Claims Based Authentication SPSecurityTokenService.Issue() failed: The security token username and password could not be validated.
Please excuse the lousy table...Its late :-)
I have a multi-server SP2010 farm. Patched up to
Configuration database version: 14.0.6106.5002
My goal is to have a claims based web application that authenticated to ADAM for Extranet. I have configured the servers exactly to MSDN and technet specs (following this spec to the
letter (
http://technet.microsoft.com/en-us/library/ee806882.aspx) to allow the forms side of the web app to authenticate to ADAM.
IT WORKS IN DEV!!! , which is a single server farm. However, it does not work in production. I get the following:
Claims Auth log entries:
1:06:25 AM
w3wp.exe (0x0EDC)
0x1790
SharePoint Foundation
Claims Authentication
f2ut
Verbose
Authenticated with login provider. Validating request security token.
1:06:25 AM
w3wp.exe (0x0EDC)
0x1790
SharePoint Foundation
Claims Authentication
0
Verbose
Using membership provider 'ADAMProvider'.
1:06:25 AM
w3wp.exe (0x0EDC)
0x1790
SharePoint Foundation
Claims Authentication
0
Verbose
Doing password check on '[email protected]'.
1:06:46 AM
w3wp.exe (0x0EDC)
0x1790
SharePoint Foundation
Claims Authentication
0
Verbose
Failed password check on '[email protected]'.
1:06:46 AM
w3wp.exe (0x0EDC)
0x1790
SharePoint Foundation
Claims Authentication
0
Unexpected
Password check on '[email protected]' generated exception: 'System.ServiceModel.FaultException`1[Microsoft.IdentityModel.Tokens.FailedAuthenticationException]: The security
token username and password could not be validated. (Fault Detail is equal to Microsoft.IdentityModel.Tokens.FailedAuthenticationException: The security token username and password could not be validated.).'.
1:06:46 AM
w3wp.exe (0x0EDC)
0x1790
SharePoint Foundation
Claims Authentication
fo1t
Monitorable
SPSecurityTokenService.Issue() failed: System.ServiceModel.FaultException`1[Microsoft.IdentityModel.Tokens.FailedAuthenticationException]: The security token username and password
could not be validated. (Fault Detail is equal to Microsoft.IdentityModel.Tokens.FailedAuthenticationException: The security token username and password could not be validated.).
1:06:46 AM
w3wp.exe (0x1B34)
0x08A0
SharePoint Foundation
Claims Authentication
fsq7
High
Request for security token failed with exception: System.ServiceModel.FaultException: The security token username and password could not be validated.
at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.ReadResponse(Message response)
at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.Issue(RequestSecurityToken rst, RequestSecurityTokenResponse& rstr)
at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.Issue(RequestSecurityToken rst)
at Microsoft.SharePoint.SPSecurityContext.SecurityTokenForContext(Uri context, Boolean bearerToken, SecurityToken onBehalfOf, SecurityToken actAs, SecurityToken delegateTo)
1:06:46 AM
w3wp.exe (0x1B34)
0x08A0
SharePoint Foundation
Claims Authentication
8306
Critical
An exception occurred when trying to issue security token: The security token username and password could not be validated..
1:06:46 AM
w3wp.exe (0x1B34)
0x08A0
SharePoint Foundation
Claims Authentication
f2un
Verbose
Form authentication failed.
I have tried EVERYTHING (well, nt everything, I don’t have the fix I suppose).
I found plenty out there and nothing directly correlates with this issue.
I searched on all parts of the errors I got.
This contains an interesting blurb about setting up access for the apppool id correctly.
That’s not the case for me. It works in dev and the same id are used there.
http://sharepoint-2010-world.blogspot.com/2011/03/adam-forms-based-authentication-in.html
This was good but it doesn’t give specs on what the environment looks like:
http://social.msdn.microsoft.com/Forums/en/sharepoint2010general/thread/557143a6-4b36-4939-bb7f-d62a9335fd18
The was interesting…but I am patched up beyond the June 2011 CU so it’s a moot point:
http://social.technet.microsoft.com/Forums/en-US/sharepoint2010setup/thread/9b8368ef-c5e5-4ead-b348-7b2b5587cfc8
Any and all help would be greatly appreciated!
Hi.
You say its a multiserver farm, do you have more than one web server then?
If thats the case, have you tried accessing the site on each server directly?
Found this for you, maybe that can help?
Troubleshooting Exceptions: System.ServiceModel.FaultException`1
http://msdn.microsoft.com/en-us/library/bb907220.aspx
and this:
SharePoint 2010 Claims Authentication - The security token username and password could not be validated reoccurring every morning
http://social.technet.microsoft.com/Forums/pl-PL/sharepoint2010setup/thread/383f1f9b-5c4a-4e19-b770-2a54b7ab1ca1
and
This seems to be a good guide:
http://donalconlon.wordpress.com/2010/02/23/configuring-forms-base-authentication-for-sharepoint-2010-using-iis7/
Good luck
Thomas Balkeståhl - Technical Specialist - SharePoint - http://blksthl.wordpress.com
Similar Messages
-
Hi all,
I have create custom SQL membership provider into Sharepoint 2013.
I have add provider setting in central admin ,Web app & STS config file.
When using Web app Mixed mode authentication.I am able to fetch users & role.Its working fine.
But when I am using
SPClaimsUtility.AuthenticateFormsUser(Context.Request.UrlReferrer, txtUserName.Text.Trim(), txtPassword.Text.Trim()) == false)
this function always return false .
Please help me out what will be the cause.
Is any ways to debug my code when we call "SPClaimsUtility.AuthenticateFormsUser"
Regards
SachinHi all,
I have create custom SQL membership provider into Sharepoint 2013.
I have add provider setting in central admin ,Web app & STS config file.
When using Web app Mixed mode authentication.I am able to fetch users & role.Its working fine.
But when I am using
SPClaimsUtility.AuthenticateFormsUser(Context.Request.UrlReferrer, txtUserName.Text.Trim(), txtPassword.Text.Trim()) == false)
this function always return false .
Please help me out what will be the cause.
Is any ways to debug my code when we call "SPClaimsUtility.AuthenticateFormsUser"
Regards
Sachin -
[Deployment] How NOT to hard code the Database SID, Username, and Password
Hi, I'm new in J2EE so be easy on me. :)
How can I parameterize the database SID, username, and password in my J2EE application? So that anyone can change the SID, username, and password without the need to modify my code? I use Oracle 10g, ADF BC, JSF and JDeveloper 10.1.3.1.
My friend said that I can use XML for this. But he didn't go to detail for doing this. Is it true? Is there any [or better alternative]?
Any help or pointer to a simple tutorial would be fine.
Thanks in advance.Hi -- this is quite easy to do with J2EE.
In your application code, you declare "logical" references to resources (such as datasources, security roles, etc.) and use those in your application code so all it depends on is the logical name
On the server where the application is deployed, "physical" resources are created that point to the actual resource -- in the case of a database, this would be the JDBC URL, username, password.
At deployment time of the application, you then use the facilities of deployment tool to "map" the logical references in the application, to the physical references that exist on the server. So you connect the dots between your application needing something and the server providing the something. That way all the "details" are abstracted out of the your application code.
I don't know how this works in ADF, BC4J, etc. but I presume that since they are based on standard/J2EE, it must be available somehow.
I wrote something about this a while back using direct JDBC as an example:
http://buttso.blogspot.com/2006/06/datasource-lookup-using-javacompenv.html
-steve- -
Dear Mates,
Please find the requirement below,
Due to limited users in ECC system, When launching an ECC transaction from CRM Web UI using Transaction Launcher functionality, the framework is prompting to enter user name and password. Now I need to either avoid user authentication or bypass by defaulting a generic username and password.
I tried passing sap user id and password in ITS URL, but not no luck
Could any one share their valuable comments on this issue?
Thanks,
RajaHi Raja,
please have have a look at the following thread: Default User Name and Password for ECC Transaction
It seems to describe exactly your scenarios. The solution proposed there by zafar karnalkar is to set the default username and password in transaction launcher URL in transaction CRMS_IC_CROSS_SYS. The URL parameters necessary for this are:
sap-user= username
sap-password = password.
Best,
Christian -
MMy wife had bought an iPad from a friend. My wife already has an iPhone, which is registered to iCloud. She cannot acces iCloud from the new iPad. It says her username and password is not authorised. What do we need to do.
This could be a couple different things.
The device is not authorized to the Apple ID.
Continue setup for the ID on the device.
There is an account issue
Is she able to get signed in at
Appleid.apple.com
and manage the account
Can she get signed in at
Supportprofile.apple.com ?
How many devices are registered to that Apple ID? -
Adobe Revel? I have forgotten: the URL; my username and password. How do I ask Adobe for these items? Thanking your reply !!!
[email protected]Dave,
No worries, this link will help you with your issues. You do have a revel account with that email, so resetting your password should be all you need to do. Just click on the "I forgot my password" link on the web page listed below:
http://helpx.adobe.com/x-productkb/policy-pricing/account-password-sign-faq.html
Once you reset your password, you should be able to login to revel at adoberevel.com on a browser or from one of our apps on mac, ios, win8, or android.
Pattie -
I have a iphone 5 and I can login with my apple id to purchase music. However, when I try to login into icloud using the very same username and password that I use in the apple store it does not work to enter icloud, so what what gives???
I could do that, however when I select the icloud button (or whatever the heck it is) I am asked to enter the apple id and password. So if you are suppose to create another one for icloud you'd think it would give you the option at this point which would be logical.
-
Can I use the same icloud username and password for multiple phones?
I have 6 iphones and wanted to use Apple Configurator to install the same apps on all 6 phones. Some of the apps though, also require further installation by email. Can I use the same iCloud username and password for all 6 phones to download the apps and also to configure email or do I need to create 6 different Apple IDs?
If different people will be using these phones, you might be better off using the same Apple ID for the iTunes content...apps, music, etc. on each of these devices, but create different ID's for iCloud on each device. You can use one ID for the iTunes/App store, & a different ID for iCloud. That way, messages, notes, contacts, calendars, etc will be kept separate on each device.
-
I am unable to connect to my RackSpace Windows Server via ARD. I have added a computer entering the ip address, username, and password but I can't establish a connection. I am missing a setting or to step that is different in ARD?
ARD only works with Windows computers if the Windows computer is running VNC server software. Even then it can only control and observe. Do you have this installed?
-
What is the print server username and password?
I am trying to install a Kodak ESP 5210 printer.
I set up the printer - it is on my wireless network.
I installed the Kodak printer software - it too installed correctly.
At the final step I need to "add printer" I click + in the printer window.
I then choose the kodakaio directory under "Windows".
I then choose kodakesp5200_00.
I am asked for the print server username and password.
I tried my log in password with just my first name in lowercase as username as this field was filled out by default.
I tried lots of different things, including no password, but the printer "Add" button never becomes not greyed out.
Would appreciate help. Kodak were no help.
I have pinged the printer successfully so its definitely on the network.
ThanksBecause nothing is listed in the default printer directory
-
Can avoid the entering my username and password always when i click on URL
Hi,
Iam new to BSP,i developed a simple BSP application to display a list of orders on the second page when a cutomer is entered in the first page. it is working fine.
when i test the BSP application, it is asking for username and password.when i entered my username and password it is working fine.
Then my question is when i test the BSP application, can i avoid the entering the username and password always.
is there any way we can avoid the entering my username and password always when i click on the URL.
Thanks
Srinivas Mandasure.
You can include the password and the username in the BSP link :
<bsp_lnk>?sap-client=<client>?sap-user=<username>?sap-password=<password>
where:
<client> = client where the username and password are defined
<bsp_lnk> = your bsp link
<username> = your username
<password> = your password
Regards,
fabrizio -
I am trying to connect to my uni wifi, and when i click on the wifi, it directs me to a log in page. However, the two boxes to enter the username and password do not appear. Can anyone help me with this???
You didn't say what you have already tried, but if you haven't already done so, power-cycle your router (unplug it for 15 seconds then plug it back in), then on your phone go to Settings>General>Reset and tap Reset Network Settings, then try joining your wifi again.
-
My mail (hotmail) has stopped receiving emails and keeps saying the IMAX server username and password is wrong when I haven't changed anything?
Hello ,Marshyy96
That is not good, lets see if we can get your email back up and running again. Take a look at the article below to go over the settings to just make sure nothing is out of the ordinary. You may end up needing to remove the email account and add it back in.
Get help with Mail on iPhone, iPad, and iPod touch
http://support.apple.com/en-us/TS3899
Regards,
-Norm G. -
When I sign into my mobile me account the username and password is not recognised what do I do?
- Go to settings>iTunes and App Store and sign out and sign into your account.
- Apps are locked to the account that purchased them.
- To update apps you have to sign into the account that purchased the apps. If you have apps that need updating purchased from more than one account you have to update them one at a time until the remaining apps were purchased from one account. -
Securing LDAP username and password in Websphere
Hi all,
I am new to LDAP and WAS. I want to secure the username and password for my LDAP server. Right now i have two choices for using the username and password for the LDAP
1. i can put the username and password in a properties file.( but then it makes my application insecure....anybody can read it )
2. I can put them in a .java file and after compilation it would be converted to the class file.( but in this approach anyone who knows in which file it is residing can use a decompiler to read it)
I have seen one implementation for DB2 in which they make a datastore in the application server that holds the username and password for the DB2 server. I want to use same kind of facility for my application.
Can anyone help me with this...?The error description is:
=================================
TNS-12560 TNS:protocol adapter error
Cause: A generic protocol adapter error occurred.
Action: Check addresses used for proper protocol specification. Before
reporting this error, look at the error stack and check for lower level transport
errors.For further details, turn on tracing and re-execute the operation. Turn off
tracing when the operation is complete.
===================================
Did you start your Oracle service before trying to connect?
Are you able to run your listener successfully?
did you setup a TNSNAMES entry for your database?
did you try connecting to the database by using scott/tiger@<tnsnames entry>
Maybe you are looking for
-
P & L report for current period,YTD and previous YTD
I am trying to create a P & L report with the columns for current period,YTD and previous YTD, I have include the measures as the key of columns, which by using period or YTD we can retrieve the current period and YTD column, is there as easy way to
-
How can I in IMAQ Vision know to which blob a pixel belongs to?
Hi, How can I in IMAQ Vision know to which blob (particle) a pixel belongs to? I use IMAQ Complexmeasure and Complexparticle to get data about every particle in the image and then use this data (position, length and direction) to see if two particles
-
This error keeps popping up when I try updating my Adobe CS6 programs, this comes up for all of them besides one program. Why is it not updating my my programs, and how can I fix this??????
-
Why method local inner class can use final variable rather than....
Hi all Just a quick question. Why method-local inner class can access final variable defined in method only? I know the reason why it can not access instance variable in method. Just can not figure out why?? any reply would be appreciated. Steven
-
i download from marketplace apps like document viewer and web odf for odt files but non of them make the job right.