Problem about adding additional parameters to request token

Category: azure security

Question

mungkood on Wed, 09 Jan 2013 20:12:18


I configured Rule Groups as bellow picture


An part of whole code is

NameValueCollection values = new NameValueCollection();
values.Add("wrap_name", wrapUsername);
values.Add("wrap_password", wrapPassword);
values.Add("wrap_scope", scope);
values.Add("name", "admin");

byte[] responseBytes = client.UploadValues("WRAPv0.9/", "POST", values);
string response = Encoding.UTF8.GetString(responseBytes);

When I run with this code, I get an error message: The remote server returned an error: (403) Forbidden. I would get a token with a parameter and value that I sent to ACS back. I try to solve the problem following this post [click] but it it is not working.

Help me please.



Replies

Qin Dian Tang - MSFT on Thu, 10 Jan 2013 03:49:50


Hi,

The code seems ok. The parameters have some rules and contraints on them. Please check you have met them. Here is the page for talking about requesting a token from AC, which has a section for "Plaintext Token Requests". You can find these information there:

http://msdn.microsoft.com/en-us/library/windowsazure/ee706734.aspx

Thanks,

mungkood on Thu, 10 Jan 2013 19:38:44


I read the article that you suggest already. 

I try to run with this code to match an issuer with a rule before sending a request token.

 NameValueCollection values = new NameValueCollection();
            values.Add("wrap_name", wrapUsername);
            values.Add("wrap_password", wrapPassword);
            values.Add("wrap_scope", scope);
            values.Add("name", "admin");

            ManagementService svc = ManagementServiceHelper.CreateManagementServiceClient();
            //Issuer issuer = new Issuer() { Name = "https://acstproject.accesscontrol.windows.net" };
            //svc.AddToIssuers(issuer);
            //svc.SaveChanges();
            Issuer issuer = svc.GetIssuerByName("https://acstproject.accesscontrol.windows.net");
            var rule = svc.Rules.Where(r => r.RuleGroup.Name == "Default Rule Group").Single();
            rule.Issuer = issuer;
            svc.SetLink(rule, "Issuer", issuer);
            svc.SaveChanges();
  
            byte[] responseBytes = client.UploadValues("WRAPv0.9/", "POST", values);
            string response = Encoding.UTF8.GetString(responseBytes);

The result of matching the issuer with the rule is

However It still is not working and can not open the rule because the error message:

I am not sure that it must create the issuer and match with the rule before sending the request token or not. What should I do continue? 

Thanks.



Qin Dian Tang - MSFT on Fri, 11 Jan 2013 02:15:05


Hi,

This is the common error 80001. Please refer the action required for this error:

ACS Management Portal Errors

Error HTTP Error Code Message Action required to fix the error

ACS80001

404

This rule is configured to use a Claim Issuer type that is not supported by the management portal. Please use the management service to view and edit this rule.

This error occurs if a rule is configured to use an Issuer that is not an identity provider or the Access Control Service “LOCAL AUTHORITY” issuer. For details on how to use the ACS Management Service, see ACS Management Service.

Thanks,

mungkood on Fri, 11 Jan 2013 07:14:24


OK, I fixed the error message and try to solve adding additional parameters in many way but it still isn't working.

Never mind, I don't worry. I will ignore this issue because I found a new solution in place of the issue.

Now I have following questions:

1. How many maximum service identities associate with one relying application?

2. How many maximum rules can exist in one rule group?

Many thanks.



Qin Dian Tang - MSFT on Fri, 11 Jan 2013 08:12:57


Hi,

Never think about these two questions. I guess there is no maximum number for both.

http://msdn.microsoft.com/en-us/library/windowsazure/gg429776.aspx

Thanks,