Hi,

Now I'm playing with CardSpace Geneva aka Windows CardSpace.
I'm searching for a good tutorial. I found a good howto on donovanf's blog (http://blogs.msdn.com/donovanf/archive/2009/03/29/setting-up-geneva-server-for-issuing-managed-information-cards.aspx), but this is for Beta 1 and in Beta 2 some changes in the UI of Geneva Server.
My goal is to configure a information card by self-defining claims wich be provided. I've searched the Identity Training Kit and the CardSpace samples by Microsft, but nowhere are good tutorials which explain the configuration for my own information cards :(

Thanks.

Did you try the ID Developer Kit?

http://www.microsoft.com/downloads/details.aspx?FamilyID=C3E315FA-94E2-4028-99CB-904369F177C0&displaylang=en

Yes. That I mean with Identity Training Kit ;)

Well, two questions for understanding:

I read more about information cards. There are self-issued and managed cards.

1. First user can create self but how I do that?

2. The managed card is provided by Identity Provider. In my case Geneva Server. This card is configured in Geneva Server Console. At Geneva Server I can only enable one information card but I want to have several cards for several Relying Parties, maybe ;) Is this possible?

1. Self-issued cards are not supported in the Geneva CardSpace.
2. An information card provides metadata about an Identity Provider. The same card can be used at multiple relying parties. The card issued by the Geneva Server can be used at any of the Relying Party configured on the server. The address of the Relying Party at which the card is being used is sent in therequest for token (RST) to the Geneva Server, hence it knows where the card is being used.

Sorry. I was busy on other stuff last time.

Okay, I understand. Thanks.

My main problem is that I cannot use my downloaded information card. I've setup my system(s) by technet article http://technet.microsoft.com/en-us/library/dd807042%28WS.10%29.aspx accordingly. If I double click the CardSpace logo on the FederationPassive-Site from my Geneva Server and choose the downloaded information card an error occurred and says "This card cannot be used right now". On the hole web I don't find any answers for this issue. I've uploaded complete message box on http://img195.imageshack.us/i/picep.png/

Thanks.

Edit:
In my Event Viewer I get these error:
CardSpace failed with the following error:

An error was encountered when creating a token.

Details:
Failed to retrieve token from the identity provider ( 0x803d000a ) at Q9ZXnlCg (103).
There was an error communicating with the endpoint at 'https://geneva.test.com/Trust/13/KerberosMixed'.Failed to create the Kerberos AP_REQ authentication buffer.Security verification was not successful for the received data.Unable to create security context for SPN 'host/geneva.test.com'.Security verification was not successful for the received data.The specified target is unknown or unreachable ( 0x803d000a ) at lWrj3TNw (160).

>Have you registered SPN for the Geneva server?
No. Because the Step-By-Step Guide for the Hyper-V VMs is also no mention on SPN. Honestly I listen it first time ;)

>Are you using a custom URL (so geneva.test.com is not an actual machine name)?
geneva.test.com is the domain for the required Active Directory Service for Geneva Server. This domain works if I try to logon by Forms Authentication or Windows Integrated Authentication to my ASP.NET-Application. Whether on the AD server directly or using another client of the domain.

>See http://blogs.technet.com/tristank/archive/2006/05/08/spns-r-fn.aspx for some background info.
I'll read this article ;)

I've created on the FABRIKAMSRV01-VM an simple ASP.NET-Application. If I call this application in my browser a CardSpace window pops up and ask for a information card. On my own test VMs CardSpace does not pop up. That's strange for me.

I've ran the setspn.exe with Parameter -L to show current settings on my Geneva Server host:

C:\Users\Administrator>setspn -L w2k8geneva
Registered ServicePrincipalNames for CN=W2K8GENEVA,OU=Domain Controllers,DC=geneva,DC=test,DC=com:
ldap/w2k8geneva.geneva.test.com/ForestDnsZones.geneva.test.com
ldap/w2k8geneva.geneva.test.com/DomainDnsZones.geneva.test.com
Dfsr-12F9A27C-BF97-4787-9364-D31B6C55EB04/w2k8geneva.geneva.test.com
DNS/w2k8geneva.geneva.test.com
GC/w2k8geneva.geneva.test.com/geneva.test.com
HOST/w2k8geneva.geneva.test.com/GENEVA
HOST/W2K8GENEVA
HOST/w2k8geneva.geneva.test.com
HOST/w2k8geneva.geneva.test.com/geneva.test.com
E3514235-4B06-11D1-AB04-00C04FC2DCD2/7affc7ff-3c68-4e78-aa91-03ef72f2dc4a/geneva.test.com
ldap/7affc7ff-3c68-4e78-aa91-03ef72f2dc4a._msdcs.geneva.test.com
ldap/w2k8geneva.geneva.test.com/GENEVA
ldap/W2K8GENEVA
ldap/w2k8geneva.geneva.test.com
ldap/w2k8geneva.geneva.test.com/geneva.test.com

On the FABRIKAMSRV01 I do it too:
C:\Users\Administrator>setspn -L fabrikamsrv01
Registered ServicePrincipalNames for CN=FABRIKAMSRV01,OU=Domain Controllers,DC=fabrikam,DC=local:
MSSQLSvc/fabrikamsrv01.fabrikam.local:SQLEXPRESS
Dfsr-12F9A27C-BF97-4787-9364-D31B6C55EB04/fabrikamsrv01.fabrikam.local
ldap/fabrikamsrv01.fabrikam.local/ForestDnsZones.fabrikam.local
ldap/fabrikamsrv01.fabrikam.local/DomainDnsZones.fabrikam.local
TERMSRV/FABRIKAMSRV01
TERMSRV/fabrikamsrv01.fabrikam.local
DNS/fabrikamsrv01.fabrikam.local
GC/fabrikamsrv01.fabrikam.local/fabrikam.local
HOST/fabrikamsrv01.fabrikam.local/FABRIKAM
HOST/FABRIKAMSRV01
HOST/fabrikamsrv01.fabrikam.local
HOST/fabrikamsrv01.fabrikam.local/fabrikam.local
E3514235-4B06-11D1-AB04-00C04FC2DCD2/f0da7637-42ea-411b-a351-3f47f12d4041/fabrikam.local
ldap/f0da7637-42ea-411b-a351-3f47f12d4041._msdcs.fabrikam.local
ldap/fabrikamsrv01.fabrikam.local/FABRIKAM
ldap/FABRIKAMSRV01
ldap/fabrikamsrv01.fabrikam.local
ldap/fabrikamsrv01.fabrikam.local/fabrikam.local

Well, on FABRIKAMSRV01 I don't see entries for HTTP. I think that's not the problem?