Release Notes - August Labs Release
Unfortunately, the August Labs Release of ACS contains bugs. This section isn't intended to be a comprehensive list of known bugs, but a listing of the ones that may be most confusing or irritating. We are working to resolve many of these.
- Fed Metadata requests return an error - ACS publishes and consumes WS-Federation Metadata. Your ACS Service Namespace must be fully configured in order for ACS to publish WS-Federation Metadata, and this includes ensuring that a signing certificate
is configured. In our early tests we found that many users encountered an HTTP 500 error and the absence of a configured signing certificate or key was more often than not the culprit. We are going to provide a more descriptive error message and make this
more obvious in the UX over time.
- An HRD Page when logging into the Management Portal - ACS currently applies one set of identity providers to all configured relying parties. The Management Portal/Service is a relying party in each Service Namespace, and the login process of the
Portal renders the default Home Realm Discovery page. As you configure more identity providers in your Service Namespace, the default Home Realm Discovery page populates with these additional identity providers. As we move forward, we are looking at ways to
add mappings between the identity providers and relying parties in a Service Namespace.
- Windows Live ID can't be removed from the Identity Provider list - The ACS provisioning process adds Live ID as an identity provider and creates rules that give your Live ID access to the portal and the Management Service. Since there is no mapping
between IdPs and Relying Parties, removing Live ID as an IdP might cause you to be locked out of the portal. Rather than take this risk, we made several of the entities (including the Live ID identity provider) read only.
- The Management Service exposes a richer data model than the Portal - Only a sliver of the data model is exposed in the Portal. This is by design.
- The Management Service can create or update data that can't be rendered in the Portal - Unfortunately this could happen a few different ways when using Management Service. We're working on it. In the worst case, this could mean that you are
locked out of the Portal (by changing rules and IdPs). If that's the case, then please let us know. It may be necessary to create a new Service Namespace.
- Federated Signout isn't implemented - We just haven't implemented it yet.
- Configuring a Facebook Connect Base Domain causes the Facebook integration to fail - This release of ACS requires that the Facebook Connect base domain (created in the Facebook developer portal) is blank. If it is not blank, ACS will not issue a
token to a relying party application.
- Signing out of the Portal doesn't sign out at the identity provider - Associated by the fact that ACS doesn't yet support federated sign out.
- V1 tooling (ACM.exe and ACMBrowser) is not compatible with August Labs Release - The Management Service API has changed substantially, and the tooling is no longer compatible.