Error using Json-feed for login: ACS50011

Question

I have an RP for which I've built a login page using the Json feed from ACS. The IP images are linked to the .LoginUrl attribute of the feed and when I click on one of the images it correctly jumps to that IP's page.

Entering my credentials, however, I'm redirected to a page on the appfabriclabs.com site with the following error:

HTTP Error Code: 400 
Message: ACS50000: There was an error issuing a token. 
ACS50011: The RP ReplyTo address is missing. Either the RP ReplyToAddresses
are not configured or an invalid wreply 'https://www.skillscore.it/' was received
in the sign-in request.

the RP is configured in the App Labs site with a returnUrl of:

https://www.skillscore.it/Home/FederationResult

and in looking at the wreply parameter in the feed, I see:

https%3a%2f%2fskillscore.accesscontrol.appfabriclabs.com%3a443%2fv2%2fwsfederation

According to some SO articles like [this one] the return url of the app should be a prefix of the wreply parameter - which is clearly not the case here.

so... what have I done wrong now?

• e

p.s. one interesting bit of info: in the Application Integration page of ACS there is a link to the ACS-hosted login page. the link used there seems to differ from the one I'm given in the feed; in particular, the ACS-hosted page uses a wctx of:

pr%3dwsfederation%26rm%3dhttps%253a%252f%252fwww.skillscore.it%252f

whereas the feed gives me:

pr%3dwsfederation%26rm%3dhttps%253a%252f%252fwww.skillscore.it%252f%26ry%3dhttps%253a%252f%252fwww.skillscore.it%252f

so I don't know what that's worth but maybe it's a clue to what's wrong.

* update *

decoded, that last string is:

pr=wsfederation
&rm=https%3a%2f%2fwww.skillscore.it%2f
&ry=https%3a%2f%2fwww.skillscore.it%2f

which clearly shows the Json feed is providing an ry that is not present in the ACS-hosted page... meaning anything to anyone?

Answer 1

ok. my bad. apparently, when I was fetching the Json feed, the URL I used did not have the reply_to set correctly.