Issue when trying to add FIM with ADFS custom attribute store.

Nov 7, 2012 at 12:44 PM

Greetings..

We are trying to add custom attribute store that would allow us to fetch attribute values from Forefront Identity Manager and issue them as claims. we have followed the steps mentioned at : http://fimattributestore.codeplex.com/

As instructed first downloaded the zip file :

1)      Have added this three dll files into C:\Program Files\Active Directory Federation Services 2.0 location on ADFS server ADFSSrv ( server running ADFS management tool)

  • Cortego.ADFS.FIMAttributeStore.dll - The attribute store,
  • Microsoft.ResourceManagement.Client.dll - The FIM WS client
  • Microsoft.ResourceManagement.ObjectModel.dll - The FIM WS object model (required by FIM client)

 

2)        Have Configured Custom Attribute Store with name as “FIM” and class name:

Cortego.ADFS.FIMAttributeStore.FIMAttributeStore, Cortego.ADFS.FIMAttributeStore, Version=1.0.0.0

Using ADFS management Snapin

Have also configured relevent optional parameters as instructed:

 

Endpoint :             http://fimsrv01:5725

FIMServiceSPN:     FIMServer/FIMService

UserName:            Administrator

Password:             P@$$w0rd

UserDomain:         FIMServer

 

3)      Have restarted the ADFS service as instructed..

But I test this setup i get the below listed errors in my ADFS eventviewer:

Error 1:

During processing of the Federation Service configuration, the attribute store 'FIM' could not be loaded.

Attribute store type: Cortego.ADFS.FIMAttributeStore.FIMAttributeStore, Cortego.ADFS.FIMAttributeStore, Version=1.0.0.0

 

User Action

If you are using a custom attribute store, verify that the custom attribute store is configured using AD FS 2.0 Management snap-in.

 

Additional Data

The maximum message size quota for incoming messages (524288) has been exceeded. To increase the quota, use the MaxReceivedMessageSize property on the appropriate binding element.

 

 Error 2:

The Federation Service encountered an error while processing the WS-Trust request.

Request type: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue

 

Additional Data

Exception details:

Microsoft.IdentityServer.ClaimsPolicy.Language.PolicyEvaluationException: POLICY0017: Attribute store 'FIM' is not configured.

   at Microsoft.IdentityModel.Threading.AsyncResult.End(IAsyncResult result)

   at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustServiceContract.ProcessCoreAsyncResult.End(IAsyncResult ar)

   at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustServiceContract.EndProcessCore(IAsyncResult ar, String requestAction, String responseAction, String trustNamespace

 

 Error 3:

Encountered error during federation passive request.

 

Additional Data

 

Exception details:

Microsoft.IdentityServer.Web.RequestFailedException: MSIS7012: An error occurred while processing the request. Contact your administrator for details. ---> System.ServiceModel.FaultException: MSIS3127: The specified request failed.

   at Microsoft.IdentityServer.Protocols.WSTrust.WSTrustClientManager.Issue(Message request, WCFResponseData responseData)

   at Microsoft.IdentityServer.Protocols.WSTrust.WSTrustClient.Issue(RequestSecurityToken rst, WCFResponseData responseData)

   at Microsoft.IdentityServer.Web.FederationPassiveAuthentication.SubmitRequest(MSISRequestSecurityToken request)

   --- End of inner exception stack trace ---

   at Microsoft.IdentityServer.Web.FederationPassiveAuthentication.SubmitRequest(MSISRequestSecurityToken request)

   at Microsoft.IdentityServer.Web.FederationPassiveAuthentication.RequestBearerToken(MSISSignInRequestMessage signInRequest, SecurityTokenElement onBehalfOf, SecurityToken primaryAuthToken, String desiredTokenType, Uri& replyTo)

   at Microsoft.IdentityServer.Web.FederationPassiveAuthentication.RequestBearerToken(MSISSignInRequestMessage signInRequest, SecurityTokenElement onBehalfOf, SecurityToken primaryAuthToken, String desiredTokenType, MSISSession& session)

   at Microsoft.IdentityServer.Web.FederationPassiveAuthentication.BuildSignInResponseCoreWithSerializedToken(String signOnToken, WSFederationMessage incomingMessage)

   at Microsoft.IdentityServer.Web.FederationPassiveAuthentication.BuildSignInResponseCoreWithSecurityToken(SecurityToken securityToken, WSFederationMessage incomingMessage)

   at Microsoft.IdentityServer.Web.FederationPassiveAuthentication.BuildSignInResponseForProtocolRequest(FederationPassiveContext federationPassiveContext, SecurityToken securityToken)

   at Microsoft.IdentityServer.Web.FederationPassiveAuthentication.BuildSignInResponse(SecurityToken securityToken)

 

System.ServiceModel.FaultException: MSIS3127: The specified request failed.

   at Microsoft.IdentityServer.Protocols.WSTrust.WSTrustClientManager.Issue(Message request, WCFResponseData responseData)

   at Microsoft.IdentityServer.Protocols.WSTrust.WSTrustClient.Issue(RequestSecurityToken rst, WCFResponseData responseData)

   at Microsoft.IdentityServer.Web.FederationPassiveAuthentication.SubmitRequest(MSISRequestSecurityToken request)

Kindly let me know if any further information is required.

Apprericiate your quick help in this issue.

Regards,

Coordinator
Nov 7, 2012 at 1:06 PM

Hi,

I think you posted on the wrong project page :)

Cheers,
Paolo

Nov 7, 2012 at 1:12 PM

Apologizes my mistake.. Posting now on correct project page…

thanks