SharePoint And ADFS: SecurityTokenException – The issuer of the token is not a trusted issuer

This is a pretty common ADFS error, and there are all sorts of reasons that it could happen.

The stack trace will be this:

[code]

Microsoft.SharePoint.IdentityModel.SPTrustedIssuerNameRegistry.GetIssuerName(SecurityToken securityToken)

   at Microsoft.SharePoint.IdentityModel.SPPassiveIssuerNameRegistry.GetIssuerName(SecurityToken securityToken)

   at Microsoft.IdentityModel.Tokens.Saml11.Saml11SecurityTokenHandler.CreateClaims(SamlSecurityToken samlSecurityToken)

   at Microsoft.IdentityModel.Tokens.Saml11.Saml11SecurityTokenHandler.ValidateToken(SecurityToken token)

   at Microsoft.IdentityModel.Web.TokenReceiver.AuthenticateToken(SecurityToken token, Boolean ensureBearerToken, String endpointUri)

   at Microsoft.IdentityModel.Web.WSFederationAuthenticationModule.SignInWithResponseMessage(HttpRequest request)

   at Microsoft.IdentityModel.Web.WSFederationAuthenticationModule.OnAuthenticateRequest(Object sender, EventArgs args)

   at System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()

   at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)

[/code]

At the end of the day though, don’t sit around and fiddle with the SharePoint trusted authorities and yada yada yada, it boils down to a certificate problem. Basically the one that was specified as the signing certificate, when exported during the ADFS setup, is either malformed (the certificate chain is incomplete) or plainwrong wrong when the trusted issuer was being built up in SharePoint ala powershell. So to get around the error follow two pretty basic steps.

  1. Verify the appropriate certificate chain is present on the SharePoint server in both the trusted root authorities as well as in the SharePoint folder within the Certificate MMC snap-in. Never ever, ever delete the self issued ones that SharePoint provisioned within that folder. You will cause a Micheal Bay-spolosion. To verify the chain, just popup open the certificate details within some interface (like, the MMC :) ) doesn’t really matter what and verify that the chain is trusted and existent.
  2. Next, verify that you actually used the right certificate when specifying the certificate path when building the System.Security.Cryptography.X509Certificates.X509Certificate2 object to pass into your SPTrustedIdentityTokenIssuer. This is pretty easy to mess up when troubleshooting if you are swapping certs all over the place.

Both of these are in place, then that error will go away. Not that another won’t popup :)

Share

2010 SharePoint MVP Renewal

Dear Adam Buenz,

Congratulations! We are pleased to present you with the 2010 Microsoft® MVP Award! This award is given to exceptional technical community leaders who actively share their high quality, real world expertise with others. We appreciate your outstanding contributions in SharePoint Services technical communities during the past year.

Yea!

Share

Interpolating Data Points On A Two Dimensional Regular Grid

This was a pain in the ass to figure out. So this method is for basic Bicubic interpolation, a principal based on cubic interpolation, targeted to be called to work with values and derivatives on that plain at any given point. The title of the post kind of says it all.

[cpp]

public: virtual Double __gc* CalcBiCubicInterpolation(Double __gc* __gc [] coeff __gc [], Double __gc* dir1Down, Double __gc* dir1Up, Double __gc* dir2Down, Double __gc* dir2Up, Double __gc* dir1, Double __gc* dir2) __gc []
{
Double __gc* numArray __gc [] = __gc new Double __gc*[0];
try
{
Double __gc* HD1 = 0;
Double __gc* HD2 = 0;
Double __gc* HD3 = 0;
Double __gc* evalDir1 = (dir1Up – dir1Down);
Double __gc* evalDir2 = (dir2Up – dir2Down);
Double __gc* finDirCalc1 = ((dir2Up – dir1Down) / evalDir1);
Double __gc* finDirCalc2 = ((dir2 – dir2Down) / evalDir2);
HD1 = Process(finDirCalc1, HD1, coeff, finDirCalc2, ref HD3, ref HD2);
HD2 /= evalDir1;
HD3 /= evalDir2;
numArray = __gc new Double __gc*[3] {
HD1, HD2, HD3};
}
catch (ArithmeticException __gc* exception)
{
}
return numArray;
}

private: static Double __gc* Process(Double __gc* finDirCalc1, Double __gc* HD1, Double __gc* __gc [] coeff __gc [], Double __gc* finDirCalc2, Double __gc*& HD3, Double __gc*& HD2)
{
for (Int32 __gc* i = 3; (i >= 0); i–)
{
HD1 = (((finDirCalc1 * HD1) + (((((coeff[i][3] * finDirCalc2) + coeff[i][2]) * finDirCalc2) + coeff[i][1]) * finDirCalc2)) + coeff[i][0]);
HD3 = (((finDirCalc1 * HD3) + ((((3 * coeff[i][3]) * finDirCalc2) + (2 * coeff[i][2])) * finDirCalc2)) + coeff[i][1]);
HD2 = (((finDirCalc2 * HD2) + ((((3 * coeff[3][i]) * finDirCalc1) + (2 * coeff[2][i])) * finDirCalc1)) + coeff[1][i]);
}
return HD1;
}

[/cpp]

~~ These are the notes from my N.A. class @ UoM ~~

Share