WCF Client error: “The address of the security token issuer is not specified”

Question

I am receiving the following error from my WCF Client. "The address of the security token issuer is not specified. An explicit issuer address must be specified in the binding for target 'http://site.com/TLAPI.svc' or the local issuer address must be configured in the credentials."

I am trying to connect to a SharePoint Service Application. I have added the service reference which generated the client class below. Here is my code thus far:

TipAndLeadAPIContractClient client = new TipAndLeadAPIContractClient(@"CustomBinding_ITipAndLeadAPIContract", @"http://site.com/TLAPI.svc");
client.ChannelFactory.Credentials.SupportInteractive = false;
client.ClientCredentials.UserName.UserName = "user";
client.ClientCredentials.UserName.Password = "password";
client.ConvertToTLForm(@"C:\Clients\ServiceApplication\CAP\capsample1.xml", "tl_library", "http://site/");

Here is my client side binding configuration:

 <binding name="CustomBinding_ITipAndLeadAPIContract">
                <security defaultAlgorithmSuite="Default" authenticationMode="IssuedToken"
                    requireDerivedKeys="true" securityHeaderLayout="Strict" includeTimestamp="true"
                    keyEntropyMode="CombinedEntropy" messageProtectionOrder="SignBeforeEncryptAndEncryptSignature"
                    messageSecurityVersion="WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10"
                    requireSignatureConfirmation="false">
                    <issuedTokenParameters keyType="SymmetricKey" tokenType="" />
                    <localClientSettings cacheCookies="true" detectReplays="true"
                        replayCacheSize="900000" maxClockSkew="00:05:00" maxCookieCachingTime="Infinite"
                        replayWindow="00:05:00" sessionKeyRenewalInterval="10:00:00"
                        sessionKeyRolloverInterval="00:05:00" reconnectTransportOnFailure="true"
                        timestampValidityDuration="00:05:00" cookieRenewalThresholdPercentage="60" />
                    <localServiceSettings detectReplays="true" issuedCookieLifetime="10:00:00"
                        maxStatefulNegotiations="128" replayCacheSize="900000" maxClockSkew="00:05:00"
                        negotiationTimeout="00:01:00" replayWindow="00:05:00" inactivityTimeout="00:02:00"
                        sessionKeyRenewalInterval="15:00:00" sessionKeyRolloverInterval="00:05:00"
                        reconnectTransportOnFailure="true" maxPendingSessions="128"
                        maxCachedCookies="1000" timestampValidityDuration="00:05:00" />
                    <secureConversationBootstrap />
                </security>
                <binaryMessageEncoding maxReadPoolSize="64" maxWritePoolSize="16"
                    maxSessionSize="2048">
                    <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
                        maxBytesPerRead="4096" maxNameTableCharCount="16384" />
                </binaryMessageEncoding>
                <httpTransport manualAddressing="false" maxBufferPoolSize="524288"
                    maxReceivedMessageSize="65536" allowCookies="false" authenticationScheme="Anonymous"
                    bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard"
                    keepAliveEnabled="true" maxBufferSize="65536" proxyAuthenticationScheme="Anonymous"
                    realm="" transferMode="Buffered" unsafeConnectionNtlmAuthentication="false"
                    useDefaultWebProxy="true" />
            </binding>

And here is my Service Application binding configuration:

        <binding name="CalcServiceHttpBinding">

      <security authenticationMode="IssuedToken" allowInsecureTransport="true" />

      <binaryMessageEncoding>

        <readerQuotas maxStringContentLength="1048576" maxArrayLength="2097152" />
      </binaryMessageEncoding>
      <httpTransport maxReceivedMessageSize="2162688" authenticationScheme="Ntlm" useDefaultWebProxy="false" />
    </binding>

Thanks in advance.

Answer 1

The binding is setup with an IssuedToken credential type:

<issuedTokenParameters keyType="SymmetricKey" tokenType="" /> 

First, I'm not sure why your tokenType attribute is blank. This should be set to the type of token that is going to be negotiated, such as a SAML token which would be tokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1" for example.

Next node has a child node called <issuer> which allows you to specify the address of an secure token server (STS) that the client should use to negotiate the token. The exception that you're getting is telling you that this specifically is not configured. An <issuer> element might look like this.

<issuer address="https://someserver/SomeSTS" binding="<some binding type>" bindingConfiguration="<some binding configuration for the STS>" />

In addition to the address you'll want to specify the binding type that should be used along with any custom configuration that you might need to be able to talk with the STS.