Author: bendewey Date: Tue Jan 19 03:03:44 2010 New Revision: 900653 URL: http://svn.apache.org/viewvc?rev=900653&view=rev Log: JIRA: STONEHENGE-117 Updated StockTrader .net Identity security for metro, Thanks Submitted by: Pablo Cibraro
Modified: incubator/stonehenge/trunk/stocktrader/dotnet/business_service/BusinessServiceConsole/App.config incubator/stonehenge/trunk/stocktrader/dotnet/business_service/BusinessServiceImplementation/TradeService.cs incubator/stonehenge/trunk/stocktrader/dotnet/identity_provider/ActiveStsConsole/App.config incubator/stonehenge/trunk/stocktrader/dotnet/identity_provider/ActiveStsConsole/Program.cs incubator/stonehenge/trunk/stocktrader/dotnet/identity_provider/ActiveStsImplementation/CustomSecurityTokenService.cs incubator/stonehenge/trunk/stocktrader/dotnet/identity_provider/PassiveSts/App_Code/CustomSecurityTokenService.cs incubator/stonehenge/trunk/stocktrader/dotnet/identity_provider/PassiveSts/App_Code/CustomSecurityTokenServiceConfiguration.cs incubator/stonehenge/trunk/stocktrader/dotnet/identity_provider/PassiveSts/Default.aspx.cs incubator/stonehenge/trunk/stocktrader/dotnet/trader_client/Trade/Account.aspx.cs incubator/stonehenge/trunk/stocktrader/dotnet/trader_client/Trade/Web.config Modified: incubator/stonehenge/trunk/stocktrader/dotnet/business_service/BusinessServiceConsole/App.config URL: http://svn.apache.org/viewvc/incubator/stonehenge/trunk/stocktrader/dotnet/business_service/BusinessServiceConsole/App.config?rev=900653&r1=900652&r2=900653&view=diff ============================================================================== --- incubator/stonehenge/trunk/stocktrader/dotnet/business_service/BusinessServiceConsole/App.config (original) +++ incubator/stonehenge/trunk/stocktrader/dotnet/business_service/BusinessServiceConsole/App.config Tue Jan 19 03:03:44 2010 @@ -15,7 +15,7 @@ See the License for the specific language governing permissions and limitations under the License. --> - + <!-- You can change these settings (app.config) before compiling the application, or change these settings in Trade.BusinessServiceHost.Exe.Config before running the application. Changing Trade.BusinessServiceHost.Exe.Config directly requires no re-compilation of the application, as @@ -26,9 +26,9 @@ --> <configuration> <!---THIS IS A CONFIG SERVICE CUSTOM CONFIG SECTION USED TO SPECIFIY individual ServiceEndpoint Identities, when desired--> - + <appSettings> - + <!--Possible values for logger mode: CONSOLE, EVENT_VIEWER--> <add key="LOGGER_MODE" value="CONSOLE"/> <add key="EVENT_LOG" value="Trade Business Services" /> @@ -57,7 +57,7 @@ <add key="PHP_OPSSEC" value="OpsClient_WsHttpBinding_MSec" /> <add key="JAVA_OPS" value="OpsClient_BasicHttpBinding" /> <add key="JAVA_OPSSEC" value="OpsClient_WsHttpBinding_MSec" /> - + <add key="ClientSettingsProvider.ServiceUri" value="" /> <add key="BS_LABEL" value="DOTNET_BS"/> @@ -85,7 +85,7 @@ --> <system.serviceModel> <!--Enables the WCF ServiceModel performance counters for this application.--> - + <!--The <services> section configures the WCF services that the .NET Stock Order Processor will host. Note that StockTrader uses the configuration files only to specify base service names and their bindings. Base addresses and Service/Client endpoints are created programmatically at runtime.--> @@ -94,9 +94,7 @@ Config Service BS Service *********************************************************--> - <diagnostics> - <messageLogging logMalformedMessages="true" logMessagesAtTransportLevel="true" logEntireMessage="true" logMessagesAtServiceLevel="true"/> - </diagnostics> + <services> <service name="Trade.BusinessServiceImplementation.TradeServiceWcf" behaviorConfiguration="BsHost_ServiceBehavior"> @@ -104,13 +102,16 @@ bindingConfiguration="BsHost_FederatedBinding" contract="Trade.BusinessServiceContract.ITradeServices" /> + <endpoint address="Basic" + binding="basicHttpBinding" + contract="Trade.BusinessServiceContract.ITradeServices"/> <endpoint address="Mex" binding="mexHttpBinding" contract="IMetadataExchange" /> - </service> + </service> </services> - - + + <!--******************************************************** Config Service OPS CLIENTS @@ -141,7 +142,7 @@ </client> - + <!--******************************************************** Config Service BINDINGS @@ -158,11 +159,11 @@ <issuerMetadata address="http://localhost:9001/tradeactivests/mex"/> </issuedTokenParameters> </security> - <textMessageEncoding messageVersion="Soap11WSAddressing10"/> + <textMessageEncoding messageVersion="Soap12WSAddressing10"/> <httpTransport/> </binding> </customBinding> - + <!--BEGIN basicHttpBindings--> <basicHttpBinding> <binding name="OpsClient_BasicHttpBinding" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:30:00" sendTimeout="00:1:00" allowCookies="true" bypassProxyOnLocal="true" hostNameComparisonMode="StrongWildcard" maxBufferSize="524288" maxBufferPoolSize="524288" maxReceivedMessageSize="524288" messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered" useDefaultWebProxy="true"> @@ -172,9 +173,9 @@ <message clientCredentialType="Certificate" algorithmSuite="Default" /> </security> </binding> - + </basicHttpBinding> - + <!--BEGIN wsHttpBindings--> <wsHttpBinding> <binding name="OpsClient_WsHttpBinding_MSec"> @@ -183,7 +184,7 @@ </security> </binding> </wsHttpBinding> - + </bindings> @@ -194,13 +195,13 @@ *********************************************************--> <behaviors> <serviceBehaviors> - + <!-- Default BS Host Behavior --> <behavior name="BsHost_ServiceBehavior"> <serviceMetadata httpGetEnabled="true"/> <serviceDebug httpHelpPageEnabled="true" includeExceptionDetailInFaults="true" /> <serviceThrottling maxConcurrentInstances="400" maxConcurrentCalls="400" maxConcurrentSessions="100" /> - + <serviceCredentials> <serviceCertificate findValue="CN=OPS.Com" x509FindType="FindBySubjectDistinguishedName" storeLocation="LocalMachine" storeName="TrustedPeople" /> </serviceCredentials> @@ -217,16 +218,19 @@ <authentication certificateValidationMode="None" revocationMode="NoCheck"/> </serviceCertificate> </clientCredentials> - + </behavior> </endpointBehaviors> </behaviors> - + + <diagnostics> + <messageLogging logEntireMessage="true" logMessagesAtServiceLevel ="true" logMessagesAtTransportLevel="true" logMalformedMessages="true" ></messageLogging> + </diagnostics> </system.serviceModel> <!--<system.diagnostics> <sources> - <source name="System.ServiceModel.MessageLogging" switchValue="All, ActivityTracing"> + <source name="System.ServiceModel.MessageLogging" switchValue="Verbose"> <listeners> <add name="messaging"></add> </listeners> @@ -239,11 +243,11 @@ </source> </sources> <sharedListeners> - <add initializeData="app_messages.svclog" + <add initializeData="app_tracelog.svclog" type="System.Diagnostics.XmlWriterTraceListener, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" name="serviceModel" traceOutputOptions="Timestamp"> </add> - <add initializeData="app_tracelog.svclog" + <add initializeData="app_messages.svclog" type="System.Diagnostics.XmlWriterTraceListener, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" name="messaging" traceOutputOptions="Timestamp"> </add> @@ -251,4 +255,6 @@ <trace autoflush="true"></trace> </system.diagnostics>--> + + </configuration> Modified: incubator/stonehenge/trunk/stocktrader/dotnet/business_service/BusinessServiceImplementation/TradeService.cs URL: http://svn.apache.org/viewvc/incubator/stonehenge/trunk/stocktrader/dotnet/business_service/BusinessServiceImplementation/TradeService.cs?rev=900653&r1=900652&r2=900653&view=diff ============================================================================== --- incubator/stonehenge/trunk/stocktrader/dotnet/business_service/BusinessServiceImplementation/TradeService.cs (original) +++ incubator/stonehenge/trunk/stocktrader/dotnet/business_service/BusinessServiceImplementation/TradeService.cs Tue Jan 19 03:03:44 2010 @@ -240,9 +240,10 @@ { try { - if (userID == null) + string userClaim = GetUserIdClaim(); + if (userClaim != null) { - userID = GetUserIdClaim(); + userID = userClaim; } var configClient = new ConfigServiceClient(); @@ -284,9 +285,10 @@ { try { - if (userID == null) + string userClaim = GetUserIdClaim(); + if (userClaim != null) { - userID = GetUserIdClaim(); + userID = userClaim; } var configClient = new ConfigServiceClient(); @@ -379,9 +381,10 @@ { try { - if (userID == null) + string userClaim = GetUserIdClaim(); + if (userClaim != null) { - userID = GetUserIdClaim(); + userID = userClaim; } StockTraderUtility.Logger.WriteDebugMessage("Getting orders for for " + userID); @@ -423,9 +426,10 @@ { try { - if (userID == null) + string userClaim = GetUserIdClaim(); + if (userClaim != null) { - userID = GetUserIdClaim(); + userID = userClaim; } StockTraderUtility.Logger.WriteDebugMessage("Getting top orders for for " + userID); @@ -467,9 +471,10 @@ { try { - if (userID == null) + string userClaim = GetUserIdClaim(); + if (userClaim != null) { - userID = GetUserIdClaim(); + userID = userClaim; } var configClient = new ConfigServiceClient(); @@ -510,9 +515,10 @@ { try { - if (userID == null) + string userClaim = GetUserIdClaim(); + if (userClaim != null) { - userID = GetUserIdClaim(); + userID = userClaim; } var configClient = new ConfigServiceClient(); @@ -553,9 +559,10 @@ { try { - if (userID == null) + string userClaim = GetUserIdClaim(); + if (userClaim != null) { - userID = GetUserIdClaim(); + userID = userClaim; } var configClient = new ConfigServiceClient(); @@ -860,9 +867,10 @@ /// <param name="orderProcessingMode">Not used, set to zero.</param> public OrderDataModel sell(string userID, int holdingID, int orderProcessingMode) { - if (userID == null) + string userClaim = GetUserIdClaim(); + if (userClaim != null) { - userID = GetUserIdClaim(); + userID = userClaim; } //note, this method always sells entire holding, quantity is not passed in. This is default behavior of WebSphere Trade 6.1 @@ -881,9 +889,10 @@ /// <param name="quantity">Number of shares to sell.</param> public OrderDataModel sellEnhanced(string userID, int holdingID, double quantity) { - if (userID == null) + string userClaim = GetUserIdClaim(); + if (userClaim != null) { - userID = GetUserIdClaim(); + userID = userClaim; } return placeOrder(StockTraderUtility.ORDER_TYPE_SELL_ENHANCED, userID, holdingID, null, quantity); @@ -900,9 +909,10 @@ ///<param name="orderProcessingMode">Not used.</param> public OrderDataModel buy(string userID, string symbol, double quantity, int orderProcessingMode) { - if (userID == null) + string userClaim = GetUserIdClaim(); + if (userClaim != null) { - userID = GetUserIdClaim(); + userID = userClaim; } return placeOrder(StockTraderUtility.ORDER_TYPE_BUY, userID, 0, symbol, quantity); @@ -925,9 +935,10 @@ { try { - if (userID == null) + string userClaim = GetUserIdClaim(); + if (userClaim != null) { - userID = GetUserIdClaim(); + userID = userClaim; } OrderDataModel order = null; @@ -1235,16 +1246,16 @@ IClaimsIdentity identity = (IClaimsIdentity)claimsPrincipal.Identity; Claim claim = identity.Claims - .Where(c => c.ClaimType == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifier") + .Where(c => c.ClaimType == System.IdentityModel.Claims.ClaimTypes.NameIdentifier) .FirstOrDefault(); if (claim != null) { - return claim.Value; + return claim.Value.Split('@')[0]; } } - throw new Exception("The profile id claim was not provided by the Active STS"); + return null; } } } \ No newline at end of file Modified: incubator/stonehenge/trunk/stocktrader/dotnet/identity_provider/ActiveStsConsole/App.config URL: http://svn.apache.org/viewvc/incubator/stonehenge/trunk/stocktrader/dotnet/identity_provider/ActiveStsConsole/App.config?rev=900653&r1=900652&r2=900653&view=diff ============================================================================== --- incubator/stonehenge/trunk/stocktrader/dotnet/identity_provider/ActiveStsConsole/App.config (original) +++ incubator/stonehenge/trunk/stocktrader/dotnet/identity_provider/ActiveStsConsole/App.config Tue Jan 19 03:03:44 2010 @@ -23,10 +23,7 @@ <clear/> <add type="Microsoft.IdentityModel.Tokens.Saml11.Saml11SecurityTokenHandler, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" /> </securityTokenHandlers> - <issuerNameRegistry type="Microsoft.IdentityModel.Tokens.ConfigurationBasedIssuerNameRegistry, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"> - <trustedIssuers> - <add thumbprint="FA0F58BB605FA43369E279E8F9088872FDE09943" name="CN=OPS.Com" /> - </trustedIssuers> + <issuerNameRegistry type="Trade.Utility.SimpleIssuerNameRegistry, Trade.Utility"> </issuerNameRegistry> </service> </microsoft.identityModel> @@ -72,12 +69,12 @@ <!--<system.diagnostics> <sources> - <source name="System.ServiceModel.MessageLogging" switchValue="All, ActivityTracing"> + <source name="System.ServiceModel.MessageLogging" switchValue="Verbose, ActivityTracing"> <listeners> <add name="messaging"></add> </listeners> </source> - <source name="System.ServiceModel" switchValue="Warning, ActivityTracing" + <source name="System.ServiceModel" switchValue="Verbose, ActivityTracing" propagateActivity="true"> <listeners> <add name="serviceModel"></add> @@ -87,11 +84,11 @@ <sharedListeners> <add initializeData="app_messages.svclog" type="System.Diagnostics.XmlWriterTraceListener, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" - name="serviceModel" traceOutputOptions="Timestamp"> + name="messaging" traceOutputOptions="Timestamp"> </add> <add initializeData="app_tracelog.svclog" type="System.Diagnostics.XmlWriterTraceListener, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" - name="messaging" traceOutputOptions="Timestamp"> + name="serviceModel" traceOutputOptions="Timestamp"> </add> </sharedListeners> <trace autoflush="true"></trace> Modified: incubator/stonehenge/trunk/stocktrader/dotnet/identity_provider/ActiveStsConsole/Program.cs URL: http://svn.apache.org/viewvc/incubator/stonehenge/trunk/stocktrader/dotnet/identity_provider/ActiveStsConsole/Program.cs?rev=900653&r1=900652&r2=900653&view=diff ============================================================================== --- incubator/stonehenge/trunk/stocktrader/dotnet/identity_provider/ActiveStsConsole/Program.cs (original) +++ incubator/stonehenge/trunk/stocktrader/dotnet/identity_provider/ActiveStsConsole/Program.cs Tue Jan 19 03:03:44 2010 @@ -35,9 +35,11 @@ SecurityTokenServiceConfiguration config = new SecurityTokenServiceConfiguration(issuerName); config.SecurityTokenHandlers.AddOrReplace(new CustomUsernameTokenHandler()); config.SecurityTokenService = typeof(CustomSecurityTokenService); + SecurityTokenHandlerCollection actAsHandlerCollection = config.SecurityTokenHandlerCollectionManager[SecurityTokenHandlerCollectionManager.Usage.ActAs]; actAsHandlerCollection.Configuration.AudienceRestriction.AudienceMode = AudienceUriMode.Never; + actAsHandlerCollection.Configuration.IssuerNameRegistry = new SimpleIssuerNameRegistry(); string shortHostName = System.Net.Dns.GetHostName(); IPHostEntry myEntry = System.Net.Dns.GetHostEntry(shortHostName); Modified: incubator/stonehenge/trunk/stocktrader/dotnet/identity_provider/ActiveStsImplementation/CustomSecurityTokenService.cs URL: http://svn.apache.org/viewvc/incubator/stonehenge/trunk/stocktrader/dotnet/identity_provider/ActiveStsImplementation/CustomSecurityTokenService.cs?rev=900653&r1=900652&r2=900653&view=diff ============================================================================== --- incubator/stonehenge/trunk/stocktrader/dotnet/identity_provider/ActiveStsImplementation/CustomSecurityTokenService.cs (original) +++ incubator/stonehenge/trunk/stocktrader/dotnet/identity_provider/ActiveStsImplementation/CustomSecurityTokenService.cs Tue Jan 19 03:03:44 2010 @@ -28,7 +28,8 @@ // Setup our certificate the STS is going to use to sign the issued tokens configuration.SigningCredentials = new X509SigningCredentials( - CertificateUtil.GetCertificate(StoreName.TrustedPeople, StoreLocation.LocalMachine, signingCertificate)); + CertificateUtil.GetCertificate(StoreName.TrustedPeople, StoreLocation.LocalMachine, signingCertificate), + "http://www.w3.org/2000/09/xmldsig#rsa-sha1", "http://www.w3.org/2000/09/xmldsig#sha1"); } /// <summary> Modified: incubator/stonehenge/trunk/stocktrader/dotnet/identity_provider/PassiveSts/App_Code/CustomSecurityTokenService.cs URL: http://svn.apache.org/viewvc/incubator/stonehenge/trunk/stocktrader/dotnet/identity_provider/PassiveSts/App_Code/CustomSecurityTokenService.cs?rev=900653&r1=900652&r2=900653&view=diff ============================================================================== --- incubator/stonehenge/trunk/stocktrader/dotnet/identity_provider/PassiveSts/App_Code/CustomSecurityTokenService.cs (original) +++ incubator/stonehenge/trunk/stocktrader/dotnet/identity_provider/PassiveSts/App_Code/CustomSecurityTokenService.cs Tue Jan 19 03:03:44 2010 @@ -116,7 +116,7 @@ // Set the ReplyTo address for the WS-Federation passive protocol (wreply). This is the address to which responses will be directed. scope.ReplyToAddress = scope.AppliesToAddress; - + return scope; } @@ -153,8 +153,23 @@ outputIdentity.Claims.Add(new Claim("http://microsoft/role", "staff")); outputIdentity.Claims.Add(new Claim(ClaimTypes.AuthenticationMethod, "http://microsoft/geneva")); outputIdentity.Claims.Add(new Claim(ClaimTypes.AuthenticationInstant, XmlConvert.ToString(DateTime.Now, XmlDateTimeSerializationMode.Utc))); + return outputIdentity; } + //protected override RequestSecurityTokenResponse GetResponse(RequestSecurityToken request, Microsoft.IdentityModel.Tokens.SecurityTokenDescriptor tokenDescriptor) + //{ + // RequestSecurityTokenResponse response = base.GetResponse(request, tokenDescriptor); + + // response.Lifetime = null; + // response.RequestedAttachedReference = null; + // response.RequestedUnattachedReference = null; + // response.TokenType = null; + // response.RequestType = null; + // response.KeyType = null; + + // return response; + //} + } Modified: incubator/stonehenge/trunk/stocktrader/dotnet/identity_provider/PassiveSts/App_Code/CustomSecurityTokenServiceConfiguration.cs URL: http://svn.apache.org/viewvc/incubator/stonehenge/trunk/stocktrader/dotnet/identity_provider/PassiveSts/App_Code/CustomSecurityTokenServiceConfiguration.cs?rev=900653&r1=900652&r2=900653&view=diff ============================================================================== --- incubator/stonehenge/trunk/stocktrader/dotnet/identity_provider/PassiveSts/App_Code/CustomSecurityTokenServiceConfiguration.cs (original) +++ incubator/stonehenge/trunk/stocktrader/dotnet/identity_provider/PassiveSts/App_Code/CustomSecurityTokenServiceConfiguration.cs Tue Jan 19 03:03:44 2010 @@ -50,7 +50,8 @@ public CustomSecurityTokenServiceConfiguration() : base( WebConfigurationManager.AppSettings[Common.IssuerName], - new X509SigningCredentials(CertificateUtil.GetCertificate(StoreName.TrustedPeople, StoreLocation.LocalMachine, WebConfigurationManager.AppSettings[Common.SigningCertificateName]))) + new X509SigningCredentials(CertificateUtil.GetCertificate(StoreName.TrustedPeople, StoreLocation.LocalMachine, WebConfigurationManager.AppSettings[Common.SigningCertificateName]), + "http://www.w3.org/2000/09/xmldsig#rsa-sha1", "http://www.w3.org/2000/09/xmldsig#sha1")) { this.SecurityTokenService = typeof(CustomSecurityTokenService); } Modified: incubator/stonehenge/trunk/stocktrader/dotnet/identity_provider/PassiveSts/Default.aspx.cs URL: http://svn.apache.org/viewvc/incubator/stonehenge/trunk/stocktrader/dotnet/identity_provider/PassiveSts/Default.aspx.cs?rev=900653&r1=900652&r2=900653&view=diff ============================================================================== --- incubator/stonehenge/trunk/stocktrader/dotnet/identity_provider/PassiveSts/Default.aspx.cs (original) +++ incubator/stonehenge/trunk/stocktrader/dotnet/identity_provider/PassiveSts/Default.aspx.cs Tue Jan 19 03:03:44 2010 @@ -22,6 +22,7 @@ using Microsoft.IdentityModel.SecurityTokenService; using Microsoft.IdentityModel.Web; using System.Globalization; +using Microsoft.IdentityModel.Protocols.WSTrust; namespace Trade.PassiveStsWeb { @@ -47,7 +48,9 @@ if (User != null && User.Identity != null && User.Identity.IsAuthenticated) { SecurityTokenService sts = new CustomSecurityTokenService(CustomSecurityTokenServiceConfiguration.Current); - SignInResponseMessage responseMessage = FederatedPassiveSecurityTokenServiceOperations.ProcessSignInRequest(requestMessage, User, sts); + SignInResponseMessage responseMessage = FederatedPassiveSecurityTokenServiceOperations.ProcessSignInRequest(requestMessage, User, sts, + new WSFederationSerializer(new WSTrustFeb2005RequestSerializer(), new WSTrustFeb2005ResponseSerializer())); + FederatedPassiveSecurityTokenServiceOperations.ProcessSignInResponse(responseMessage, Response); } else Modified: incubator/stonehenge/trunk/stocktrader/dotnet/trader_client/Trade/Account.aspx.cs URL: http://svn.apache.org/viewvc/incubator/stonehenge/trunk/stocktrader/dotnet/trader_client/Trade/Account.aspx.cs?rev=900653&r1=900652&r2=900653&view=diff ============================================================================== --- incubator/stonehenge/trunk/stocktrader/dotnet/trader_client/Trade/Account.aspx.cs (original) +++ incubator/stonehenge/trunk/stocktrader/dotnet/trader_client/Trade/Account.aspx.cs Tue Jan 19 03:03:44 2010 @@ -25,6 +25,10 @@ using Trade.StockTraderWebApplicationModelClasses; using Trade.StockTraderWebApplicationSettings; using Trade.Utility; +using Microsoft.IdentityModel.Claims; +using System.Threading; +using System.IdentityModel.Tokens; +using Microsoft.IdentityModel.Web; namespace Trade.Web { Modified: incubator/stonehenge/trunk/stocktrader/dotnet/trader_client/Trade/Web.config URL: http://svn.apache.org/viewvc/incubator/stonehenge/trunk/stocktrader/dotnet/trader_client/Trade/Web.config?rev=900653&r1=900652&r2=900653&view=diff ============================================================================== --- incubator/stonehenge/trunk/stocktrader/dotnet/trader_client/Trade/Web.config (original) +++ incubator/stonehenge/trunk/stocktrader/dotnet/trader_client/Trade/Web.config Tue Jan 19 03:03:44 2010 @@ -97,7 +97,8 @@ <customBinding> <binding name="BsClient_FederatedBinding"> <security authenticationMode="IssuedTokenForCertificate" - messageSecurityVersion="WSSecurity11WSTrust13WSSecureConversation13WSSecurityPolicy12BasicSecurityProfile10"> + messageSecurityVersion="WSSecurity11WSTrust13WSSecureConversation13WSSecurityPolicy12BasicSecurityProfile10" + > <issuedTokenParameters keyType="SymmetricKey" tokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1"> <issuer address="http://localhost:9001/tradeactivests" binding="customBinding" bindingConfiguration="stsBinding"> <identity> @@ -108,7 +109,7 @@ <issuerMetadata address="http://localhost:9001/tradeactivests/mex"/> </issuedTokenParameters> </security> - <textMessageEncoding messageVersion="Soap11WSAddressing10"/> + <textMessageEncoding messageVersion="Soap12WSAddressing10"/> <httpTransport/> </binding> <binding name="stsBinding"> @@ -239,12 +240,12 @@ </modules> </system.webServer> <microsoft.identityModel> - <service> + <service saveBootstrapTokens="true"> <audienceUris mode="Never"> <add value="http://localhost/trade/"/> </audienceUris> <federatedAuthentication> - <wsFederation passiveRedirectEnabled="true" issuer="http://idp.stonehenge.com/trade_identity/" realm="http://localhost/trade/" requireHttps="false"/> + <wsFederation passiveRedirectEnabled="true" issuer="http://localhost/trade_identity" realm="http://localhost/trade/Default.aspx" requireHttps="false"/> <cookieHandler requireSsl="false"/> </federatedAuthentication> <issuerNameRegistry type="Microsoft.IdentityModel.Tokens.ConfigurationBasedIssuerNameRegistry, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35">