Microsoft KB Archive Search

Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

  1. Home
  2. Error using the Identity and Access Tool in Visual Studio 2012

Error using the Identity and Access Tool in Visual Studio 2012

View products that this article applies to.

Symptoms

Let’s suppose you want to add claims support to your .NET application and you have the Windows Identity Foundation tool installed.

In Visual Studio 2012, you right click on your project and choose “Identity and Access”. Then, in the Provider tab of the “Identity and Access” windows you choose the option “Use a business identity provider”. A new panel will display allowing you to enter the path to the STS Metadata document. When you click the OK button after having entered the STS Metadata document, a message box opens with the following generic error which causes the metadata import to fail: “userSelection.SecurityTokenServiceMetadata.SecurityTokenServiceDescriptor”.

↑ Back to the top

Cause

If you get such an error message box, it means that the Protocol of the STS Metadata file you are trying to use is not supported by WIF. In most cases the STS Metadata leading to the failure is SAML 2.0 Protocol which is not currently supported by Windows Identity Foundation 1.0 and 2.0.

↑ Back to the top

Resolution

Please note that WIF currently supports only WS-Trust and WS-Federation Protocols. Thus, SAML 2.0 Protocol Metadata is not going to work correctly using WIF.

Therefore, you need to check for the Protocol of the STS Metadata before attempting to use the Metadata file from the “Identity and Access”. To do so, please open the STS Metadata file and look for the keyword “protocolSupportEnumeration”. 

For instance:

If the Metadata is using a WS-Federation Protocol, you should see a line ressembling the following: 

<RoleDescriptor xmlns:fed="http://docs.oasis-open.org/wsfed/federation/200706" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" protocolSupportEnumeration="http://docs.oasis-open.org/wsfed/federation/200706" xsi:type="fed:SecurityTokenServiceType"> 

However, if the STS Metadata is using SAML 2.0 Protocol, you will see something like this:

<IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol" WantAuthnRequestsSigned="false">

↑ Back to the top

Applies to:

↑ Back to the top

Keywords: kb

↑ Back to the top

Article Info
Article ID : 2884655
Revision : 1
Created on : 1/7/2017
Published on : 9/17/2013
Exists online : False
Views : 67