WIF: WIF10201: No valid key mapping found for securityToken:

Issue: WIF10201: No valid key mapping found for securityToken: This exception is observed on a federated application(web app / mvc / asmx / wcf) using WIF pipeline to authenticate the user. Stack: [SecurityTokenValidationException: WIF10201: No valid key mapping found for securityToken: ‘System.IdentityModel.Tokens.X509SecurityToken’ and issuer: ‘LocalSTS’.] System.IdentityModel.Tokens.SamlSecurityTokenHandler.ValidateToken(SecurityToken token) +987 System.IdentityModel.Tokens.SecurityTokenHandlerCollection.ValidateToken(SecurityToken token) +73 System.IdentityModel.Services.TokenReceiver.AuthenticateToken(SecurityToken token, Boolean ensureBearerToken,…

0

WCF: Federating WCF with WIF

Ask: Federate WCF service via WIF   Traditional approach: For normal web app or MVC app, we follow the concept of FedAuth cookie. Client -> Federated Application, gets redirected to STS Client -> STS, get claims Client -> Federated Application validates claims and issue a Fed Auth Cookie. Client -> This time call made with…

0

WCF: Message Security limitation with TLS 1.2 protocol

Issue: WCF Message Security breaks when using or forced to use TLS 1.1 or TLS 1.2 protocol. Re-pro code: https://1drv.ms/f/s!ArgnWb8iHXB6gqcg43hmT5jjbKJ-IA We can disable SSL 3.0 and TLS 1.0 inside server key and we get below failure stack. Failure Stack: 29 clr!IL_Throw+0x184     2a System_IdentityModel_ni!System.IdentityModel.SspiWrapper.AcquireCredentialsHandle(System.String, System.IdentityModel.CredentialUse, System.IdentityModel.SecureCredential)+0xd71ca     2b System_ServiceModel_ni!System.ServiceModel.Security.TlsSspiNegotiation.AcquireDummyCredentials()+0x73     2c System_ServiceModel_ni!System.ServiceModel.Security.TlsSspiNegotiation..ctor(System.String, Boolean, System.IdentityModel.SchProtocols, System.Security.Cryptography.X509Certificates.X509Certificate2,…

0

SSL/TLS – Decrypt the encrypted network traces

Ask: As we know SSL/TLS is encrypted traffic using symmetric keys created during SSL/TLS handshake. Many a time we might need to decrypt this traffic to observe the request/response packets or client certificates being sent. Tools Needed to decrypt the traffic: 1. Network monitor 3.4 – https://www.microsoft.com/en-in/download/details.aspx?id=4865 2. NMDecrypt 2.3.4 – https://nmdecrypt.codeplex.com/ 3. Server Certificate…

0

SSL/TLS – Introduction To CAPI2 Traces

Introduction:CAPI2 traces are part of windows OS and can be enabled from event viewer section. Very useful when we deal with SSL/TLS connectivity or client certificate validation issues. To enable: 1. Open Event Viewer 2. Navigate to Applications and Services Logs -> Microsoft -> Windows -> CAPI2 3. Now, remember that this utility captures all…

0

WCF: Mutual SSL Client Cert Authentication Guide With Sample App

Issue: Challenges while we try to use the SSL Mutual Authentication with Client Certificates for WCF service hosted on IIS.                                                                        …

0

WIF: Long live My Session – Session Authentication Module To Avoid STS Redirect

Issue: We are talking about problem where the SAML Token Validity Time set via custom STS is less (5 minutes) and we want to make sure NOT to redirect user every 5 min to get new SAML token.   Default STS: When we use out of box LocalSTS.exe to create Test STS, the default token validity time…

0

WCF/WIF: JWT Token Validator

Issue: Client > JWT Token -> REST Service -> SOAP Service Steps: ======== 1. User call the REST Web Service (Web API Service) 2. Web API service redirect the client to STS (Token Manager), after presenting the correct credentials. User Get the JWT token. 3. Now Web API makes the call to WCF SOAP Service…

0

WCF: POC for SAML Token Creation and Consumption

WCF: POC for SAML Token Creation and Consumption Agenda: We will understand how we can create a custom SAML token from code and how it can be used to test against a WCF service. Importance: This comes handle when we need to work on Interop scenarios and handle the received SAML tokens from Java Clients….

0