SecureAuth IdP Version affected: All
Description: End users may receive an 'Invalid User' message when trying to access a Web Service (Multi-Datastore) realm. The following log entry may be found in the Web Service realm's debug.log:
LogChannel="SA_DEBUG" FormatVersion="0.0.1" EventID="51000" Timestamp="2019-04-09T13:19:52.493Z" CompanyID ="" ApplianceID="" Realm="" UserID="bmason" BrowserSession="" StateMachineID="" RequestID="" UserHostAddress="" Message="WebServiceMembershipProvider.GetUser: for user '*' with url https://localhost/secureauth2/webservice/membership.svc, exception: The requested service, 'https://localhost/secureauth2/webservice/membershipws.svc' could not be activated. See the server's diagnostic trace logs for more information."
An additional error may be discovered when trying to access the the Web Service URL endpoint directly:
https://localhost/secureauth2/webservice/membershipws.svc
Error Message: This collection already contains an address with scheme https. There can be at most one address per scheme in this collection. If your service is being hosted in IIS you can fix the problem by setting 'system.serviceModel/serviceHostingEnvironment/multipleSiteBindingsEnabled' to true or specifying 'system.serviceModel/serviceHostingEnvironment/baseAddressPrefixFilters'.
Cause: Multiple Site Bindings is enabled in IIS and that must be enabled in the SecureAuth web.config.
Resolution:
- Go to the SecureAuth Admin Panel
- Go to the affected SecureAuth realm > System Info tab
- Scroll down to the bottom and look for "Click here to edit WebConfig"
- Search for the following:
<serviceHostingEnvironment multipleSiteBindingsEnabled=”False”/>
- Change to "True"
<serviceHostingEnvironment multipleSiteBindingsEnabled=”True”/>
- Click "Save"
SecureAuth Knowledge Base Articles provide information based on specific use cases and may not apply to all appliances or configurations. Be advised that these instructions could cause harm to the environment if not followed correctly or if they do not apply to the current use case.
Customers are responsible for their own due diligence prior to utilizing this information and agree that SecureAuth is not liable for any issues caused by misconfiguration directly or indirectly related to SecureAuth products.
Comments
Please sign in to leave a comment.