Reputation: 6002
MessageSecurityException: The EncryptedKey clause was not wrapped with the required encryption token 'System.IdentityModel.Tokens.X509SecurityToken'
I have created a Wcf service with SAML implementation. I am using federation binding for the same. From my client application I'm able to access the services hosted on my WCF web service easily when I'm running both client and host service on same machine. I have used certificates for authentication(SAML implementation).
For your information I have custom module at client side which acts as a identity provider. The host service just has some functions which are exposed using wsfederationbinding.
Now the problem is that when I'm running my WCF service host at a different system and client application(consumer with identity provider) on a different system, I`m getting the following error message
MessageSecurityException: The EncryptedKey clause was not wrapped with the required encryption token 'System.IdentityModel.Tokens.X509SecurityToken'.
Note:I feel there is a something mismatch happening interms of certificates between client and host service.
Upvotes: 0
Views: 2382
Answers (1)
Reputation: 6002
I have resolved the above problem, actually the root cause for the above error was certificate mismatch. I read at one of the SAML forum regarding the SAML certificate authentication procedure,which says
- The token is encrypted using the Public certificate at client side.
- At the server side(Webservice Host in my case) the received token is decrypted using the private key of the certificate.
So,in my case the certificates were different at client side compared to the one's at server side.
Resolution :
Just export the certificates from server side(Webservice host in my case) and import the same at client side.
Note: There exist 2 certificates,client certificate and server certificate at both sides(client side and server side). so in reality,when a client wants to access the host web service(dynamically), just like downloading apps,we need to create both certificates at service side and deploy those certificates to client upon activation of the client app.this way certificates will be in sync.
Upvotes: 1
Related Questions
- WCF Error : 'It is likely that certificate 'my cert' may not have a private key that is capable of key exchange
- The certificate is not valid for the requested usage
- WCF "The primary signature must be encrypted" exception on service response
- wcf Error: Incoming message was signed with a token which is different from what used to encrypt body. This was not expected
- Resolve WCF Error: The EncryptedKey clause was not wrapped with the required encryption token 'System.IdentityModel.Tokens.X509SecurityToken'
- WCF client - The EncryptedKey clause was not wrapped with the required encryption token
- WCF : The EncryptedKey clause was not wrapped with the required encryption token 'System.IdentityModel.Tokens.X509SecurityToken'
- At least one security token in the message could not be validated
- Encrypt a SOAP Message Using an X.509 Certificate error
- WCF: The incoming message was signed with a token which was different fron what used to encrypt the body. This was not expected