I have an RP for which I've built a login page using the Json feed from ACS. The IP images are linked to the .LoginUrl attribute of the feed and when I click on one of the images it correctly jumps to that IP's page.
Entering my credentials, however, I'm redirected to a page on the appfabriclabs.com site with the following error:
HTTP Error Code: 400
Message: ACS50000: There was an error issuing a token.
ACS50011: The RP ReplyTo address is missing. Either the RP ReplyToAddresses
are not configured or an invalid wreply 'https://www.skillscore.it/' was received
in the sign-in request.
the RP is configured in the App Labs site with a returnUrl of:
https://www.skillscore.it/Home/FederationResult
and in looking at the wreply parameter in the feed, I see:
https%3a%2f%2fskillscore.accesscontrol.appfabriclabs.com%3a443%2fv2%2fwsfederation
According to some SO articles like [this one] the return url of the app should be a prefix of the wreply parameter - which is clearly not the case here.
so... what have I done wrong now?
p.s. one interesting bit of info: in the Application Integration page of ACS there is a link to the ACS-hosted login page. the link used there seems to differ from the one I'm given in the feed; in particular, the ACS-hosted page uses a wctx of:
pr%3dwsfederation%26rm%3dhttps%253a%252f%252fwww.skillscore.it%252f
whereas the feed gives me:
pr%3dwsfederation%26rm%3dhttps%253a%252f%252fwww.skillscore.it%252f%26ry%3dhttps%253a%252f%252fwww.skillscore.it%252f
so I don't know what that's worth but maybe it's a clue to what's wrong.
* update *
decoded, that last string is:
pr=wsfederation
&rm=https%3a%2f%2fwww.skillscore.it%2f
&ry=https%3a%2f%2fwww.skillscore.it%2f
which clearly shows the Json feed is providing an ry that is not present in the ACS-hosted page... meaning anything to anyone?
ok. my bad. apparently, when I was fetching the Json feed, the URL I used did not have the reply_to set correctly.