Authorization workflow registration

Jul 2, 2010 at 9:05 AM
Edited Jul 2, 2010 at 9:32 AM
how to do an authorization workflow registration. Thanks Ravi Lohia
Developer
Jul 2, 2010 at 6:01 PM

Hi Iohia,

You need to register for Password Reset.

This is possible using the default client but there will need to be a lot of code written to make it happen.

I suggest you have user register via the FIM Portal or the FIM client.

 

-Jeremy

Developer
Jul 12, 2010 at 6:35 PM

Could you say...in broad terms...what it would take? People are all over me for this.

Jul 13, 2010 at 5:19 AM

Hi Jeremy,

 

If we go for registration using the FIM pertal or the FIm client, it would just involve the easy use of FIM portal which can be refered using FIM Manual.

 

However, if some wants to develop his own application which can do a similar kind of a job then he can refer the following link:

http://blogs.technet.com/b/aho/archive/2009/11/09/forefront-identity-manager-credential-management-part-4.aspx

Regards,

Ravi Lohia

 

Developer
Jul 21, 2010 at 4:34 PM
This is maddening...this part: 6.To register, Proxy sends a Put request to add the AuthN WF Guid to User.AuthNWFRegistered. 7.This request will trigger the AuthN WF "System Workflow Required for Registration" caused by MPR "General workflow: Registration initiation for authentication activity" and Proxy will receive an AuthNRequiredFault. 8.The AuthN fault contains the endpoint address of STS that the client needs to talk to to obtain a token. Never seems to happen. The AuthN Fault works on the password reset example, but not when you write the AuthN WF GUID to User.AuthNWFRegistered... What am I missing?
Developer
Jul 22, 2010 at 4:50 PM
Edited Aug 3, 2010 at 5:44 PM
I think you need to be authenticated and use the normal Put method to the normal endpoint.
Developer
Jul 23, 2010 at 3:44 PM

I'll give it a shot. THanks...

Developer
Aug 3, 2010 at 5:37 PM

I'm still banging my head against this...maybe I am making it too complicated? @identitynotes...Is the auth done with the default client or by creating an instance of the STS client?

Aug 3, 2010 at 5:45 PM
you need to have an STS client for auth process. The STS client would interact with FIM service and try to get the tokens. Then you can resume the request with the help of default client. Regards, Ravi Lohia
Developer
Aug 3, 2010 at 5:47 PM

I have not tried this myself.

I would put a post on the TechNet forum indicating:

What you are trying to do (register for PW Reset)

What you have tried (Various Puts to the web service)

What you have seen in response

 

Anthony Ho should respond to you with suggestions on how to move forward.

 

Developer
Aug 3, 2010 at 7:26 PM
lohia wrote:
you need to have an STS client for auth process. The STS client would interact with FIM service and try to get the tokens. Then you can resume the request with the help of default client. Regards, Ravi Lohia

 That's what I thought. I am doing that but now I'm getting an error that reads:

Outgoing request message for operation 'RequestSecurityToken' specified Action='http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue', but contract for that operation specifies Action='http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue'. The Action specified in the Message must match the Action in the contract, or the operation contract must specify Action='*'.

Not sure where to go from here...

 

 

 

Developer
Aug 3, 2010 at 7:28 PM
identitynotes wrote:

I have not tried this myself.

I would put a post on the TechNet forum indicating:

What you are trying to do (register for PW Reset)

What you have tried (Various Puts to the web service)

What you have seen in response

 

Anthony Ho should respond to you with suggestions on how to move forward.

 

 I'll give that a try, thanks!

Aug 3, 2010 at 7:34 PM
hi, This issue is not related to STS client. This error is due to some problem in the configuration file that you are using. please confirm the generation of proxy files using "Windows Power shell command prompt" with the help of endpoint address used in the configuration file. regards, Ravi Lohia
Developer
Aug 19, 2010 at 1:01 AM

@lohia --- was going through and running the different powershell scripts, but the script "fim-attribute-values.ps1" always gets stuck at 75%...have you ever seen anything like that? "fim-attribute-names.ps1" ran ok, so did "fim-type-names.ps1".

Coordinator
Aug 19, 2010 at 9:15 AM
identofnoident wrote:

@lohia --- was going through and running the different powershell scripts, but the script "fim-attribute-values.ps1" always gets stuck at 75%...have you ever seen anything like that? "fim-attribute-names.ps1" ran ok, so did "fim-type-names.ps1".

Could be the regular expression that gets stuck parsing the attribute validation string. Try replacing this line in the script:

$should_process = $stringRegex -match "\^\((?<Values>([^|]+\|?)+)\)(?<AllowEmpty>\??)\$"

with this one: 

$should_process = $stringRegex -match "\^\((?<Values>([\w\d-_\s]+\|?)+)\)(?<AllowEmpty>\??)\$"

and let me know if this solves your problem.

Developer
Aug 31, 2010 at 4:31 PM

That got it! Thanks so much!

Developer
Aug 31, 2010 at 8:50 PM

Now, after much gnashing of teeth...I am right back where I started.

I instantiate the default client, find the authn workflow's guid, find the user...then "The endpoint could not dispatch the request.

I can create/modify/delete users, aprovals, etc...All of the unit tests pass. When I instantiate the STS client it is reading the config correctly as regards endpoint, binding, ID, etc. 

Where do you go from there?

Where does the conext for stsClient.BuildRequestSecurityTokenMessage() come from?

I'm assuming I need to use the client.put(changes, false, out puResponse,  token, context) overload to get this to work. Is that the case?

 

 

Developer
Aug 31, 2010 at 9:19 PM

Enable message tracing on the password reset proxy on your client. Initiate a registration via the proxy. Examine the messages to see what you need to do and when.

-Jeremy

From: identofnoident [mailto:notifications@codeplex.com]
Sent: Tuesday, August 31, 2010 12:50 PM
To: jeremy@palenchar.net
Subject: Re: Authorization workflow registration [fim2010client:218116]

From: identofnoident

Now, after much gnashing of teeth...I am right back where I started.

I instantiate the default client, find the authn workflow's guid, find the user...then "The endpoint could not dispatch the request.

I can create/modify/delete users, aprovals, etc...All of the unit tests pass. When I instantiate the STS client it is reading the config correctly as regards endpoint, binding, ID, etc.

Where do you go from there?

Where does the conext for stsClient.BuildRequestSecurityTokenMessage() come from?

I'm assuming I need to use the client.put(changes, false, out puResponse, token, context) overload to get this to work. Is that the case?

Read the full discussion online.

To add a post to this discussion, reply to this email (fim2010client@discussions.codeplex.com)

To start a new discussion for this project, email fim2010client@discussions.codeplex.com

You are receiving this email because you subscribed to this discussion on CodePlex. You can unsubscribe or change your settings on codePlex.com.

Please note: Images and attachments will be removed from emails. Any posts to this discussion will also be available online at codeplex.com

Developer
Sep 1, 2010 at 5:13 PM

After cranking up the logging to verbose on both client and server I have a little more clear idea of what's going on. BUT (you knew that was coming, right?) Now I'm getting System.Runtime.Serialization: System.InvalidOperationException: No corresponding start element is open. 

This turns in to an UnwillingToPerform fault on the client. The stuff I found on the web didn't make a lot of sense for this scenario. In the FIM PC client I saw the AuthN fault, the STS reply stuff...just like anthony's blog post. When I try it with the resourcemanagement client it bombs.

I'm still missing something.

Developer
Sep 18, 2014 at 3:38 PM
Could someone just post some working registration and reset code? Please?