Recently we configured our dev ARS 7.4 environment with SAML pointing at AzureAD. We followed the instructions in Active Roles 7.4 Administration guide, creating an App Pool service domain account with kerberos constrained delegation with the required SPN's.
The web UI redirect to the AzureAD IdP, and then redirects back to the ARWebAdmin page, how ever we receive this message
Message 1001: The connection with the remote endpoint was terminated.
EventViewer
Event occurrence: 1
Event detail code: 0
Application information:
Application domain: /LM/W3SVC/1/ROOT/ARWebHelpDesk
Trust level: Full
Application Virtual Path: /ARWebHelpDesk
Application Path: C:\Program Files\One Identity\Active Roles\7.4\Web\public\
Machine name: Hostname - redacted
Process information:
Process ID: 2904
Process name: w3wp.exe
Account name: Domain Service Account - redacted
Exception information:
Exception type: Exception
Exception message: Message 5202:
Message 1001: The connection with the remote endpoint was terminated.
at Starling2FAModule.IsStarlingEnabled()
at Starling2FAModule.Application_AuthorizeRequest(Object sender, EventArgs e)
at System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at System.Web.HttpApplication.<>c__DisplayClass285_0.<ExecuteStepImpl>b__0()
at System.Web.HttpApplication.ExecuteStepImpl(IExecutionStep step)
at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
Request information:
Request URL: serverNameRedacted:443/.../
Request path: /ARWebHelpDesk/
User host address: IPv4Address
User: AzureAD user
Is authenticated: True
Authentication Type: Federation
Thread account name: Domain Service Account - redacted
Thread information:
Thread ID: 12
Thread account name: Domain Service Account - redacted
Is impersonating: True
Stack trace: at Starling2FAModule.IsStarlingEnabled()
at Starling2FAModule.Application_AuthorizeRequest(Object sender, EventArgs e)
at System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at System.Web.HttpApplication.<>c__DisplayClass285_0.<ExecuteStepImpl>b__0()
at System.Web.HttpApplication.ExecuteStepImpl(IExecutionStep step)
at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
Custom event details:
The logs from ARS
Message 9927:
HttpApplication.ExecuteStep => HttpApplication.ExecuteStepImpl => <>c__DisplayClass285_0.<ExecuteStepImpl>b__0 => SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute => Starling2FAModule.Application_AuthorizeRequest => Starling2FAModule.IsStarlingEnabled => AdObject.Dispose => AdDataObject.get_DN => AdDataObject.Get => Trace.Write
==================================================================
[2020-08-25 19:40:41.8795][16][Debug][ActiveRoles.Web.DirectoryServices.AdObject.Dispose]
Dispose DN= CN=Starling 2FAConfiguration,CN=Starling Configuration,CN=Configuration, ignoryDispose = True
HttpRuntime.ProcessRequestNotificationPrivate => HttpApplication.BeginProcessRequestNotification => PipelineStepManager.ResumeSteps => HttpApplication.ExecuteStep => HttpApplication.ExecuteStepImpl => <>c__DisplayClass285_0.<ExecuteStepImpl>b__0 => SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute => Starling2FAModule.Application_AuthorizeRequest => Starling2FAModule.IsStarlingEnabled => AdObject.Dispose
==================================================================
[2020-08-25 19:40:41.8795][16][Debug][ActiveRoles.Web.Application.Misc.ResourceStringsFinder.GetString]
GetString for ResId=WIS_QUICK_SEARCH
Page.ProcessRequest => misc_applicationerror_aspx.FrameworkInitialize => misc_applicationerror_aspx.__BuildControlTree => misc_applicationerror_aspx.__BuildControlMainForm => misc_applicationerror_aspx.__BuildControlUserMessagePanel => misc_applicationerror_aspx.__BuildControlMasthead => controls_masthead_ascx.__BuildControlTree => controls_masthead_ascx.__BuildControlQuickSearchPlaceHolder => controls_masthead_ascx.__BuildControlQuickSearch1 => ResourceStringsFinder.GetString
==================================================================
[2020-08-25 19:40:41.8951][16][Debug][ActiveRoles.Web.Application.Misc.ResourceStringsFinder.FindString]
Current lcid=1033
misc_applicationerror_aspx.FrameworkInitialize => misc_applicationerror_aspx.__BuildControlTree => misc_applicationerror_aspx.__BuildControlMainForm => misc_applicationerror_aspx.__BuildControlUserMessagePanel => misc_applicationerror_aspx.__BuildControlMasthead => controls_masthead_ascx.__BuildControlTree => controls_masthead_ascx.__BuildControlQuickSearchPlaceHolder => controls_masthead_ascx.__BuildControlQuickSearch1 => ResourceStringsFinder.GetString => ResourceStringsFinder.FindString
==================================================================
[2020-08-25 19:40:41.8951][16][Debug][ActiveRoles.Web.Application.Misc.ResourceStringsFinder.GetKey]
Get key for lcid=1033
misc_applicationerror_aspx.__BuildControlTree => misc_applicationerror_aspx.__BuildControlMainForm => misc_applicationerror_aspx.__BuildControlUserMessagePanel => misc_applicationerror_aspx.__BuildControlMasthead => controls_masthead_ascx.__BuildControlTree => controls_masthead_ascx.__BuildControlQuickSearchPlaceHolder => controls_masthead_ascx.__BuildControlQuickSearch1 => ResourceStringsFinder.GetString => ResourceStringsFinder.FindString => ResourceStringsFinder.GetKey
==================================================================
[2020-08-25 19:40:41.8951][16][Debug][ActiveRoles.Web.Application.Misc.ResourceStringsFinder.FindInCache]
ResourceList for key=ResourceStrings_1033 not foind
misc_applicationerror_aspx.__BuildControlTree => misc_applicationerror_aspx.__BuildControlMainForm => misc_applicationerror_aspx.__BuildControlUserMessagePanel => misc_applicationerror_aspx.__BuildControlMasthead => controls_masthead_ascx.__BuildControlTree => controls_masthead_ascx.__BuildControlQuickSearchPlaceHolder => controls_masthead_ascx.__BuildControlQuickSearch1 => ResourceStringsFinder.GetString => ResourceStringsFinder.FindString => ResourceStringsFinder.FindInCache
==================================================================
[2020-08-25 19:40:41.8951][16][Debug][ActiveRoles.Web.Application.Misc.ResourceStringsFinder.GetKey]
Get key for lcid=Custom
misc_applicationerror_aspx.__BuildControlMainForm => misc_applicationerror_aspx.__BuildControlUserMessagePanel => misc_applicationerror_aspx.__BuildControlMasthead => controls_masthead_ascx.__BuildControlTree => controls_masthead_ascx.__BuildControlQuickSearchPlaceHolder => controls_masthead_ascx.__BuildControlQuickSearch1 => ResourceStringsFinder.GetString => ResourceStringsFinder.FindString => ResourceStringsFinder.FindInCustom => ResourceStringsFinder.GetKey
==================================================================
[2020-08-25 19:40:41.8951][16][Debug][ActiveRoles.Web.Application.Misc.ResourceStringsFinder.FindInCustom]
Custom ResourceList not found
misc_applicationerror_aspx.__BuildControlTree => misc_applicationerror_aspx.__BuildControlMainForm => misc_applicationerror_aspx.__BuildControlUserMessagePanel => misc_applicationerror_aspx.__BuildControlMasthead => controls_masthead_ascx.__BuildControlTree => controls_masthead_ascx.__BuildControlQuickSearchPlaceHolder => controls_masthead_ascx.__BuildControlQuickSearch1 => ResourceStringsFinder.GetString => ResourceStringsFinder.FindString => ResourceStringsFinder.FindInCustom
==================================================================
[2020-08-25 19:40:41.8951][16][Debug][ActiveRoles.Web.Application.Misc.ResourceStringsFinder.FindString]
RESOURCE_NOT_FOUND (WIS_QUICK_SEARCH)
misc_applicationerror_aspx.FrameworkInitialize => misc_applicationerror_aspx.__BuildControlTree => misc_applicationerror_aspx.__BuildControlMainForm => misc_applicationerror_aspx.__BuildControlUserMessagePanel => misc_applicationerror_aspx.__BuildControlMasthead => controls_masthead_ascx.__BuildControlTree => controls_masthead_ascx.__BuildControlQuickSearchPlaceHolder => controls_masthead_ascx.__BuildControlQuickSearch1 => ResourceStringsFinder.GetString => ResourceStringsFinder.FindString
==================================================================
[2020-08-25 19:40:41.8951][16][Debug][ActiveRoles.Web.Application.Misc.MetadataManager.GetProvider]
copyType = CurrentCopy
Control.InitRecursive => Control.InitRecursive => Control.InitRecursive => LogoImages.OnInit => UIPolicyResolver.FindPolicy => UIPolicyResolver.GetCurrentCommandPolicyOrDefault => UIPolicyResolver.GetCurrentCommandPolicy => MetadataManager.get_CurrentCommand => MetadataManager.get_CurrentCopy => MetadataManager.GetProvider
==================================================================
[2020-08-25 19:40:41.8951][16][Debug][ActiveRoles.Web.Application.Misc.MetadataProviderAD..ctor]
Configuration Name = Site for Administrators, CopyType = CurrentCopy, VersionNumber = 39
Control.InitRecursive => Control.InitRecursive => LogoImages.OnInit => UIPolicyResolver.FindPolicy => UIPolicyResolver.GetCurrentCommandPolicyOrDefault => UIPolicyResolver.GetCurrentCommandPolicy => MetadataManager.get_CurrentCommand => MetadataManager.get_CurrentCopy => MetadataManager.GetProvider => MetadataProviderAD..ctor
==================================================================
[2020-08-25 19:40:41.8951][16][Debug][ActiveRoles.Web.Application.Misc.ConfigurationObjectLocator..ctor]
Configuration name =
Control.InitRecursive => LogoImages.OnInit => UIPolicyResolver.FindPolicy => UIPolicyResolver.GetCurrentCommandPolicyOrDefault => UIPolicyResolver.GetCurrentCommandPolicy => MetadataManager.get_CurrentCommand => MetadataManager.get_CurrentCopy => MetadataManager.GetProvider => MetadataProviderAD..ctor => ConfigurationObjectLocator..ctor
==================================================================
[2020-08-25 19:40:41.8951][16][Debug][ActiveRoles.Web.Application.Misc.ConfigurationObjectLocator..ctor]
Configuration version =
Control.InitRecursive => LogoImages.OnInit => UIPolicyResolver.FindPolicy => UIPolicyResolver.GetCurrentCommandPolicyOrDefault => UIPolicyResolver.GetCurrentCommandPolicy => MetadataManager.get_CurrentCommand => MetadataManager.get_CurrentCopy => MetadataManager.GetProvider => MetadataProviderAD..ctor => ConfigurationObjectLocator..ctor
==================================================================
[2020-08-25 19:40:41.9420][16][Debug][ActiveRoles.Web.Application.Misc.MetadataProviderAD.Load]
Unknown error (0x80041452) System.Runtime.InteropServices.COMException (0x80041452): Unknown error (0x80041452)
at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
at System.DirectoryServices.DirectoryEntry.Bind()
at System.DirectoryServices.DirectoryEntry.get_AdsObject()
at System.DirectoryServices.DirectorySearcher.FindAll(Boolean findMoreThanOne)
at System.DirectoryServices.DirectorySearcher.FindOne()
at ActiveRoles.Web.Application.Misc.ConfigurationObjectLocator.GetRootDn()
at ActiveRoles.Web.Application.Misc.MetadataProviderAD.Load()
Control.InitRecursive => LogoImages.OnInit => UIPolicyResolver.FindPolicy => UIPolicyResolver.GetCurrentCommandPolicyOrDefault => UIPolicyResolver.GetCurrentCommandPolicy => MetadataManager.get_CurrentCommand => MetadataManager.get_CurrentCopy => MetadataManager.GetProvider => MetadataProviderAD..ctor => MetadataProviderAD.Load
==================================================================
[2020-08-25 19:40:41.9420][16][Debug][ActiveRoles.Web.Application.Misc.MetadataManager.GetProvider]
ActiveRoles.Web.Application.Misc.MetadataProviderAD
Control.InitRecursive => Control.InitRecursive => Control.InitRecursive => LogoImages.OnInit => UIPolicyResolver.FindPolicy => UIPolicyResolver.GetCurrentCommandPolicyOrDefault => UIPolicyResolver.GetCurrentCommandPolicy => MetadataManager.get_CurrentCommand => MetadataManager.get_CurrentCopy => MetadataManager.GetProvider
==================================================================
[2020-08-25 19:40:41.9420][16][Debug][ActiveRoles.Web.Metadata.MetadataBundle.Load]
Value cannot be null.
Parameter name: s System.ArgumentNullException: Value cannot be null.
Parameter name: s
at System.IO.StringReader..ctor(String s)
at ActiveRoles.Web.Application.Misc.MetadataProviderAD.GetReader(String xml)
at ActiveRoles.Web.Application.Misc.MetadataProviderAD.get_CommandsReader()
at ActiveRoles.Web.Metadata.MetadataBundle.GetCommandsList(IMetadataProvider provider)
at ActiveRoles.Web.Metadata.MetadataBundle.Load(IMetadataProvider provider)
Control.InitRecursive => Control.InitRecursive => Control.InitRecursive => LogoImages.OnInit => UIPolicyResolver.FindPolicy => UIPolicyResolver.GetCurrentCommandPolicyOrDefault => UIPolicyResolver.GetCurrentCommandPolicy => MetadataManager.get_CurrentCommand => MetadataManager.get_CurrentCopy => MetadataBundle.Load
==================================================================
[2020-08-25 19:40:41.9577][16][Debug][ActiveRoles.Web.Diagnostics.Trace.Write]
Message 1001: The directory property cannot be found in the cache.