Friday, May 8, 2009

(Solution) "Secure channel cannot be opened because security negotiation" (Geneva)

Today, I was doing some tests with the Geneva (Beta) Framework, again.

It took me some time to find the source of the following errors/exceptions my test applications where throwing:

  • Secure channel cannot be opened because security negotiation with the remote endpoint has failed. This may be due to absent or incorrectly specified EndpointIdentity in the EndpointAddress used to create the channel. Please verify the EndpointIdentity specified or implied by the EndpointAddress correctly identifies the remote endpoint.
  • The message could not be processed. This is most likely because the action 'http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue' is incorrect or because the message contains an invalid or expired security context token or because there is a mismatch between bindings. The security context token would be invalid if the service aborted the channel due to inactivity. To prevent the service from aborting idle sessions prematurely increase the Receive timeout on the service endpoint's binding.

The problem was that my testclient was using a different bindingtype then my test Security Token Service.

For more information about what type of binding to favour, see: http://webservices20.blogspot.com/2009/04/which-binding-to-use-wshttpbinding-or.html

Perhaps this is usefull for you.

No comments: