Litware HR Smart Client - Unable to finish the security negoritation

Topics: Security, Setup
Oct 29, 2007 at 4:25 PM
Hi,

Issue: this exception was thrown after I clicked the Login button:
System.TimeoutException was unhandled by user code
Message="Client is unable to finish the security negotiation within the configured timeout (00:00:27.2239950). The current negotiation leg is 1 (00:00:27.2239950). "

More details:

I downloaded the latest releases of litwareHR and Litware Smart client and installed both on my XP sp2 machine.

Both were built successfully. When I ran Litware Smart Client application and clicked the log in button, I got this exception:
{"There was no endpoint listening at http://services.litwarehr.com/UnSecureHost/Runtime/AuthenticationService.svc
that could accept the message. This is often caused by an incorrect
address or SOAP action. See InnerException, if present, for more
details."}

I read Eugenio's blog and added several entries to etc/host file:
127.0.0.1 services.litwarehr.com
127.0.0.1 www.litwarehr.com

However, it did not help and the same exception was thrown when I tried to log in. Certainly the services are all up.

Then, I managed to change the services.litwarehr.com that I found in app.config of Shell application to localhost/services.litwarehr. This time it did not give me the above exception, instead it gave me the following:

System.TimeoutException was unhandled by user code
Message="Client is unable to finish the security negotiation within the configured timeout (00:00:27.2239950). The current negotiation leg is 1 (00:00:27.2239950). "
Source="System.ServiceModel"
StackTrace:
at System.ServiceModel.Security.IssuanceTokenProviderBase`1.DoNegotiation(TimeSpan timeout)
at System.ServiceModel.Security.IssuanceTokenProviderBase`1.GetTokenCore(TimeSpan timeout)
at System.IdentityModel.Selectors.SecurityTokenProvider.GetToken(TimeSpan timeout)
at System.ServiceModel.Security.Tokens.IssuedSecurityTokenProvider.GetTokenCore(TimeSpan timeout)
at System.IdentityModel.Selectors.SecurityTokenProvider.GetToken(TimeSpan timeout)
at LitwareHR.PublicApp.WinUX.Security.BrokeredSender.CustomIssuedSecurityTokenProvider.GetTokenCore(TimeSpan timeout) in E:\VAImagingProject\DocumentImagingService\LitwareHR-Smart Client-20070730\LitwareHR-Codeplex-20070730\PublicApp.WinUX\PublicApp.WinUX\Services\CustomIssuedSecurityTokenProvider.cs:line 91
at System.IdentityModel.Selectors.SecurityTokenProvider.GetToken(TimeSpan timeout)
at System.ServiceModel.Security.SecurityProtocol.TryGetSupportingTokens(SecurityProtocolFactory factory, EndpointAddress target, Uri via, Message message, TimeSpan timeout, Boolean isBlockingCall, IList`1& supportingTokens)
at System.ServiceModel.Security.SymmetricSecurityProtocol.TryGetTokenSynchronouslyForOutgoingSecurity(Message message, SecurityProtocolCorrelationState correlationState, Boolean isBlockingCall, TimeSpan timeout, SecurityToken& token, SecurityTokenParameters& tokenParameters, SecurityToken& prerequisiteWrappingToken, IList`1& supportingTokens, SecurityProtocolCorrelationState& newCorrelationState)
at System.ServiceModel.Security.SymmetricSecurityProtocol.SecureOutgoingMessageCore(Message& message, TimeSpan timeout, SecurityProtocolCorrelationState correlationState)
at System.ServiceModel.Security.MessageSecurityProtocol.SecureOutgoingMessage(Message& message, TimeSpan timeout, SecurityProtocolCorrelationState correlationState)

Any idea?
Oct 30, 2007 at 12:40 AM
Edited Oct 30, 2007 at 12:41 AM
Did you change all the occurences of http://services.litwarehr.com to http://localhost/litwarehr.services ?
There is more than one. For example
<issuer address="http://services.litwarehr.com/Authentication/SecurityTokenService.svc"
Oct 31, 2007 at 3:00 PM
Edited Oct 31, 2007 at 3:07 PM
Yes. I double-checked and I did change all occurrences.

Find all "services.litwarehr.com", Subfolders, Find Results 1, "Entire Solution"
Matching lines: 0 Matching files: 0 Total files searched: 181

Also, I tried to open http://localhost/services.litwarehr/Authorization/SecurityTokenService.svc and I saw the wsdl file, which turned out the service is running.


This time, I got a different exception:
System.ServiceModel.FaultException was unhandled by user code
Message="The given key was not present in the dictionary."
Source="System.ServiceModel"
Action="http://schemas.microsoft.com/net/2005/12/windowscommunicationfoundation/dispatcher/fault"
StackTrace:
at System.ServiceModel.Security.IssuanceTokenProviderBase`1.DoNegotiation(TimeSpan timeout)
at System.ServiceModel.Security.IssuanceTokenProviderBase`1.GetTokenCore(TimeSpan timeout)
at System.IdentityModel.Selectors.SecurityTokenProvider.GetToken(TimeSpan timeout)
at System.ServiceModel.Security.Tokens.IssuedSecurityTokenProvider.GetTokenCore(TimeSpan timeout)
at System.IdentityModel.Selectors.SecurityTokenProvider.GetToken(TimeSpan timeout)
at LitwareHR.PublicApp.WinUX.Security.BrokeredSender.CustomIssuedSecurityTokenProvider.GetTokenCore(TimeSpan timeout) in E:\VAImagingProject\DocumentImagingService\LitwareHR-Smart Client-20070730\LitwareHR-Codeplex-20070730\PublicApp.WinUX\PublicApp.WinUX\Services\CustomIssuedSecurityTokenProvider.cs:line 91
at System.IdentityModel.Selectors.SecurityTokenProvider.GetToken(TimeSpan timeout)
at System.ServiceModel.Security.SecurityProtocol.TryGetSupportingTokens(SecurityProtocolFactory factory, EndpointAddress target, Uri via, Message message, TimeSpan timeout, Boolean isBlockingCall, IList`1& supportingTokens)
at System.ServiceModel.Security.SymmetricSecurityProtocol.TryGetTokenSynchronouslyForOutgoingSecurity(Message message, SecurityProtocolCorrelationState correlationState, Boolean isBlockingCall, TimeSpan timeout, SecurityToken& token, SecurityTokenParameters& tokenParameters, SecurityToken& prerequisiteWrappingToken, IList`1& supportingTokens, SecurityProtocolCorrelationState& newCorrelationState)
at System.ServiceModel.Security.SymmetricSecurityProtocol.SecureOutgoingMessageCore(Message& message, TimeSpan timeout, SecurityProtocolCorrelationState correlationState)
at System.ServiceModel.Security.MessageSecurityProtocol.SecureOutgoingMessage(Message& message, TimeSpan timeout, SecurityProtocolCorrelationState correlationState)



The method threw the exception:

protected override System.IdentityModel.Tokens.SecurityToken GetTokenCore(TimeSpan timeout)
{
System.IdentityModel.Tokens.SecurityToken securityToken = null;
if (this.CacheIssuedTokens)
{
securityToken = SecurityTokenCacheStore.GetSecurityToken(this.innerProvider.IssuerAddress.Uri);
if (securityToken == null || !IsServiceTokenTimeValid(securityToken))
{
securityToken = innerProvider.GetToken(timeout);
SecurityTokenCacheStore.AddSecurityToken(this.innerProvider.IssuerAddress.Uri, securityToken);
}
}
else
{
securityToken = innerProvider.GetToken(timeout);
}

return securityToken;
}