I am trying to install Geneva on a windows 2008 server (a virtual machine). While going through the Geneva Server configuration wizard, I get the following error:

Step: Start "Geneva" Service
Service Account: Network Service
SQL Database : .\sqlexpress


Error from Application Log:

The Federation service card issuance listener encountered an error.

Additional Data
Exception details:
System.ComponentModel.Win32Exception: No credentials are available in the security package
at System.IdentityModel.SspiWrapper.AcquireCredentialsHandle(String package, CredentialUse intent, AuthIdentityEx& authdata)
at System.ServiceModel.Security.SecurityUtils.GetCredentialsHandle(String package, NetworkCredential credential, Boolean isServer, String[] additionalPackages)
at System.ServiceModel.Security.ServiceCredentialsSecurityTokenManager.KerberosSecurityTokenAuthenticatorWrapper.OnOpening()
at System.ServiceModel.Security.WrapperSecurityCommunicationObject.OnOpening()
at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
at System.ServiceModel.Security.CommunicationObjectSecurityTokenAuthenticator.Open(TimeSpan timeout)
at System.ServiceModel.Security.SecurityUtils.OpenTokenAuthenticatorIfRequired(SecurityTokenAuthenticator tokenAuthenticator, TimeSpan timeout)
at System.ServiceModel.Security.SecurityProtocolFactory.OnOpen(TimeSpan timeout)
at System.ServiceModel.Security.WrapperSecurityCommunicationObject.OnOpen(TimeSpan timeout)
at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
at System.ServiceModel.Security.SecurityProtocolFactory.Open(Boolean actAsInitiator, TimeSpan timeout)
at System.ServiceModel.Security.SecurityListenerSettingsLifetimeManager.Open(TimeSpan timeout)
at System.ServiceModel.Channels.SecurityChannelListener`1.OnOpen(TimeSpan timeout)
at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
at System.ServiceModel.Dispatcher.ChannelDispatcher.OnOpen(TimeSpan timeout)
at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
at System.ServiceModel.ServiceHostBase.OnOpen(TimeSpan timeout)
at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
at System.ServiceModel.Channels.CommunicationObject.Open()

Whsung,

Is the machine you are useing domain joined?

Thanks,
Veneta

---

------------------------ Veneta Tashev - MSFT

I was getting the same error on Windows Server 2008 SP1 running in a VM that was not apart of an AD domain. I gave up after fighting w/ it for a while.

---

Regards,

Travis Spencer
http://travisspencer.com

Whsung and Travis,

This is a known issue with Beta 2. The reason for the error (if your machine is not AD domain joined)is that the wizard tries to create an Attribute Store against AD and when there is none it fails. What kind of Attribute Store were you planning to use to authenticate users againstand gather claims from? You should still be able to manually configure Geneva Server instead of using the wizard, but you'll have to do it yourself from scratch.

Thanks,

~Veneta

---

Veneta Tashev - MSFT

What kind of Attribute Store were you planning to use to authenticate users againstand gather claims from?

Honestly, I didn't even think about that. I really just wanted to get it installed and look around a bit.

You should still be able to manually configure Geneva Server instead of using the wizard, but you'll have to do it yourself from scratch.

How would I go about doing that? By updating records in config files and databases? Are there docs on the manual process of configuring Geneva Server?

---

Regards,

Travis Spencer
http://travisspencer.com

>What kind of Attribute Store were you planning to use to authenticate users againstand gather claims from?

We would like to use this with a SQL database. ie. All user metadata is stored in SQL. We do not want to use AD.

As Travis has suggested, where can we find docs for manual configuring this?

Thanks.

According to this thread,
http://social.msdn.microsoft.com/Forums/en-US/Geneva/thread/0dfcf3bf-e19f-421e-8722-75d1a14d97f7

Geneva Server is hardwired to Active Directory for authenticating users.

Is this statement correct? So should we be using the Geneva Framework and writing an STS instead of using the Geneva Server?

Thanks.

Basically yes - Geneva Server provides custom attribute stores, but not a way to customise the authentication - that's AD only.

According to this thread,
http://social.msdn.microsoft.com/Forums/en-US/Geneva/thread/0dfcf3bf-e19f-421e-8722-75d1a14d97f7

Geneva Server is hardwired to Active Directory for authenticating users.

Is this statement correct?

I'm not certain, but I don't think this is exactly accurate. Geneva Server uses LogonUser to perform the authentication. This means, hypothetically,that in addition to authenticating the user against an AD domain, you should also be able to log them in using a machine-specific account. That machine-specific account would have to be on the same box that Geneva Server is running on. Whether or not this will work in practice, I don't know.

So should we be using the Geneva Framework and writing an STS instead of using the Geneva Server?

Because Microsoft has decided not to provide a pluggable authentication model in Geneva Server, you are only able to log users in with AD and perhaps accounts local to your Geneva Server machine. If this is not sufficient, then you are left w/ little choice but to create a custom STS from scratch -- no small undertaking. If you want more options, tell Microsoft that you need a provider model for authentication in the product. I told them already.

---

Regards,

Travis Spencer
http://travisspencer.com