i am developing a duplex federated wcf service, my federation scenario is working fine but when i tried to make it duplex to an exception is thrown "The incoming policy could not be validated"
i think its issue with my configurations but am still not able to trace out the mistake
Following are my configuration:
1. For my main service:
<system.serviceModel>
<behaviors>
<serviceBehaviors>
<behavior name='MyServiceBehavior'>
<serviceAuthorization serviceAuthorizationManagerType='MyService.MyServiceAuthorizationManager, My Service' />
<serviceCredentials>
<serviceCertificate storeLocation='LocalMachine'
storeName='My'
x509FindType='FindBySubjectName'
findValue='BookStoreService.com' />
<issuedTokenAuthentication>
<allowedAudienceUris>
<add allowedAudienceUri='http://localhost:53121/MyService.svc/GetResponse'/>
<add allowedAudienceUri='http://localhost:53121/MyService.svc/PerformOperation'/>
</allowedAudienceUris>
<knownCertificates>
<add storeLocation ='LocalMachine'
storeName ='TrustedPeople'
x509FindType ='FindBySubjectName'
findValue ='HomeRealmSTS.com' />
</knownCertificates>
</issuedTokenAuthentication>
</serviceCredentials>
<serviceMetadata httpGetEnabled ='true'/>
</behavior>
</serviceBehaviors>
</behaviors>
<bindings>
<customBinding>
<binding name='MyServiceBinding'>
<security authenticationMode='SecureConversation'>
<secureConversationBootstrap authenticationMode='IssuedTokenForCertificate'/>
<issuedTokenParameters>
<issuerMetadata address='http://localhost:62751/TokenIssuer.svc/mex'/>
</issuedTokenParameters>
</security>
<compositeDuplex/>
<oneWay/>
<httpTransport/>
</binding>
</customBinding>
</bindings>
<services>
<service name="MyService.MyService"
behaviorConfiguration='MyServiceBehavior'>
<endpoint address="Response"
binding="customBinding"
bindingConfiguration='MyServiceBinding'
contract="MyService.IMyService" />
<endpoint address="mex"
binding="mexHttpBinding"
contract="IMetadataExchange" />
</service>
</services>
<serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
</system.serviceModel>
2. STS Configurations
<pre lang="xml"><system.serviceModel>
<behaviors>
<serviceBehaviors>
<behavior>
<serviceCredentials>
<serviceCertificate storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectName" findValue="HomeRealmSTS.com"/>
</serviceCredentials>
<serviceMetadata httpGetEnabled="true"/>
</behavior>
</serviceBehaviors>
</behaviors>
<protocolMapping>
<add scheme="http" binding="wsHttpBinding"/>
</protocolMapping>
</system.serviceModel>
and 3. Client Configurations
<system.serviceModel>
<bindings>
<customBinding>
<binding name='MyServiceBinding'>
<security authenticationMode='SecureConversation'>
<secureConversationBootstrap authenticationMode='IssuedTokenForCertificate'/>
<issuedTokenParameters>
<issuer address='http://localhost:62751/TokenIssuer.svc' binding='wsHttpBinding' bindingConfiguration='MyTokenIssuer'/>
</issuedTokenParameters>
</security>
<compositeDuplex/>
<oneWay/>
<httpTransport/>
</binding>
</customBinding>
<wsHttpBinding>
<binding name="MyTokenIssuer">
<security mode="Message"/>
</binding>
</wsHttpBinding>
</bindings>
<behaviors>
<endpointBehaviors>
<behavior name="GetResponseClientBehavior">
<clientCredentials>
<serviceCertificate>
<authentication certificateValidationMode="PeerOrChainTrust"/>
</serviceCertificate>
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
<client>
<endpoint name="WSFederationHttpBinding_IMyService" address="http://localhost:53121/MyService.svc/Response" binding="customBinding" bindingConfiguration="MyServiceBinding" behaviorConfiguration="GetResponseClientBehavior" contract="IMyService">
<identity>
<certificateReference storeLocation="CurrentUser" storeName="TrustedPeople" x509FindType="FindBySubjectName" findValue="BookStoreService.com"/>
</identity>
</endpoint>
</client>
</system.serviceModel>