Service Bus MessageQueue Error issuing token

Damir Dobric Posts

Next talks:



Follow me on Twitter: #ddobric





When you try to receive the message from Windows Azure Service Bus queue or to send it you might get some error like 'Error:Code:403’.

This can happen if you try to perform any queue related operation like:

BrokeredMessage message = myMessageReceiver.Receive(new TimeSpan(hours: 0, minutes: 0, seconds: 60));

The full error you get as exception looks like:

The token provider was unable to provide a security token while accessing ''. Token provider returned message: 'Error:Code:403:SubCode:T0:Detail:ACS50000: There was an error issuing a token. ACS60000: An error occurred while processing rules for relying party '' using issuer 'LOCAL AUTHORITY'. ACS60001: No output claims were generated during rules processing.  :TraceID:4b8f5f82-b688-43a3-9cee-95d7d63b5e0f:TimeStamp:2012-01-14 22:24:11Z'.

This will probably never happen if you use default issuer key and and issuer name “owner”. This account is properly setup for you. The good thing is that this account has all permission on ServiceBus. That are: Manage (can do anything like create queue), Send (can send messages) and Listen (can receive messages).

If you have seen exception shown above, you are probably connecting to ServiceBus by user which you have created in ACS. The reason for this error is missing association between ServiceBus application (under this name ACS sees service bus in your namespace).

To fix this go to ACS management portal in context of namespace of your service bus


and select “Relaying Party Applications”


Then select ServiceBus application :


Then scroll to the end to “Role Groups” and notice the check-box state next to your role group. The default one is “Default Rule Group for ServiceBus"
which is provisioned when you create your service bus namespace. The just next one “Sender and Receiver” is custom group, which defines the account which can send messages only (this permission is the reason why I have created it).


I have forgotten to check the box . That means I didn’t associate account in that group to ServiceBus. If this is the case, the strange error shown above will appear.

Hope this helps Smile

Posted Jan 14 2012, 11:51 PM by Damir Dobric is a .Net Community Blog powered by daenet GmbH.