I keep on getting the following error when I try to access a WCF endpoint with an STS reference...
Incoming policy failed validation. No valid claim elements were found in the policy XML.
Below are the web configs for the STS and WCF web service....
STS Web Config...
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<appSettings>
<add key="IssuerName" value="ActiveSTS"/>
<add key="SigningCertificateName" value="CN=STSTestCert"/>
<add key="EncryptingCertificateName" value="CN=DefaultApplicationCertificate"/>
</appSettings>
<connectionStrings />
<location path="FederationMetadata">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
<system.web>
<compilation debug="true" targetFramework="4.0">
<assemblies>
<add assembly="Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
</assemblies>
</compilation>
<authentication mode="None"> </authentication>
<pages>
<controls>
<add tagPrefix="asp" namespace="System.Web.UI" assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
</controls>
</pages>
</system.web>
<system.web.extensions>
<scripting>
<webServices />
</scripting>
</system.web.extensions>
<system.serviceModel>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" />
<diagnostics>
<messageLogging
logMalformedMessages="true"
logMessagesAtServiceLevel="true"
logEntireMessage="true"
logMessagesAtTransportLevel="true"/>
</diagnostics>
<services >
<service behaviorConfiguration="ServiceBehavior"
name="Samples.Security.STS.SecurityTokenService">
<!-- Mutual X509 Endpoint -->
<endpoint
binding="customBinding"
address=""
bindingConfiguration="MutualCertificateBinding"
contract="Samples.Security.STS.ISecurityTokenService">
</endpoint>
<host>
<baseAddresses>
<add baseAddress="net.tcp://localhost:8100/sts/" />
</baseAddresses>
</host>
</service>
</services>
<bindings>
<customBinding>
<binding name="MutualCertificateBinding">
<security allowInsecureTransport="true" securityHeaderLayout="Lax" enableUnsecuredResponse="true" >
</security>
<binaryMessageEncoding/>
<tcpTransport />
</binding>
</customBinding>
</bindings>
<behaviors >
<serviceBehaviors>
<behavior name="ServiceBehavior">
<serviceMetadata httpGetEnabled="True" httpGetUrl="http://localhost:8831/sts/" />
<serviceDebug includeExceptionDetailInFaults="true"/>
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
</configuration>
WCF Web Config...
<?xml version="1.0"?>
<configuration>
<configSections>
<section name="microsoft.identityModel" type="Microsoft.IdentityModel.Configuration.MicrosoftIdentityModelSection, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
</configSections>
<location path="FederationMetadata">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
<system.web>
<compilation debug="true" targetFramework="4.0">
<assemblies>
<add assembly="Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
</assemblies>
</compilation>
</system.web>
<system.serviceModel>
<behaviors>
<serviceBehaviors>
<behavior>
<federatedServiceHostConfiguration />
<serviceMetadata httpGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true" />
<serviceCredentials>
<serviceCertificate findValue="A3A4D95F1E40D274541EF53D5C9B672F00F41B36" storeLocation="LocalMachine" storeName="My" x509FindType="FindByThumbprint" />
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
<serviceHostingEnvironment aspNetCompatibilityEnabled="false" multipleSiteBindingsEnabled="true" />
<extensions>
<behaviorExtensions>
<add name="federatedServiceHostConfiguration" type="Microsoft.IdentityModel.Configuration.ConfigureServiceHostBehaviorExtensionElement, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
</behaviorExtensions>
</extensions>
<protocolMapping>
<add scheme="http" binding="ws2007FederationHttpBinding" />
</protocolMapping>
<bindings>
<customBinding>
<binding>
<security allowInsecureTransport="true" securityHeaderLayout="Lax" enableUnsecuredResponse="true">
</security>
<binaryMessageEncoding />
<tcpTransport />
</binding>
</customBinding>
<ws2007FederationHttpBinding>
<binding>
<security mode="Message">
<message>
<issuerMetadata address="http://localhost:11558/JonsFoodInformationService_STS/Service.svc/mex" />
<claimTypeRequirements>
<add claimType="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" isOptional="true" />
<add claimType="http://schemas.microsoft.com/ws/2008/06/identity/claims/role" isOptional="true" />
</claimTypeRequirements>
</message>
</security>
</binding>
</ws2007FederationHttpBinding>
</bindings>
</system.serviceModel>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true" />
</system.webServer>
<microsoft.identityModel>
<service>
<audienceUris>
<add value="http://localhost:15796/FoodOfTheMonthService.svc" />
</audienceUris>
<issuerNameRegistry type="Microsoft.IdentityModel.Tokens.ConfigurationBasedIssuerNameRegistry, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35">
<trustedIssuers>
<add thumbprint="2ABE4F1A98C12363F3A654E76F211F62895DBE65" name="net.tcp://localhost:8000/sts/Service.svc" />
</trustedIssuers>
</issuerNameRegistry>
</service>
</microsoft.identityModel>
<appSettings>
<add key="FederationMetadataLocation" value="C:\JonsAttempt - Try 5 WOrked - Copy\JonsFoodInformationService_STS\FederationMetadata\2007-06\FederationMetadata.xml" />
</appSettings>
</configuration>
Any help is very much appreciated!