Remove & Add again the same WS-Federation IP. Error ACS60006


  • Hi every one,

    After changing my FederationMetadata in my custom STS I wanted to update the ACS Identity Provider as well as my rule group for the relying party application to pass the new claims I added (NameIdentifier, GivenName).

    Because I could not get it to generate the new claims I Deleted the "Relying party application", "Rule group", and "My custom IP". When I tried to create the Identity Provider from scratch (Add WS-Federation Identity Provider) using the url I previously used and worked fine I get the following error:

    An unexpected error occurred while processing your request. 

    HTTP Error Code: 400

    Message: ACS60006: Attempted to insert a new copy of an object that already exists in the database.

    Trace ID: ee7672a3-524e-408d-945a-d3ca655b6ea6

    Timestamp: 2012-03-21 15:06:48Z

    Does anyone knows what is happening?! All lists are empty there shouldnt be any conflicts because I have already deleted all "Relying party applications", "Rule groups", and "custom IPs".  


    Constantinos Leftheris.

    mercredi 21 mars 2012 15:15


  • In reply to my question:

    I removed the NameIdentity claim from my STS and the problem went away. This error is totaly misleading!!! I sould have got something like your updated FederationMetadata has a problem or something.


    In general do not use the NameIdentifier in your own custom STS without knowing exactly what you are doing. For example I wanted to expose a unique Guid for the user but this is not its purpose as it seems. You can find out more here



    Constantinos Leftheris.

    • Marqué comme réponse Indice mercredi 21 mars 2012 16:02
    mercredi 21 mars 2012 16:02

Toutes les réponses