I've a custom STS having active federation endpoint that works well on local box. Local Url is "https://localhost/CustomIDP/Service.svc"
After hosting on Azure on the final step of acquiring SAML token I am getting the following error while acquiring token from STS:
[System.ServiceModel.CommunicationException] {"An error occurred while receiving the HTTP response to "https://mysts.cloudapp.net/Service.svc". This could be due to the service endpoint binding not using the HTTP protocol. This could also be due to an HTTP request context being aborted by the server (possibly due to the service shutting down). See server logs for more details."}
InnerException: [System.Net.WebException]: {"The underlying connection was closed: An unexpected error occurred on a receive."}
InnerException: [System.IO.IOException]:{"Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host."}
InnerException: [System.Net.Sockets.SocketException]: {"An existing connection was forcibly closed by the remote host"}: at System.Net.Sockets.Socket.Receive(Byte[] buffer, Int32 offset, Int32 size, SocketFlags socketFlags) at System.Net.Sockets.NetworkStream.Read(Byte[] buffer, Int32 offset, Int32 size)
Appreciate any inputs. Please find below the code snippet used for calling the STS for acquiring SAML token. The error occurs at channel.Issue statement.
using (var factory = new WSTrustChannelFactory(
new UserNameWSTrustBinding(SecurityMode.TransportWithMessageCredential),
new EndpointAddress(new Uri(stsEndpoint))))
{
factory.Credentials.UserName.UserName = username;
factory.Credentials.UserName.Password = password;
factory.TrustVersion = TrustVersion.WSTrust13;
WSTrustChannel channel = null;
try
{
var rst = new RequestSecurityToken
{
RequestType = WSTrust13Constants.RequestTypes.Issue,
AppliesTo = new EndpointAddress(realm),
KeyType = KeyTypes.Bearer,
};
channel = (WSTrustChannel)factory.CreateChannel();
return channel.Issue(rst);
}
finally
{
if (channel != null)
{
channel.Abort();
}
factory.Abort();
}
}
Service Configuration for STS service hosted on Azure:
<system.serviceModel>
<services>
<service name="Microsoft.IdentityModel.Protocols.WSTrust.WSTrustServiceContract" behaviorConfiguration="ServiceBehavior">
<endpoint address="" binding="ws2007HttpBinding" contract="Microsoft.IdentityModel.Protocols.WSTrust.IWSTrust13SyncContract" bindingConfiguration="ws2007HttpBindingConfiguration"/>
<endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange" />
</service>
</services>
<bindings>
<ws2007HttpBinding>
<binding name="ws2007HttpBindingConfiguration">
<security mode="TransportWithMessageCredential">
<message clientCredentialType="UserName" establishSecurityContext="false" />
</security>
</binding>
</ws2007HttpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior name="ServiceBehavior">
<serviceMetadata httpsGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="false" />
<serviceCredentials>
<serviceCertificate x509FindType="FindByThumbprint" findValue="[thumbprint]" storeLocation="LocalMachine" storeName="My" />
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
<microsoft.identityModel>
<service>
<!-- User name and password are not authenticated by windows authentication but a custom verification is done -->
<securityTokenHandlers>
<remove type="Microsoft.IdentityModel.Tokens.WindowsUserNameSecurityTokenHandler, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
<add type="ActiveIdPSite.CustomUserNameSecurityTokenHandler, ActiveIdPSite" />
</securityTokenHandlers>
<serviceCertificate>
<certificateReference x509FindType="FindByThumbprint" findValue="[thumbprint]" storeLocation="LocalMachine" storeName="My" />
</serviceCertificate>
<certificateValidation certificateValidationMode="None" />
</service>
</microsoft.identityModel>
