Wednesday, May 23, 2018

ID4014: A SecurityTokenHandler is not registered to read security token error

Getting the following error (Figure 1):

Server Error in '/' Application.

ID4014: A SecurityTokenHandler is not registered to read security token ('Assertion', 'urn:oasis:names:tc:SAML:2.0:assertion').

 Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.IdentityModel.Tokens.SecurityTokenException: ID4014: A SecurityTokenHandler is not registered to read security token ('Assertion', 'urn:oasis:names:tc:SAML:2.0:assertion').

Source Error:

An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

Stack Trace:


[SecurityTokenException: ID4014: A SecurityTokenHandler is not registered to read security token ('Assertion', 'urn:oasis:names:tc:SAML:2.0:assertion').] Microsoft.IdentityModel.Web.TokenReceiver.ReadToken(String tokenXml, XmlDictionaryReaderQuotas readerQuotas) +370 Microsoft.IdentityModel.Web.WSFederationAuthenticationModule.SignInWithResponseMessage(HttpRequest request) +330 Microsoft.IdentityModel.Web.WSFederationAuthenticationModule.OnAuthenticateRequest(Object sender, EventArgs args) +323 Microsoft.SharePoint.IdentityModel.SPFederationAuthenticationModule.OnAuthenticateRequest(Object sender, EventArgs eventArgs) +138 System.Web.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +209 System.Web.HttpApplication.ExecuteStepImpl(IExecutionStep step) +213 System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +91




Version Information: Microsoft .NET Framework Version:4.0.30319; ASP.NET Version:4.7.2623.0 

Figure 1

Here are some facts:

Azure Active Directory ID (Figure 2):

Figure 2



Application “PNG Projects” Object ID (Figure 3)
Figure 3




Again, trying to convert from SAML 2.0 to SAML 1.1 because SharePoint 2013 and 2016 only accept SAML 1.1.



I have the reply populated in Azure AD as https://projects-dev02-extranet.domain.com/_trust/default.aspx


Friday, May 18, 2018

AADSTS70001: Application with identifier

Getting the following error (Figure 1):

Figure 1

Here are some facts:

Azure Active Directory ID (Figure 2):

Figure 2



Application “PNG Projects” Object ID (Figure 3)
Figure 3

SAML Sign-In Information (Figure 4):

Figure 4


PowerShell with SharePoint Snap-In Showing the Token installed (Figure 5)

Installed RAW Certificate PS C:\Windows\system32> Get-SPTrustedRootAuthority "AzureAD"
Get-SPTrustedIdentityTokenIssuer "AzureAD"


Certificate                 : [Subject]
                                CN=Microsoft Azure Federated SSO Certificate
                             
                              [Issuer]
                                CN=Microsoft Azure Federated SSO Certificate
                             
                              [Serial Number]
                                316201B4157F75B444B5876DD1EF36E0
                             
                              [Not Before]
                                5/16/2018 5:13:24 PM
                             
                              [Not After]
                                5/16/2021 5:13:24 PM
                             
                              [Thumbprint]
                                38B1DA740F7D2C8EAD5E95F6F16B9D8XXXXXXXXXXXX
                             
Name                        : AzureAD
TypeName                    : Microsoft.SharePoint.Administration.SPTrustedRootAuthority
DisplayName                 : AzureAD
Id                          : 1f6fa3f9-a67e-4827-bd49-ca5c14e74849
Status                      : Online
Parent                      : SPTrustedRootAuthorityManager
Version                     : 12719405
Properties                  : {}
Farm                        : SPFarm Name=SP_Config
UpgradedPersistedProperties : {}

ProviderSignOutUri            :
DefaultProviderRealm          : urn:sharepoint:projects-dev02.domain.com
ProviderRealms                : {}
ClaimTypes                    : {http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name, http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname, http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname}
HasClaimTypeInformation       : True
ClaimTypeInformation          : {name, GivenName, SurName}
ClaimProviderName             :
UseWReplyParameter            : False
UseWHomeRealmParameter        : False
GroupClaimType                :
RegisteredIssuerName          :
IdentityClaimTypeInformation  : Microsoft.SharePoint.Administration.Claims.SPTrustedClaimTypeInformation
Description                   : SharePoint secured by Azure AD
SigningCertificate            : [Subject]
                                  CN=Microsoft Azure Federated SSO Certificate
                               
                                [Issuer]
                                  CN=Microsoft Azure Federated SSO Certificate
                               
                                [Serial Number]
                                  316201B4157F75B444B5876DD1EF36E0
                               
                                [Not Before]
                                  5/16/2018 5:13:24 PM
                               
                                [Not After]
                                  5/16/2021 5:13:24 PM
                               
                                [Thumbprint]
                                  38B1DA740F7D2C8EAD5E95F6F16B9D8E7D5FB5EB
                                
AdditionalSigningCertificates : {}
MetadataEndPoint              :
IsAutomaticallyUpdated        : False
Name                          : AzureAD
TypeName                      : Microsoft.SharePoint.Administration.Claims.SPTrustedLoginProvider
DisplayName                   : AzureAD
Id                            : 742ae843-6936-4b30-bdae-1321d3907486
Status                        : Online
Parent                        : SPSecurityTokenServiceManager Name=SecurityTokenServiceManager
Version                       : 12719408
Properties                    : {}
Farm                          : SPFarm Name=SP_Config
UpgradedPersistedProperties   : {}

Figure 5

Again, trying to convert from SAML 2.0 to SAML 1.1 because SharePoint 2013 and 2016 only accept SAML 1.1.

Thus back to the issue with the first (Figure 1), This is the correct AppID how come I can getting a failure?



Friday, May 04, 2018

PowerShell 5.0

I have been having lots of trouble with using PowerShell with Azure.  In order to get it running I finally came across the following site for the correct downloads: https://docs.microsoft.com/en-us/powershell/wmf/5.0/requirements

Tuesday, April 17, 2018

IIS Restart to read registry settings

Using NET STOP and NET START commands to force IIS services to re-read the registry




We strongly recommend that all users upgrade to Microsoft Internet Information Services (IIS) version 7.0 running on Microsoft Windows Server 2008. IIS 7.0 significantly increases Web infrastructure security. For more information about IIS security-related topics, visit the following Microsoft Web site: For more information about IIS 7.0, visit the following Microsoft Web site:

Summary


When you make changes to the registry that affect IIS and its dependent services, you must stop and restart those services in order to force them to re-read the registry.

As an alternative to stopping and starting those services using the Services applet in Control Panel, you can use the NET STOP and NET START commands.

More Information


Stopping IISADMIN and its dependent services

To stop all IIS-related services, type NET STOP IISADMIN /Y at a command prompt. This will stop the IIS Admin Service and all dependent services. Below is an example of the output you will see after issuing this command (the dependent services listed on your computer may vary):
The following services are dependent on the IIS Admin Service service.
Stopping the IIS Admin Service service will also stop these services.

   FTP Publishing Service
   Microsoft NNTP Service
   Microsoft SMTP Service
   World Wide Web Publishing Service
 
You will then see a message displayed as each service is successfully stopped.

Starting the IIS-related services

Use the NET START command to restart the IIS-related services you use. For example, to restart the World Wide Web service, type NET START W3SVC.

Determining service names

To determine the service names, start Registry Editor (type Regedit.exe or Regedt32.exe) and go to the following registry key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
Under Services, the service name that works with the NET STOP and NET START commands is listed.

NOTE: For each service, there is also a DisplayName value, which is the name listed in the Services applet in Control Panel and in the messages displayed after the NET STOP and NET START commands are run. However, these Display Names cannot be used as a parameter with the NET STOP and NET START commands.

Common IIS-related services

Service NameDisplay Name
IisadminIIS Admin Service
MsftpsvcFTP Publishing Service
NntpsvcMicrosoft NNTP Service
SmtpsvcMicrosoft SMTP Service
W3svcWorld Wide Web Publishing Service

(c) Microsoft Corporation 2000, All Rights Reserved. Contributions by Kevin Zollman, Microsoft Corporation.

Friday, March 16, 2018

SQL Connection Validation


  1. SQL Server 2014
  2. SQL Server 2014 SP2
  3. Installed SQL Server 2014
    1. Arpit, Rick and Robert are SQL Server Admins
  4. Installed SQLServer 2014 SP2
  5. Configure CLMCRPOC2 SQL Server 2014 to accept incoming remote SQL connections
    1. IP address for CLMCRPOC2 = 10.220.126.188
  6. Open SQL Server Configuration Services
    1. Expand SQL Server Network Configuration
      1. Protocols for MSSQLSERVER and enable TCP/IP
  7. Create a blank file on your desktop name it SQLConnectionTest.udl
  8. Then open and test your connection.

Friday, February 16, 2018

The maximum length of an email address 254

The maximum length of an email address is 254 characters.
Every email address is composed of two parts. The local part that comes before the '@' sign, and the domain part that follows it. In "user@example.com", the local part is "user", and the domain part is "example.com".
The local part must not exceed 64 characters and the domain part cannot be longer than 255 characters.
The combined length of the local + @ + domain parts of an email address must not exceed 254 characters. As described in RFC3696 Errata ID 1690.

Thank you StackOverFlow

Thursday, February 01, 2018

SharePoint 2013 Development from local workstation

A great co-worker showed our team the following NUGET package that allows you to work directly from your work station instead of needing a full SharePoint 2013 Development Environment and I am sure it would work for SharePoint 2016.  See the image below.


Thanks to Joe.