At customer project we have introduced a SAML based SSO Authentication process using an PING Federate Infrastructure. This strucutre was working sometimes for unspecific amount of time and then it failed sending us nothing then a timeout.
The ULS gave us not a good idea about the issue, as it does not throw an exception that was related to this issue. We encountered that Security Token Service was also working fine.
After spending hours of research also together with Microsoft Support we finally found the solution. It was hidden in the ULS VerboseEx Messages.
The time out is occurring because SPCertificateValidator.Validate function for 4 certificates (We are using 4 Certificates to make SAML possible) takes 135118 ms = 135 s = more than 2 minutes. In scenarios where there is no internet connection this can occur because the certificates are validated over the network against a CRL or CTL and for these types of scenarios in order for the check over network to not occur for a long timeframe below local policies can be defined to limit the timeframe allowed for certificates check:
Inside Computer Configuration -> Windows ->Security settings ->Public Key Policies -> Certificate Path validation settings > Network Retrieval :
- Uncheck “Automatically update certificates from Microsoft root certification program”
- Set Default URL retrieval timeout settings : 1
- Set Default path validation cumulative retrieval timeout : 1
This solution is now working for us and authentication is possible the whole day and not only some hours.
Why it was working sometimes and sometimes not, i am not sure. Perhaps sometimes the timeout was not hit, and the validation was cached anyhow.
Very Interesting Test Apporach. And a non expected result. Saying that in a long term test setup. Azure has the best quality to deliever.
Windows Azure beats Amazon EC2, Google App Engine in cloud speed test
Good Food and Some Drinks for all who are interested in attending an interesting event on cloud and security.
Please read and comment.
Its more and more getting a game, finding the next db to hack in. I assume they will not stop until all sonypages are security proofed.
Loosing ps3 online system costs 100 million revenue, decreasing reputation on sharemarkets cost 1 billion, getting a security check of companies online systems, priceless.
My Session @ Cloud Stammtisch
I proudly announce the next Munich Cloud Session on May 19th, hosted by Logica.
There i am invited to explain our concept of developing Sharepoint in the cloud.
If you like to join us, visit this Xing Group or contact me directly.
Very interesting approach we are using in our latest Sharepoint Project.
I had an eye on Lightswitch last year when it was released. It is a nice framework to build quick Business Apps. Now Microsoft decided to bring it into the cloud. Good idea , as i think. Here you find a very good overview about this issue.
A sad weekend for all cloud users. With the 21. April 2011 noon the cloud lost its innocence. A lot of trust that was given to Amazon for the EC2 Service swept away in only few hours.
It took Amazon about 3 days to recover the services hosted in their data center in Virgina (us-east-1c). Means a lot of services of Amazons customers were not running partly the whole 3 days. In some cases it had bad follow-up. As one customer runs the monitoring of heart patients in amazon cloud. This examples shows how wrong the decisions could be made, when choosing data for the cloud. Here it was irresponsible, and Amazon did not show a good reaction in not answering the contacting tries of this customer. Even when they had the time to answer a question if the error was caused by skynet. Skynet is a fictional company from the movie terminator.
I wonder what took so much time that amazon lost a complete data center for 3 days. I hope we will see a detail analyze on that events and actions was taken. It seems to be too early to finish the lessons learned session on it. But i would say that this weekend will be a historical moment in cloud history. And we will not remember it in a good manner.
If you like to follow the actual status of your machines then see Amazons EC Status Page.
There was a data loss. In sum 11 hours of data are missing and will not be restoreable. But i am sure that these involved companies had backups of their data. Or not?
A helpful Project that i found as brandnew (I got the very second Download) providing what i was searching for. It saves me some hours of work.
Use it as template when you need simple storage Account Membership providers for a Webpage on Azure.
Download and Import it to Visual Studio, run it. Ready.
The rest is adaption.
Thanks to Inge Henriksen from Scandinavia.