0

I have installed WIF Runtime and WIF SDK v4.0 and created an "ASP.NET Security Token Service Web Site" in Visual Studio 2010 (see this link).

When I run the site, type in any username/password combo, and press "Submit", I get the following exception:

The action < EMPTY > (Request.QueryString['wa']) is unexpected. Expected actions are: 'wsignin1.0' or 'wsignout1.0'.

So a few things:

  • I realize I have no relying party (aka. client application), but is this necessary to test the site?
  • I'm probably missing a few steps (such as creating a client app). What steps am I missing?
kevlar1818
  • 3,055
  • 6
  • 29
  • 43

1 Answers1

2

I have a six part tutorial on writing your custom STS, starting here (first three are enough for you):

http://netpl.blogspot.com/2011/08/adfs-20-quest-for-customizing-adfs-sign.html

http://netpl.blogspot.com/2011/08/quest-for-customizing-adfs-sign-in-web.html

http://netpl.blogspot.com/2011/08/quest-for-customizing-adfs-sign-ing-web.html

In short - yes. You need a RP which redirects to your STS with proper wa (for example wsignin1.0). This is done either with the WSFederationAuthenticationModule or wif:FederatedPassiveSignIn control at the RP side.

Writing your own RP is really easy and I can't think of testing your STS without valid requests from a RP.

Wiktor Zychla
  • 47,367
  • 6
  • 74
  • 106
  • This seems to be very dependent on ADFS, which I will not being using, as in my understanding I can only run ADFS on Windows Server. – kevlar1818 Jun 01 '12 at 17:15
  • Not at all. You have been confused by the title. Just read on 2nd and 3rd part of the tutorial. ADFS stuff starts in part 4. – Wiktor Zychla Jun 01 '12 at 17:16
  • The guide looks very useful. I'll +1 for now and hopefully get something working and accept. – kevlar1818 Jun 01 '12 at 17:21
  • Just ask if you have questions. I cut my teeth on the WS-Federation stuff. – Wiktor Zychla Jun 01 '12 at 17:28
  • So I made an RP site following [this link](http://msdn.microsoft.com/en-us/library/ee517286.aspx), however when I go to view the site I get the exception **ID1060: A SessionAuthenticationModule must be added to the ASP.NET Module Pipeline.**. Any clues? – kevlar1818 Jun 04 '12 at 19:33
  • SessionAuthenticationModule must be added to the ASP.NET Pipeline. That's exactly what they say. If you had followed my tutorial, you would read about it in the 3rd part of it, there's even an excerpt of the web.config showing how to do that. – Wiktor Zychla Jun 04 '12 at 19:41
  • I can see two arguments being used everytime, at least in part 2 of the tutorial. Can you give at least one example where three arguments are passed to `GetCertificate`? – Wiktor Zychla Jun 06 '12 at 13:41
  • Found my issue, deleted my comment. Sorry about that. Also, would you mind if I contacted you via email? – kevlar1818 Jun 06 '12 at 13:44
  • First of all, I cannot find your email on your blog. Could you direct me where to find it? – kevlar1818 Jun 07 '12 at 14:11
  • I am an academic lecturer, my email is publicly available at university web site. You can easily google it. – Wiktor Zychla Jun 07 '12 at 16:16