcf.cloudapp.net/'. The content type text/html; charset=utf-8 of the response message does not match the content type of the binding (application/soap+xml; charset=utf-8). If using a custom encoder, be sure that the IsContentTypeSupported method is implemented properly. The first 1024 bytes of the response were: '

    For STS Federation, the STS Token Site is on my machine which is under redmond domain, does this causing a block while accessing the WCF??????

    Thanks & Regards Rohan Chikhale (Software Engineer)




    Monday, October 1, 2012 9:09 AM
  • Hi,

    The second error may occur if you use the wrong service address, or indeed something goes wrong inside the service. If you’re sure the service address is correct, please try to type it inside a browser and see if you’re able to get the complete error message. In addition, it is needed to use the useRequestHeadersForMetadataAddress behavior if you want to use metadata in load balanced environment. Please refer to http://msdn.microsoft.com/en-us/library/ee816894.aspx for more information.

    Best Regards,

    Ming Xu.


    Please mark the replies as answers if they help or unmark if not.
    If you have any feedback about my replies, please contact msdnmg@microsoft.com.
    Microsoft One Code Framework

    Saturday, October 6, 2012 5:24 PM