Download location of Oracle OpenSSO Security Token Service

Similar Messages

• Errors with SharePoint Security Token Service: "The revocation function was unable to check revocation for the certificate"

  I'm getting these errors in the eventlog and ULS, "An operation failed because the following certificate has validation errors:\n\nSubject Name: CN=SharePoint Security Token Service, OU=SharePoint, O=Microsoft, C=US\nIssuer Name: CN=SharePoint Root
  Authority, OU=SharePoint, O=Microsoft, C=US\nThumbprint: <STS CERTIFICATE THUMBPRINT>\n\nErrors:\n\n RevocationStatusUnknown: The revocation function was unable to check revocation for the certificate."
  The errors point to the SharePoint Security Token Service as the issue ("The revocation function was unable to check revocation for the certificate") reported back by the Topology service.  This is apparent when executing a search, accessing
  the managed metadata service, issuing SPSite commands in Powershell, or anything that needs to run through the "SharePoint Web Services" site.  I've looked at the certificate assigned to that site and everything appears to be in order. 
  It would seem to me to be either an incorrect endpoint configuration (internally cached perhaps?) or related to security access for the configuration database (in order to validate the certificate root).
  What I’ve tried so far:
  I’ve been all over the certificate settings, both in the server store, and within SharePoint Token Service config.  Both appear to be configured correctly such that the root CAs can be validated.
  Re-entered the passwords for the application pool domain accounts to eliminate these as a potential cause.  I’ve also verified the service accounts reporting the error, do have access to the configuration database.
  Re-provisioned the STS service to see if that might clear out any cached issues and validated everything else according to this
  MS Tech note.
  So far nothing has worked.  Is there anything else I could be looking at that I've missed? (Full eventlog detail below)
  Log Name:      Application
  Source:        Microsoft-SharePoint Products-SharePoint Foundation
  Date:          2/20/2015 11:19:41 AM
  Event ID:      8311
  Task Category: Topology
  Level:         Error
  Keywords:      
  User:          <SP SERVICE ACCOUNT>
  Computer:      <SHAREPOINTSERVER>
  Description:
  An operation failed because the following certificate has validation errors:\n\nSubject Name: CN=SharePoint Security Token Service, OU=SharePoint, O=Microsoft, C=US\nIssuer Name: CN=SharePoint Root Authority, OU=SharePoint, O=Microsoft, C=US\nThumbprint: <STS
  CERT THUMBPRINT>\n\nErrors:\n\n RevocationStatusUnknown: The revocation function was unable to check revocation for the certificate.
  Event Xml:
  <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <System>
      <Provider Name="Microsoft-SharePoint Products-SharePoint Foundation" Guid="{6FB7E0CD-52E7-47DD-997A-241563931FC2}" />
      <EventID>8311</EventID>
      <Version>14</Version>
      <Level>2</Level>
      <Task>13</Task>
      <Opcode>0</Opcode>
      <Keywords>0x4000000000000000</Keywords>
      <TimeCreated SystemTime="2015-02-20T17:19:41.213852500Z" />
      <EventRecordID>1611121</EventRecordID>
      <Correlation />
      <Execution ProcessID="10212" ThreadID="10328" />
      <Channel>Application</Channel>
      <Computer><SHAREPOINTSERVER></Computer>
      <Security UserID="<SP SERVICE ACCOUNT>" />
    </System>
    <EventData>
      <Data Name="string0">CN=SharePoint Security Token Service, OU=SharePoint, O=Microsoft, C=US</Data>
      <Data Name="string1">CN=SharePoint Root Authority, OU=SharePoint, O=Microsoft, C=US</Data>
      <Data Name="string2"><STS CERT THUMBPRINT></Data>
      <Data Name="string3">RevocationStatusUnknown: The revocation function was unable to check revocation for the certificate.
  </Data>
    </EventData>
  </Event>

  Hi Darren,
  This problem seems to occur when an administrator deletes the local trust relationship of the farm from the Security section of the Central Administration website
  In order to resolve this problem, the local trust relationship has to be created. This can be done by running the following PowerShell commands
  $rootCert = (Get-SPCertificateAuthority).RootCertificate
  New-SPTrustedRootAuthority -Name "localNew" -Certificate $rootCert
  After running the above commands, perform an IISReset on all servers in the farm.
  More information:
  http://support.microsoft.com/kb/2545744
  Best Regards,
  Wendy
  Forum Support
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
  [email protected]
  Wendy Li
  TechNet Community Support

• The Security Token Service is not available -- SP Server on Windows 7

  I just installed SharePoint Server 2010 on a Windows 7 workstation with the aim of setting up a development environment.
  Installed all the prerequisites, then SP, everything seemed to go smoothly.
  However, the Health Analyzer is warning my that "the Security Token Service is not available". It says that the "Administrator should try to restart the Security Token Service"
  I looked under Services for my computer and also looked in IIS, did not see any thing that referenced security tokens. Where would I find the security token service?
  Thanks.

  No.
  In Central Admin>Application Management>Manage Service Applications I see the
  Security Token Service Application is running. But the health analyzer is still saying that
  The Security Token Service is not available.
  Any advice on resolving this would be greatly appreciated.

• The Security Token Service is not available error on dedicated Distributed Cache server

  I have an error on a dedicated Distributed Cache server stating that the Security Token Service is not available.  I was under the impression that when Distributed Cache was running on a dedicated server that the only service that should be enabled
  is Distributed Cache. 
  The token service is working as expected on all other servers but this one.  Does this service need to be started or should I just ignore this error message?
  Jennifer Knight (MCITP, MCPD)

  as per my little experience with 2013, if STS is working fine on Web server then I am sure that sharepoint will be fine...Distributed cache stores the ST issued by STS. NO need to worry about this error.
  Login
  Token Cache
  DistributedLogonTokenCache
  This
  cache stores the security token issued by a Secure Token Service for use by any web server in the server farm. Any web server that receives a request for resources can access the security token from the cache, authenticate the user, and provide access to the
  resources requested.
  I would say check the ULS logs and get more details about the error why its not working on that server.
  Please remember to mark your question as answered &Vote helpful,if this solves/helps your problem. ****************************************************************************************** Thanks -WS MCITP(SharePoint 2010, 2013) Blog: http://wscheema.com/blog

• The Security Token Service is not available.

  hi,
  1. service check failed--
   http://localhost:port/SecurityTokenServiceApplication/securitytoken.svc 
  Gettng Error message
  2. while provision it again..
   Get-SPServiceApplication | ?{$_ -match "Security"}
   $sts.Status (result got -online)
   $sts.Provision()
  ----Successful...
  3.Event at Event viewer,..
  WebHost failed to process a request.
   Sender Information: System.ServiceModel.Activation.HostedHttpRequestAsyncResult/31626309
   Exception: System.Web.HttpException: The service '/SecurityTokenServiceApplication/securitytoken.svc' does not exist. ---> System.ServiceModel.EndpointNotFoundException: The service '/SecurityTokenServiceApplication/securitytoken.svc' does not exist.
     at System.ServiceModel.ServiceHostingEnvironment.HostingManager.EnsureServiceAvailable(String normalizedVirtualPath)
     at System.ServiceModel.ServiceHostingEnvironment.EnsureServiceAvailableFast(String relativeVirtualPath)
     at System.ServiceModel.Activation.HostedHttpRequestAsyncResult.HandleRequest()
     at System.ServiceModel.Activation.HostedHttpRequestAsyncResult.BeginRequest()
     --- End of inner exception stack trace ---
     at System.ServiceModel.AsyncResult.End[TAsyncResult](IAsyncResult result)
     at System.ServiceModel.Activation.HostedHttpRequestAsyncResult.End(IAsyncResult result)
   Process Name: w3wp
   Process ID: 5752
  ---------------------And-----------------------------
  Event 8306
  An exception occurred when trying to issue security token: The requested service, 'http://localhost:32843/SecurityTokenServiceApplication/securitytoken.svc' 
  could not be activated. See the server's diagnostic trace logs for more information..
  Please help----------------
  Prasad kambar

  Check this article
  http://blogs.technet.com/b/sykhad-msft/archive/2012/02/25/sharepoint-2010-nailing-the-error-quot-the-security-token-service-is-unavailable-quot.aspx
  and similar thread
  https://social.technet.microsoft.com/Forums/office/en-US/78cd4366-b11b-4300-93a4-4135d55f561f/error-8306-an-exception-occurred-when-trying-to-issue-security-token-please-help?forum=sharepointgeneralprevious
  though it is SharePoint 2010 but will work similar in sps 2013 also

• Security Token Service application not working

  Trying to use secure store service to access userprofileservice.asmx methods within Infopath 2010 form(doesn't contain any managed code). Created tareget application and using udcx file within the data connection library according to Microsoft tech articles.
  I see errors related to accessing securitytokenservice application.It keeps on erroring out within the ULS logs, something like below
  http://localhost:32843/SecurityTokenServiceApplication/securitytoken.svc/actas.
  TCP error code 10061: No  connection could be made because the target machine actively refused it ::1:32843
  Used below links but no luck.
  Method 2 of http://support.microsoft.com/kb/981684
  http://support.microsoft.com/kb/2493524
  http://www.avanadeblog.com/sharepointasg/iis/
  My http://localhost works but i don't see
  http://localhost:32843 working.
  When i run netstat -a within command prompt i see port 32843 is working since the state of it is shown as "listening".
  When i browse to
  http://localhost:32843/SecurityTokenServiceApplication i see HTTP 404 error.
  It is same with other services  under SharePoint Web Services Site within IIS.
  I see the same HTTP 404 error. The Security Token Service application pool is running.
  I'm trying to make this work within my development envirnoment and  i don't see the security token service application
  working in my Production or test environment either. I have a standalone installation on my personal laptop and i don't see these things working there as well. If i had web.config file of a working Security token service application then i could have compared
  that with the web.config on my developement box. This is the only thing i missed out on.
  I'm kind of stuck with this since last one week and any help is appreciated.
  Thanks, DC SharePointer

  thanks Henrik.
  Farm Servers already have WCF Hotfix (976462) and I also checked the STS authentication settings in IIS. Only windows and Anonymous access is enabled. I did make the change(Authentication mode of spStsActAsBinding to IssuedToken, it was SspiNegotiatedOverTransport) that
  is suggested in the link you provided. But no luck. My STS web.config has below membership and role providers
   <system.web>
      <membership>
        <providers>
          <add connectionStringName="DevSQLConn"
   applicationName="/"
   name="DevAspNetSqlMembershipProvider"
   requiresQuestionAndAnswer="false"
   type="System.Web.Security.SqlMembershipProvider,System.Web,Version=2.0.3600.0,Culture=neutral,PublicKeyToken=b03f5f7f11d50a3a" />
        </providers>
      </membership>
      <roleManager enabled="true">
        <providers>
          <add connectionStringName="DevSQLConn"
   applicationName="/"
   name="DevAspNetSqlRoleManager"
   type="System.Web.Security.SqlRoleProvider,System.Web,Version=2.0.3600.0,Culture=neutral,PublicKeyToken=b03f5f7f11d50a3a" />
        </providers>
      </roleManager>
    </system.web>
  Does this have to do anything with my issue. I think at some point they might have configured to use form based authentication.
  Thanks, DC SharePointer

• Could Not Connect to Security Token Service Application

  Receiving the following:
  Get-SPSite : Could not connect to http://localhost:32843/SecurityTokenServiceApplication/securitytoken.svc. TCP error code 10061: No connection could be made
  I have validated the site and app pool exist and are running... however, browsing to the url returns a 404 page. This is happening on 2/4 servers in my farm. 
  I have removed SharePoint and Web Server/Application Server Role from each server and re-installed SP to no avail... next step is re-image but thought I would check the blog-o-sphere first...
  - Rick

  any anti virus on the servers?
  is there any details about the error after connection could be made?
  also have a look: http://blogs.technet.com/b/sykhad-msft/archive/2012/02/25/sharepoint-2010-nailing-the-error-quot-the-security-token-service-is-unavailable-quot.aspx
  Please remember to mark your question as answered &Vote helpful,if this solves/helps your problem. ****************************************************************************************** Thanks -WS MCITP(SharePoint 2010, 2013) Blog: http://wscheema.com/blog

• Wsit: Modify the URL of the security token service at runtime

  I've managed to modify the url of my webservice endpoint at runtime used by a client application with the BindingProvider.ENDPOINT_ADDRESS_PROPERTY. Is it also possible to modify the url of the security token service?

  Check this article
  http://blogs.technet.com/b/sykhad-msft/archive/2012/02/25/sharepoint-2010-nailing-the-error-quot-the-security-token-service-is-unavailable-quot.aspx
  and similar thread
  https://social.technet.microsoft.com/Forums/office/en-US/78cd4366-b11b-4300-93a4-4135d55f561f/error-8306-an-exception-occurred-when-trying-to-issue-security-token-please-help?forum=sharepointgeneralprevious
  though it is SharePoint 2010 but will work similar in sps 2013 also

• Security Token Service Application Pool high CPU

  The SecurityTokenServiceApplicationPool seems to be using really high CPU at times and it seems to slow down the servercausing spike to almost 100% CPU, recycling takes care of it temporarily, it will also go down on its own but to a lesser extent.
  I cant seem to see any cause of this in the logs.
  The Security Token Service Application Pool isnt on a recycle schedule by default.
  Does anyone recommend putting it on a recycle schedule?
  What are some common causes of it
  thanks
  themush

  Hi,
  As I understand, the SecurityTokenServiceApplicationPool caused high CPU usage in your envrionment.
  Would recycling the application pool be help?
  To check if there is performance issue, please provide more information about your application server which host this service application.
  http://technet.microsoft.com/en-us/library/cc262485(v=office.15).aspx#hwforwebserver
  Here are some references for application pool high usage in SharePoint:
  http://weblogs.asp.net/erobillard/thoughts-on-sharepoint-application-pools-recycling-and-quot-jit-lag-quot
  http://blogs.technet.com/b/stefan_gossner/archive/2007/11/26/dealing-with-memory-pressure-problems-in-moss-wss.aspx
  Regards,
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
  [email protected] .
  Rebecca Tu
  TechNet Community Support

• How Oracle IDM secure web services ?

  Hi,
  I am using Oracle Product. Wanted to know How IDM can secure web services or one has to use OWSM/OPSS something like this or what security setting we can do at weblogic level?
  Help Appreciated.

  Hi,
  I am using Oracle Product. Wanted to know How IDM can secure web services or one has to use OWSM/OPSS something like this or what security setting we can do at weblogic level?
  Help Appreciated.

• Download location for Oracle.DataAccess

  I've installed the Oracle 11g Release 2 ODAC and Oracle Developer Tools for Visual Studio 11.2.0.1.2 on my development machine. I've developed an application that I now need to install on a server. I can't find a download for installing the Oracle.DataAccess.dll without the whole developer tool suite. Is there something I've missed?
  I attempted to use the Oracle Database Client.Netx64 (not sure where I got this), but it fails when executing with a Java2 virtual machine crash.

  Hi,
  There is currently no 64 bit version of 11.2.1.2.
  If your app does not need .net 4 support, you could recompile with 2.x 11.2.0.1.0, and then run it on a box that has 64 bit 11.2.0.1.0 full client installed.
  If you need .NET 4 support, you'll probably need to run it as 32 bit until 64 bit ODAC comes out.
  http://forums.oracle.com/forums/ann.jspa?annID=1356
  Hope it helps, corrections/comments welcome.
  Greg

• Download location of Oracle OBIE

  Can anyone have any idea about this?
  Can anyone have any link to download this software? Is it free to try?
  Kindly share the link if anyone have this information.
  Sorry to post this here. :(
  Regards.
  Satyaki De.

  After so many posts, surprinsingly post in wrong forum. Try :
  1. Download forum : Downloads Issues
  and/or
  2. Oracle BI forum : Business Intelligence Suite Enterprise Edition
  And also, you could check http://edelivery.oracle.com and/or http://download.oracle.com
  Nicolas.
  add links
  Edited by: N. Gasparotto on Jun 1, 2009 2:15 PM

• Security Token Service Configuration - Token Lifetime

  We configured SharePoint to use ADFS and FBA for authentication, users can Log-In and access the site.
  But the issue is after 10 mins users are re-authenticating with ADFS (Windows Users) and want to change this configuration to more time (20 mins). 
  Current Configuration:
  ADFS - TokenLifetime is 20 mins
  STS -  LogonTokenCacheExpirationWindow is 1 min
  FormsTokenLifetime / WindowsTokenLifetime is not modified and have default values
  Is there any other STS properties need to be modified to increase the duration and to stop re-authenticating.
  -RK
  Thanks

  Hi RK,
  Have you double checked the TokenLifetime is 20 mins on your ADFS  server?
  Have you restarted the IIS after you updated the
  LogonTokenCacheExpirationWindow value as 1 min on your SharePoint servers?
  Set-ADFSRelyingPartyTrust -TargetName "Relying Party Name" -TokenLifetime 20
  $sts = Get-SPSecurityTokenServiceConfig
  $sts.LogonTokenCacheExpirationWindow = (New-TimeSpan –minutes 1)
  $sts.Update()
  Iisreset
  http://sharepoint.stackexchange.com/questions/79864/sharepoint-2013-adfs-login-local-token-cache-always-expired
  http://msdn.microsoft.com/en-us/library/office/hh147183(v=office.14).aspxThanks
  Daniel Yang
  TechNet Community Support

• Secured WCF Service Visual Studio Template

  I'm looking for a WCF template that has WSSecurity features already added to it. Does such a template exist?
  Thanks!

  Hi Andrew Greenwright,
  It will be better if you can tell us what Visual Studio version that you are using and which WSSecurity features that you want to implement. For example we can use the WCF Security Token Service and Claims-Aware WCF Service template in Visual Studio 2010:
  In Visual Studio 2012, we can download the
  Identity and Access Tool to enable
  Windows Identity Foundation (WIF) on WCF Services for security.
  In Visual Studio 2013, the
  Windows Identity Foundation (WIF) has been fully integrated into the .NET Framework 4.5.
  Best Regards,
  Amy Peng
  We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
  Click
  HERE to participate the survey.

• How to create a client get security token in STS ?

  Dear all,
  How to create a client get security token in STS(security token service supported by Netweaver7.3) ?
  Thanks.

  Hi Sagarika,
  use scc4 for creating a new client
  and login to the new client that u created using sap* and pass as password
  use sccl over there to do a local client copy
  sccl for copying local client
  scc9 for remote client copy
  Merlin