Web Service all of a sudden requiring UPN for the endpoint identity

Nov 1, 2013 at 6:15 PM

I've been doing some modifications to an MVC application that utilizes RM Client to talk to FIM web service, and throughout the process I must have changed something, so now, all of a sudden, I get this error on enumeration calls:

The identity check failed for the outgoing message. The expected identity is 'identity(http://schemas.xmlsoap.org/ws/2005/05/identity/right/possessproperty: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn)' for the 'http://localhost:5725/ResourceManagementService/Enumeration' target endpoint.

We had our web.config endpoints configured like so all along and it was working fine:

<userPrincipalName value="" />
<servicePrincipalName value="FIMService/localhost" />

If I provide a value for the userPrincipalName, then it works, but the application is very large and I don't know how this change to the web.config will affect other areas or potentially custom workflows.

Does someone have any ideas why this could have started happening?

Thank you!
Nov 1, 2013 at 7:27 PM
Nevermind, I think I figured it out. When you have both expected identities specified for the endpoint, it looks for the first one in the list. So commenting out or getting rid of userPrincipalName node will to the job. Really not sure why it worked before with having both nodes in like this.