I'm going through WIF training kit. I'm getting the following error when trying to log in via STS site. I click log-in, then I'm redirected to STS web site and I see this
No certificate was found for subject Name CN=IdentityTKStsCert
Found out where confusion was. I was putting
Friendly Name of certificate in the web.config. The certificate common name is actually property called
There is a part about certificate common name in this article. http://www.sslshopper.com/article-how-to-create-a-self-signed-certificate-in-iis-7.html
In order to work on the Microsoft exercises, you need to set-up the environment ( with the correct certificates). Please follow the below setup instruction (Extracted from Microsoft link (now obsolete) - http://msdn.microsoft.com/en-us/gg271381) to install the requested certificates. The source files for the setup can be found
on the upper right corner of the page here .
You must perform the following steps to prepare your computer for this lab.
Note: This process may require elevation. The .dep extension is associated with the Dependency Checker tool during its installation. For additional information about the setup procedure and how to install the Dependency Checker tool, refer to the Setup.docx document in the Assets folder of the training kit.
Note: If you already have a "localhost" certificate needed by another application, ensure to make a backup copy of it before continue with the lab's certificates installation.
Certificates installation finished
Note: If you are running Windows 7 or Windows 2008 R2 you might not see this window.
Note: In addition to the setup script, inside the Source\Setup folder of this lab, there is a Cleanup.cmd file you can use to uninstall all the code snippets installed by setup scripts.
If you run 'mmc' (Start->run->'mmc') you should be able to go into your Certificates snap-in for Computer account (File->Add\Remove Snap-in) in and check that Personal\Certificates has an entry with IdentityTKStsCert.
If it does, then try removing the 'CN=' from your web.config entry, like so (other identityModel config entries hidden):
<microsoft.identityModel> <serviceCertificate> <certificateReference x509FindType="FindBySubjectName" findValue="IdentityTKStsCert" storeLocation="LocalMachine" storeName="My" /> </serviceCertificate> </microsoft.identityModel>
Lastly, you may want to ensure IIS has access to the private key. Back in the Certificates snap-in of IIS, right click on the cert and select All Tasks->Manage Private Keys and add IIS_IUSRS if it is not there. (This is for IIS 7 only I believe, as you tagged)