Nameidentifier claims is no longer in the token issued by Access Control Service(ACS) with newly created ACS

Similar Messages

• What can I do if I no longer have the security issues would.

  What can I do if I no longer have the security issues would.

  I don't know what you are trying to ask ?

• SharePoint Provider Hosted App (401) Unauthorized Microsoft.SharePoint.SPException: The Azure Access Control service is unavailable

  Hello,
  I'm attempting to get a SharePoint 2013 Provider Hosted Application working in a brand new SharePoint environment.  I've created snapshots of both my dev and the sharepoint environments along the way and have meticulously documented every step of the
  way.  I've followed these instructions (among many other resources found along this journey) :
  http://msdn.microsoft.com/en-us/library/fp179923(office.15).aspx
  http://technet.microsoft.com/en-us/library/fp161236(office.15).aspx
  http://msdn.microsoft.com/library/office/fp179901%28v=office.15%29
  Upon package and publish of my application to SharePoint, I get a 401 Unauthorized error.  I use Fiddler to obtain the SPErrorCorrelationID to ultimately obtain the following ULS Viewer Output.  Please explain how to fix if you're able.
  Please Note:  I was under the impression that a Provider Hosted Application does not use the Azure Access Control service, so I'm confused as to why my system is attempting to make this connection?
  Also Note:  I've used a self signed and godday obtained certificate to successfully f5 debug my basic web.title (out of the visual studio 2012 box) sharepoint provider hosted application... so I know my certs are good.
  Here's my ULS output:
  03/24/2014 08:54:47.83    w3wp.exe (0x1448)    0x22D8    SharePoint Foundation    Logging Correlation Data    xmnv    Medium    Name=Request (GET:http://portal.cltenet.com/_layouts/15/appredirect.aspx?instance_id=22d5252f%2D392c%2D4f68%2Db820%2Da3053b9d4f24)  
   306c809c-66a1-d0d5-d8e2-89d3631ce1bf
  03/24/2014 08:54:47.83    w3wp.exe (0x1448)    0x22D8    SharePoint Foundation    Authentication Authorization    agb9s    Medium    Non-OAuth request.
  IsAuthenticated=True, UserIdentityName=0#.w|cltenet\sp.apps, ClaimsCount=25    306c809c-66a1-d0d5-d8e2-89d3631ce1bf
  03/24/2014 08:54:47.83    w3wp.exe (0x1448)    0x22D8    SharePoint Foundation    Logging Correlation Data    xmnv    Medium    Site=/    306c809c-66a1-d0d5-d8e2-89d3631ce1bf
  03/24/2014 08:54:47.84    w3wp.exe (0x1448)    0x22D8    SharePoint Foundation    App Deployment    acjjg    Medium    The current user has System.Threading.Thread.CurrentPrincipal.Identity.Name
  = 0#.w|cltenet\sp.apps, System.Security.Principal.WindowsIdentity.GetCurrent().Name = NT AUTHORITY\IUSR, System.Web.HttpContext.Current.User.Identity.Name = 0#.w|cltenet\sp.apps.    306c809c-66a1-d0d5-d8e2-89d3631ce1bf
  03/24/2014 08:54:47.84    w3wp.exe (0x1448)    0x22D8    SharePoint Foundation    App Auth    ajsrv    Medium    redirectLaunUrl after getting it from query
  string, web or app instance: https://hightrust31.cltenetapps.com/Pages/Default.aspx?{StandardTokens}    306c809c-66a1-d0d5-d8e2-89d3631ce1bf
  03/24/2014 08:54:47.85    w3wp.exe (0x1448)    0x22D8    SharePoint Foundation    General    aib0n    High    trying to get app tokens for site: 888b71f7-51ee-40f5-8344-8de4869d37d0
  Unable to load app tokens from appInstanceId: 22d5252f-392c-4f68-b820-a3053b9d4f24    306c809c-66a1-d0d5-d8e2-89d3631ce1bf
  03/24/2014 08:54:47.85    w3wp.exe (0x1448)    0x22D8    SharePoint Foundation    App Auth    ajsrw    Medium    redirectLaunUrl after getting token replacement:
  https://hightrust31.cltenetapps.com/Pages/Default.aspx?SPHostUrl=http%3A%2F%2Fportal%2Ecltenet%2Ecom&SPLanguage=en%2DUS&SPClientTag=0&SPProductNumber=15%2E0%2E4420%2E1017    306c809c-66a1-d0d5-d8e2-89d3631ce1bf
  03/24/2014 08:54:47.85    w3wp.exe (0x1448)    0x22D8    SharePoint Foundation    App Auth    ajsry    Medium    m_oauthAppId after NormalizeAppIdentifier()
  i:0i.t|ms.sp.ext|[email protected]8df36d5d.  Now getting app principal info.    306c809c-66a1-d0d5-d8e2-89d3631ce1bf
  03/24/2014 08:54:47.85    w3wp.exe (0x1448)    0x22D8    SharePoint Foundation    App Auth    ajsr0    Medium    decided that we need to do a POST to the
  app.    306c809c-66a1-d0d5-d8e2-89d3631ce1bf
  03/24/2014 08:54:47.85    w3wp.exe (0x1448)    0x22D8    SharePoint Foundation    App Auth    ajsr1    Medium    m_redirectMessage: EndpointAuthorityMatches  
   306c809c-66a1-d0d5-d8e2-89d3631ce1bf
  03/24/2014 08:54:47.85    w3wp.exe (0x1448)    0x22D8    SharePoint Foundation    App Auth    ajsr2    Medium    realm matched attempting to get app token
  using GetAccessToken()    306c809c-66a1-d0d5-d8e2-89d3631ce1bf
  03/24/2014 08:54:47.85    w3wp.exe (0x1448)    0x22D8    SharePoint Foundation    App Auth    advzm    High    Error when get token for app i:0i.t|ms.sp.ext|[email protected]8df36d5d,
  exception: Microsoft.SharePoint.SPException: The Azure Access Control service is unavailable.     at Microsoft.SharePoint.ApplicationServices.SPApplicationContext.GetApplicationSecurityTokenServicesUri(SPServiceContext serviceContext)    
  at Microsoft.SharePoint.ApplicationServices.SPApplicationContext..ctor(SPServiceContext serviceContext, SPIdentityContext userIdentity, OAuth2EndpointIdentity applicationEndPoint)     at Microsoft.SharePoint.SPSecurityContext.SecurityTokenForApplicationContext(SPIdentityContext
  userIdentityContext, String applicationId, Uri applicationRealm, SPApplicationContextAccessTokenType applicationTokenType, SPApplicationDelegationConsentType consentValue)     at Microsoft.SharePoint.SPServerToAppServerAccessTokenManager.GetAccessTokenPrivate(SPServiceContext
  serviceContext, String appId, Uri appEndpointUrl, SPAppPrincipalInfo appPrincipal, SPApplicationContextAccessTokenType tokenType, Boolean useThreadIdentity, SPUserToken userToken)    306c809c-66a1-d0d5-d8e2-89d3631ce1bf
  03/24/2014 08:54:47.85    w3wp.exe (0x1448)    0x22D8    SharePoint Foundation    App Auth    ajsr3    High    App token requested from appredirect.aspx
  for site: 888b71f7-51ee-40f5-8344-8de4869d37d0 but there was an error in generating it.  This may be a case when we do not need a token or when the app principal was not properly set up.  LaunchUrl:https://hightrust31.cltenetapps.com/Pages/Default.aspx?SPHostUrl=http://portal.cltenet.com&SPLanguage=en-US&SPClientTag=0&SPProductNumber=15.0.4420.1017
  Exception Message:The Azure Access Control service is unavailable.  Stacktrace:    at Microsoft.SharePoint.ApplicationServices.SPApplicationContext.GetApplicationSecurityTokenServicesUri(SPServiceContext serviceContext)    
  at Microsoft.SharePoint.ApplicationServices.SPApplicationContext..ctor(SPServiceContext serviceContext, SPIdentityContext userIdentity, OAuth2EndpointIdentity applicationEndPoint)     at Microsoft.SharePoint.SPSecurityContext.SecurityTokenForApplicationContext(SPIdentityContext
  userIdentityContext, String applicationId, Uri applicationRealm, SPApplicationContextAccessTokenType applicationTokenType, SPApplicationDelegationConsentType consentValue)     at Microsoft.SharePoint.SPServerToAppServerAccessTokenManager.GetAccessTokenPrivate(SPServiceContext
  serviceContext, String appId, Uri appEndpointUrl, SPAppPrincipalInfo appPrincipal, SPApplicationContextAccessTokenType tokenType, Boolean useThreadIdentity, SPUserToken userToken)     at Microsoft.SharePoint.SPServerToAppServerAccessTokenManager.GetAccessTokenFromThreadIdentityOrUserToken(SPServiceContext
  serviceContext, String appId, Uri appEndpointUrl, SPApplicationContextAccessTokenType tokenType, SPAppPrincipalInfo appPrincipal, Boolean useThreadIdentity, SPUserToken userToken)     at Microsoft.SharePoint.ApplicationPages.AppRedirectPage.ValidateAndProcessRequest(). 
  Since this is a nonfatal error, it will be sanitized and posted to the app as part of the app launch.    306c809c-66a1-d0d5-d8e2-89d3631ce1bf
  03/24/2014 08:54:47.85    w3wp.exe (0x1448)    0x22D8    SharePoint Foundation    General    ajlz0    High    Getting Error Message for Exception Microsoft.SharePoint.SPException:
  The Azure Access Control service is unavailable.     at Microsoft.SharePoint.ApplicationServices.SPApplicationContext.GetApplicationSecurityTokenServicesUri(SPServiceContext serviceContext)     at Microsoft.SharePoint.ApplicationServices.SPApplicationContext..ctor(SPServiceContext
  serviceContext, SPIdentityContext userIdentity, OAuth2EndpointIdentity applicationEndPoint)     at Microsoft.SharePoint.SPSecurityContext.SecurityTokenForApplicationContext(SPIdentityContext userIdentityContext, String applicationId, Uri
  applicationRealm, SPApplicationContextAccessTokenType applicationTokenType, SPApplicationDelegationConsentType consentValue)     at Microsoft.SharePoint.SPServerToAppServerAccessTokenManager.GetAccessTokenPrivate(SPServiceContext serviceContext,
  String appId, Uri appEndpointUrl, SPAppPrincipalInfo appPrincipal, SPApplicationContextAccessTokenType tokenType, Boolean useThreadIdentity, SPUserToken userToken)     at Microsoft.SharePoint.SPServerToAppServerAccessTokenManager.GetAccessTokenFromThreadIdentityOrUserToken(SPServiceContext
  serviceContext, String appId, Uri appEndpointUrl, SPApplicationContextAccessTokenType tokenType, SPAppPrincipalInfo appPrincipal, Boolean useThreadIdentity, SPUserToken userToken)     at Microsoft.SharePoint.ApplicationPages.AppRedirectPage.ValidateAndProcessRequest()  
   306c809c-66a1-d0d5-d8e2-89d3631ce1bf
  03/24/2014 08:54:47.85    w3wp.exe (0x1448)    0x22D8    SharePoint Foundation    App Auth    aib0p    Medium    Doing appredirect from appredirect.aspx:
  in site: 888b71f7-51ee-40f5-8344-8de4869d37d0 with RedirectLaunchUrl: https://hightrust31.cltenetapps.com/Pages/Default.aspx?SPHostUrl=http%3A%2F%2Fportal%2Ecltenet%2Ecom&SPLanguage=en%2DUS&SPClientTag=0&SPProductNumber=15%2E0%2E4420%2E1017  
   306c809c-66a1-d0d5-d8e2-89d3631ce1bf
  03/24/2014 08:54:47.85    w3wp.exe (0x1448)    0x22D8    SharePoint Foundation    Monitoring    b4ly    Medium    Leaving Monitored Scope (Request (GET:http://portal.cltenet.com/_layouts/15/appredirect.aspx?instance_id=22d5252f%2D392c%2D4f68%2Db820%2Da3053b9d4f24)).
  Execution Time=26.5933938531294    306c809c-66a1-d0d5-d8e2-89d3631ce1bf
  Your help is very much appreciated.
  With Respect,
  Larry

  Yes, actually - I was able to resolve it.
  However I don't know how, unfortunately.  I suspect it was because I needed to have the names of the certificates, defined during the certificate registration (to sharepoint) process, different.
  I have a complete document that shows step by step instructions on the exact process I took to complete the provider hosted application creation, deployment and publishing.  It was a daunting task, but I finished it successfully.
  If there's a way to send private message on this forum, please do so and I'll respond with a way to obtain my document.
  NOTE:  I'm not all impressed with the way this forum works.  This is supposed to be a Microsoft resource and I'll be damned if I ever get a response to highly technical questions.  Completely lame.  Boooooo Microsoft.

• My Macbook Pro 13' from 2011 keeps kicking me off the internet, even though my internet service (complete with brand new router) shows strong bars. Any help?!

  I've had this 13 Inch Macbook Pro complete with the Lion since October 2011. I've been having trouble with the internet connection. I keep getting 'unable to connect to the internet' or 'website unavaiable'. We have a brand new router, so we know for certain the router isn't going out. Both of my parents computers connect just fine without getting kicked out. I thought maybe it was the seat, so I switched chairs and rooms and positions, but that doesn't seem to help. I check my internet connection and always says 'connected' with full bars. I've tried different browswers, using Safari and Google Chrome. It's frustrating not being able to get online and get kicked off in the middle of whatever you're doing for a reason you can't figure out. Any help/suggestions? It's been going on for a month or so now.

  After biting the bullet and ordering more RAM, my computer now is working a ton better. So that must have been the main issue. With 8 GB RAM, I can now even run Parallels fluidly (better than my work PC!) where before simple things like logging in to my MBP after reboot could take forever.
  The place I went to had several other people getting RAM upgrades at the same time as me, so between this and other comments I've seen in discussions here and elsewhere on the Internets, I take it to mean that either Apple should bump up the base RAM on its new machines, and/or stop charging so much for additional RAM.
  I refused to believe a Pro machine bought with Lion installed would come with too little RAM for light to medium usage, but it was apparently the case. I'll mark this as a correct answer and hope some other poor soul will come across this thread and be helped by it.

• Is Compliance Calibrator the same as GRC Access Control?

  I have been asked to look at<b> Compliance Calibrator </b>and am getting confused about what functionality is offered. I have done the basic e-learning course for Compliance Calibrator (GRC200): this was all about separation of duties etc. Fair enough. But I also have a Document called "<b>SAP GRC Access Control</b>" which talks about the same S.O.D compliance functionality but also talks of "roles triggering workflows", "users creating roles", "automated approvals for roles" eg:
  "SAP GRC Access Control streamlines access requests by filling each request automatically with user identity information from a lightweight directory access protocol (LDAP) directory or HR database, thereby eliminating the need for user intervention. Approvers receive an e-mail with a direct hyperlink to the request inside the application, where they can easily view and approve the request. The application then checks for security violations before updating accounts  automatically."
  None of this was covered on the Compliance Calibrator course, so what product offers this? I can see another product by Virsa called <b>Access Enforcer</b> but have no info on this... can anyone enlighten me?

  SAP GRC Access Control is the SAP application that comprises the former Virsa products Compliance Calibrator, Access Enforcer, Risk Terminator, Firefighter and Role Expert.

• What is the usual way of accessing Oracle by JSF with connection pooling?

  I am writing to access Oracle by JSF with connection pooling.
  EJB is too difficult for me.
  What is the simple way of doing it?
  thanks

  Leung,
  I believe there should be some sample code available via the JavaServer Pages Samples Web page.
  Good Luck,
  Avi.

• Anyway to fill the multiple owners in Access Control owner Table in GRC 10.0?

  Hi,
  Is their any way to fill the data in the access control owner table in case we have many owners?
  Any script or any table for inserting this at one shot!

  Hi Pranjal,
  not really recommended, but you can fill directly in table GRACOWNER.
  Regards,
  Alessandro

• What is the compatibility issues restricting use of Dreamweaver MX2004 with Windows 7

  I can't launch an update my website design on Dreamweaver MX2004.  Adobe technicians have informed me the application is not compatible with Windows 7.  The Dreamweaver was already loaded onto this computer when I took over this assignment.  I assumed it was applicable before, so now what are the compatibility issues?  I need to launch these updates.  Can anyone help or provide directions what to do?   

  There are other Forum participants running MX2004 on WIN7, much to my surprise, even on 64bit machines.
  You may wish to be sure that whoever did the installation on your WIN7 machine, knew enough to also install the 7.01 Updater
  http://www.adobe.com/support/dreamweaver/downloads_updaters.html#dwmx2004

• How long has the lines issue been around?

  Just curious. I just got my new powerbook and I am fairly upset at the presence of these lines. Is this something that apple has known about for months or is this a new issue all together? Basically, i just want to know how long everyone has been waiting for an announcment on this issue.

  Well, a more precise answer is :
  PB15"HiRes release : Oct. 19th
  First post on horizontal lines : Oct 25th.
  L.

• When will the photogene issue be resolved? Doesnt work with photostream.

  Photo gene edited pbotos willnot transfer to pboto stream. Photogene says  its Apple's problem in IOS 8.1.2. When will this be fixed?????

  Thanks Gail. Unfortunately Phtotgene will not respond. All they have is a bulletin on their website that the problem was caused by Apples latest release 8.1.2 and a workaround solution to use in the meantime. Its a real pain. I use photogene daily in my family history research. I had the impression that Apple caused the poblem and therefore would fix it. From my perspective since Apple hand picks their Apps they have a respsibility to make sure it gets fixed for the sake of their users. So as they point the fingers at each other we the users suffer. Thankyou for wieghing in on this. Your truly
  Roy 

• Is the JMX based Application Server Control not bundled with EJB3

  I don't see Application Server Control bundled with EJB3? Is it initentionally left out or just missed out. It is a easy way to manage AS through it. The AS is only available from 10.1.3 preview version, can I deploy the ASC onto EJB3 also?
  If so, can you refer me to any document pointing to it?

  Hello,
  You are right the EJB 3.0 Preview does not contains the OracleASC (JMX Based console)
  Next week we will publish the next developer preview of OracleAS 10g (10.1.3) that is a full J2EE 1.4 container, EJB 3.0 and that will contains the OracleASC.
  Tugdual Grall

• Event execution based on the changing direction of boolean control value

  Generally an even case is executed as long as the value of a boolean control changes, no matter the change is from true to false or false to true.
  However, if I want to event case1 to execute if false to true, and case2 to execute if true to false, how to implement this?
  Thanks in advance.

  Dejun wrote:
  NI forum support is much more efficient than tele support!
  And we don't play cheesy elevator music while you wait.
  LabVIEW Champion . Do more with less code and in less time .

• Orcladmin can no longer access Collaboration Suite pages with SSO enabled

  I can no longer use the orcladmin account to access Collaboration Suite pages when SSO is enabled. I have the plug-ins listed in OID and have set the one property to exclude orcladmin (and other admin level accounts) from being authenticated using the external authentication connector with ADS. And yet despite that orcladmin still can't authenticate. I can see in the OC4J log that the authentication in IE is falling back to NTLM authentication but is still failing. What the heck am I missing?

  Swipe between pages stopped working for  me as well completely out of the blue. I haven't installed anything / updated anything lately, and it just stopped working about an hour ago.
  My issue isn't with Mission Control, it's with my browsers:
  In Safari, if I try to swipe to go back a page, it freezes the entire page. I can't scroll anywhere.
  In Chrome, swiping to go back pages just doesn't work at all. But no freezing occurs

• Firefox is not displaying all the images on any of the websites that I access. I upgraded to 4.0 and it worked correctly for about a day and then reverted back to the problem.

  When I open a website using Firefox it displays the text but none of the graphics. I upgarded to 4.0 and it was temporarily corrected. Now it has reverted to no graphics,

  Hi there,
  I have the same issue: FireFox is not showing all images on the page.
  Noticed this in FireFox 5.0. Now I installed FireFox 5.0.1 and still have the same issue.
  The missing images do not even appear in Tools > Page Info > Media.
  The images are usually accessed using DIV tag with a CSS class which contains background-image style. Often, when page opens, the DIV is initially hidden, and JavaScript displays it. Sometimes, jQuery.html() adds such DIV tags, and images rarely appear. Sometimes they do, but more often they do not.
  If I install FireBug and use Inspect Element to find such a DIV, it is there, it contains the CSS class, the definition of the CSS class contains background-image style. If I click the icon to disable this style, and then click it again to enable it, the image immediately shows up.
  Seems to be caused by some optimization which does not detect images like these.
  Hope this helps you reproduce it.

• Folders that I had previously created and put bookmarked sites in have disappeared and Im unable to create new folders for sites I want to bookmark. I've checked the support info and it doesn't say anything about creating new subject folders?

  Bookmark folders that I had previously created have disappeared so I can't access any of my bookmarks. The process I used to create new subject bookmarks doesn't seem to be there anymore. The apple support doesnt mention creating new bookmark folders or what to do if you lose your bookmark folders.

  Hi,
  As you just upgarded to Windows 7, please make sure SP1 is also installed on all systems and install the following hotfix rollup for Windows 7 SP1:
  An enterprise hotfix rollup is available for Windows 7 SP1 and Windows Server 2008 R2 SP1
  http://support.microsoft.com/kb/2775511/en-us
  There was a known issue on Windows 7 which affected shared folders, that newly created or deleted files are not reflect in network folder immediately, which seems similar to your error. If issue still exists after SP1 and hotfix rollup please help confirm:
  1. If this issue occurs only on DFS folder in accessing with \\domain.com\namespace. Could you reproduce the same issue in accessing \\server\sharefolder?
  2. Will the same issue occurs after disabling Offline Files if it is enabled. 
  If you have any feedback on our support, please send to [email protected]