Urgent: Not able to Connect to FIM through .Net Code

Jan 2, 2013 at 6:36 AM

We have 2 different machines in same domain.

The FIM service is installed on machine "ECOMDEVFIM02".

The FIM portal is installed on machine "ECOMDEVFIM04".

Using FIM Service Account:

When I use the FIM Service Account to connect to the FIM from my .Net code, by giving the below information as the endpoint address and user principal name in web.config file, I get the error as "The endpoint could not dispatch the request.".

Also, we have added the "svc-efimservice" user in FIM portal, synced the user and also added the user in administrator set.

We are not able to login to the FIM portal using the above service account even when this account is present in the FIM users. Is this account not properly sync and so we are facing the problem?

Endpoint Address:

<endpoint address="http://ECOMDEVFIM02:5725/ResourceManagementService/Resource" binding="wsHttpContextBinding" bindingConfiguration="ServiceMultipleTokenBinding_Resource" contract="Resource" name="ServiceMultipleTokenBinding_Resource">

User Principal Name:

<userPrincipalName value="svc-efimservice@ent.bhicorp.com"/>

FIM Adminstrator Account

When I use the FIM Adminsitrator Account to connect to the FIM from my .Net code, by giving the below information as the endpoint address and user principal name in web.config file, I get the error as "SOAP security negotiation with 'http://ECOMDEVFIM02:5725/ResourceManagementService/Enumeration' for target 'http://ECOMDEVFIM02:5725/ResourceManagementService/Enumeration' failed.".

Also, "efiminstalladmin" user is present in the administrator set. We are able to login to the FIM portal using this user.

Endpoint Address:

<endpoint address="http://ECOMDEVFIM02:5725/ResourceManagementService/Resource" binding="wsHttpContextBinding" bindingConfiguration="ServiceMultipleTokenBinding_Resource" contract="Resource" name="ServiceMultipleTokenBinding_Resource">

User Principal Name:

<userPrincipalName value="bhi-master\efiminstalladmin"/>

Questions:

  1. For connecting to FIM from my .Net code, do I need to use a FIM service account or is it possible to use the administrator account?
  2. Is we can use the administraot account, what are the setting which we need to do?
  3. How do we identify the endpoint address and user principal values?
  4. We had deployed the same code on the machine where FIM portal and sync service was on same machine. We had used the service account (for User Principal Value) to connect to FIM. We had only modified the endpoint addresses and user principal name accordingly and it worked fine there.

  

Jan 8, 2013 at 11:15 AM

You can use the default admin account (The one you used to install FIM Service), it's the easiest to use for debugging/testing, when you are just trying to get through to the service.

If you are doing an enumerate, did you check that your XPath filter is correct?

did you try using the example client from the project solution?