Continuing my foray into the world of Azure I started playing with using my Azure VM as an ADFS server with the goal of using it as an identity provider in Windows Azure ACS for the appropriate candidate azure services. I followed the instructions on this fantastic step by step walkthrough by Haishi Bai (he sure does make it easy for those who are learning their way) but I ran into a problem when I tried to get the Identity and Access extension (on a side note make sure you have the WIF runtime installed on the server, then install the WIF SDK, and only then install the Identity and Access Visual Studio extension or you will face a null object reference type error when opening Visual Studio and the extension won’t load) in Visual Studio to use my Azure ACS namespace as an identity provider.
According to the instructions on this blog post and on many others one should browse to the Access Control Services management portal, click on the Management Service link, click on ManagementClient then symmetric key and take down the key value that is listed here.
Now to have Visual Studio connect to your ACS namespace you need to open the Identities and Access menu by right clicking on the project and selecting that item, choosing to use the Windows Azure Access Control Service and then pressing the configure link to choose an ACS namespace. Now the guidance says that you should place your ACS namespace in the first textbox and your symmetric key in the second.
Unfortunately you’ll find that chances are this wont work. You will be faced with a ID1113 error (you can see it by hovering over the red exclamation mark) which states that the combination of namespace and management key are invalid. Browsing around the internet (there are many places where this suggestion is made but it is probably worded best in this blog post) suggests that this is a common problem when you have created the ACS namespace in the new Azure Management Portal and have suggested that you should instead create the ACS namespace in the old portal instead (you can access the old portal by clicking on your name on the top right hand side of the portal screen and choosing previous portal).
What I have found however is that if I instead entered the ManagementClient password instead of the symmetric key then the extension seems to accept the combination and allows me to choose from the identity providers that I have configured in the ACS management portal. I do not know why the password is accepted while the symmetric key isn’t when that is apparently what is being asked for, but for others who are also stuck at this step use the password instead.