Friday, February 29, 2008

Bug: You may receive a WSE590 exception in Web Services Enhancements 3.0 for Microsoft .NET when you try to implement OASIS Web Services Security 1.0

I have encountered with this error with WSE 3.0: You may receive a WSE590 exception in Web Services Enhancements 3.0 for Microsoft .NET when you try to implement OASIS Web Services Security 1.0.

The proposal solution is set KeyIdentifier myKeyIdentifier = new KeyIdentifier("MIGfMa0GCSq");

I was using MutualCertificate11Assertion and for that, I take advantage that this assertion uses an X509Certificate.

I propose a better and cleaner solution:

1) In our Assertion class, we inherit directly from MutualCertificate11Assertion.
2) In our Filter class:
2.1) A private X509Certificate2 attribute (_certificate).
2.2) In constructor declaration, add a X509Certificate2 parameter (certificate).
2.3) Inside constructor, set _certificate = certificate.
2.4) Instead of KeyIdentifier myKeyIdentifier = ... line, set KeyIdentifier myKeyIdentifier = new KeyIdentifier(System.Convert.ToBase64String(_certificate.GetCertHash()));
3) From our Assertion class, pass this.ServiceX509TokenProvider.GetToken ().Certificate to the Filter class constructor.

Thursday, February 21, 2008

Changing SSO Master Secret Server from one Server to another

If we want to change Master Secret Server from their current server to another, we have to execute on current Master Secret Server (Server1):

"C:\Program Files\Common Files\Enterprise Single Sign-On\ssoconfig.exe" -backupsecret ssosecret.bkp

Create on the new Master Secret Server (Server2) an XML file (ssoserver.xml) with this content:

<sso><globalInfo><secretServer>SERVER2</secretServer></globalInfo></sso>

And execute:

"C:\Program Files\Common Files\Enterprise Single Sign-On\ssomanage.exe" -updatedb ssoserver.xml

Then execute:

"C:\Program Files\Common Files\Enterprise Single Sign-On\ssoconfig.exe" -restoreSecret ssosecret.bkp

And finally, you can test that is correct executing a backupsecret on each server.

Here is a complete sequence:

Server 1
C:\>"c:\Program Files\Common Files\Enterprise Single
Sign-On\ssoconfig" -backupsecret ssobackupsecret.bkp
Password : ***********
Confirm Password : ***********
Password reminder : Reminder
The operation completed successfully.

Server 2

D:\>"c:\Program Files\Common Files\Enterprise Single Sign-On\ssomanage.
exe" -updatedb ssoserver.xml
Using SSO server on this computer

Updated SSO global information with the following values -

SSO secret server name : SERVER2
SSO Admin account name : NOT CHANGED
SSO Affiliate Admin account name : NOT CHANGED


D:\>"c:\Program Files\Common Files\Enterprise Single Sign-On\ssoconfig.
exe" -restoreSecret ssobackupsecret.bkp
Password reminder : Reminder
Password : ***********
The operation completed successfully.

Server 1

C:\>"c:\Program Files\Common Files\Enterprise Single
Sign-On\ssoconfig" -backupsecret ssobackupsecret2.bkp
ERROR: Secrets can only be backed up on the master secret server.
ERROR: 0xC0002A0E : This function can only be performed on the master secret ser
ver.