0

i am playing around with the azure free triel and followed this tutorial (http://haishibai.blogspot.de/2012/11/complete-walkthrough-setting-up-adfs-20.html) titled "Setting up a ADFS 2.0 Server on Windows Azure IaaS and Configuring it as an Identity Provider in Windows Azure ACS".

When it comes to starting the MVC Web Application i am confronted with the following in the browser:

An error occurred while processing your request. HTTP Error Code: 400 Message: ACS20000: An error occurred while processing a WS-Federation sign-in request. Inner Message: ACS50001: Relying party with realm 'https://ACS-NAMESPACE.accesscontrol.windows.net/' was not found. Trace ID: 64827ce0-71d2-49bf-996c-aadf23779fc7 Timestamp: 2012-12-13 22:17:12Z

Where ACS-NAMESPACE is the name of my ACS namespace.

I can say that i followed the steps given in the tutorial correctly, as i went through it several times. However, i can not figure our what the problem with my realm specification is.

Note: When i am configuring google or windows live as identity providers in ACS and not ADFS everything works.

Thanks, David

dave
  • 90
  • 10
  • 1
    You've clearly made a mistake if you're seeing this error. The relying party realm configured at ACS should not be your ACS namespace, but instead should be the URI of the relying party website. – Oren Melzer Dec 14 '12 at 00:43
  • That's right, please see my comment to the answer below. – dave Dec 14 '12 at 09:35
  • Which website gave you the error - was it the ad server, or the azure access control site? – Ross Dargan Jan 04 '13 at 00:12

2 Answers2

1

The realm should be the URL of your MVC Web Application not the ACS URL - see http://msdn.microsoft.com/en-us/library/windowsazure/gg185906.aspx#BKMK_1 for an explanation.

viperguynaz
  • 12,044
  • 4
  • 30
  • 41
  • Thanks. i have checked my configuration but could not figure out where the heck the realm is set to this value. In the ACS portal the url of the realm is localhost:4314 as is the return url. In the web.config (pastebin.com/d3rv8Xa2) it is the same. So, is there another way to set the realm? – dave Dec 14 '12 at 10:54
  • That's everywhere the realm could be set. Are you running on localhost:4314 for debugging? – viperguynaz Dec 14 '12 at 17:39
  • Yes, i've tried some other ports without getting another result. The funny part is: When ACS portal and Web.config have the same realm- value (like http://localhost:4314/) i am confronted with the exact same error as above. When they have different values like ACS portal with http://localhost:4314/ and Web.config with http://localhost:7777/ i get the same error message like above but not with the message 'https://ACS-NAMESPACE.accesscontrol.windows.net/ was not found' but with 'http://localhost:7777/ was not found - the realm url in my web.config. But the app runs on this port. – dave Dec 14 '12 at 18:02
1

If the realm is not found on ACS it is probably incorrectly configured as a ServicePrincipal on the WAAD Management service using powershell.

Please check the following and make sure you are configuring the correct ACS Namespace (and not the WAAD Tenant Name):

See if it is listed correctly by using

Get-MsolServicePrincipal

To create another one use following cmds:

$replyUrl = New-MsolServicePrincipalAddresses -Address "https://ACSNAMESPACE.accesscontrol.windows.net/" New-MsolServicePrincipal -ServicePrincipalNames @("https://ACSNAMESPACE.accesscontrol.windows .net/") -DisplayName "ACSNAMESPACE Namespace" -Addresses $replyUrl

emp
  • 4,926
  • 2
  • 38
  • 50