Questions tagged [wif]

1

votes
1

answer
336

Views

Authentication in ADFS with Web Service

I have developed the test application in which i have added .asmx file for ADFS authentication, after authentication it would redirect to my original already developed web application. the common code is shown below var stsEndpoint = ConfigurationManager.AppSettings['EndPoint']; var relayPartyUri =...
user1691894
1

votes
1

answer
1.9k

Views

IDX10214: Audience validation failed. ADFS .Net

I'm validating against my ADFS server and am getting the following error message. 'IDX10214: Audience validation failed. Audiences Did not match: validationParameters.ValidAudience' This link shows my code--its a very simple proof-of-concept for authenticating within the visual studio IDE. It tak...
Tom McDonald
1

votes
0

answer
137

Views

How do I get a SecurityTokenHandler to load its configuration from web.config?

I have been struggling with trying to add a SAML2 SSO entry point to an asp.net 4.6 web application using WIF -- a technology I was totally unfamiliar with before starting. What has worked so far is to create everything programmatically, for which purpose I have subclassed various object types such...
Paul Kienitz
1

votes
0

answer
102

Views

Receing 'JwtSecurityToken' does not support 'SamlAssertionKeyIdentifierClause' creation.' error while creating channel with issued token in WCF 4.5

When trying to generate Custom STS token with 'JwtSecurityToken', received following error message: System.NotSupportedException: ''JwtSecurityToken' does not support 'SamlAssertionKeyIdentifierClause' creation.' I'm using .NET/WCF/WIF 4.5 JwtSecurityTokenHandler is from System.IdentityModel.Token...
Zammy Page
1

votes
0

answer
46

Views

OneLogin + SAML + SCIM

I'm integrating a service with OneLogin. In particular, need to implement SAML-P login AND SCIM v2 endpoint in a multi-tiered .NET application, which is using Windows Identity Foundation behind the scenes. Both SCIM v2 and SAML-P work fine independently, however I'm having issues combining these tw...
Danny Dog
1

votes
0

answer
42

Views

Saml2SecurityTokenHandler with EncryptedID support

I'm trying to read a security token form a SAMLP 2.0 reponse with unencrypted assertions, but where the attributes are encrypted using EncryptedID. I'm using the Saml2SecurityTokenHandler to get a secrity token via the ReadToken method. This will eventually call ReadSubject and that one throws the...
Thieme
1

votes
0

answer
26

Views

NotSupportedException when calling WCF service (Crypto algorithm not supported in this context)

I am trying to use a WCF with federation. Therefore my client obtains a token from the STS, opens the channel with the issued token and finally calls the service. Then, I am getting the following exception: System.NotSupportedException HResult=0x80131515 Message=Crypto algorithm not supported in t...
MiGro
1

votes
1

answer
600

Views

How do I request additional claims from Passive STS with WIF?

I have the following: A website ASP.Net application acting as an Identity Provider (IDP STS) Federation Provider (FP STS) A Resource ASP.NET MVC WebSite acting as (RP) when trying to access a Resource in RP, it goes thru the FP STS and gets redirected to IDP STS. User puts their credentials and upon...
Heena
1

votes
1

answer
721

Views

Enable anonymous access to ADFS 2.0 SharePoint site

I have a SharePoint 2007 portal configured to authenticate againsts a STS (ADFS 2.0) using the FormsSignIn (Forms Authentication on the ADFS). Is there any way to have a few pages living in the SharePoint portal that allow anonymous access? I've tried checking the 'Enable Anonymous Access' in the...
shannon.stewart
1

votes
2

answer
860

Views

Windows Identity Framework on ASP.NET MVC - how to authorize user per action basis?

Windows Identity Framework on ASP.NET MVC - how to authorize user per action basis? Like: [Authorize] public ActionResult About() { return View(); } Instead of the whole site level security as is the default WIF site integration behaviour? UPDATE: Maybe should the question goes like, how to allow an...
Peter Stegnar
1

votes
1

answer
765

Views

Windows Identity Foundation + WCF (Federated scenario)

I've investigated for a while how to use such combimation as IdP (ADFS 2.0), AuP (custom) and WCF service (custom). Passive scenario (for ASP.NET) is set up and it works well. The problem is that direct FederationMetadata.xml linking does not provide working application and generates to much of code...
Sasha Reminnyi
1

votes
1

answer
3.3k

Views

How does processing a SAML assertion work?

I need to be the service provider in a SAML solution and want to know how the processing of assertions work. I could not find the answer here. I imagine the assertion would say something like: 'I'm John Doe, My ID is: 999'? Do i need an User list that is 'in Sync' with the identity provider? Do i ne...
capdragon
1

votes
1

answer
695

Views

WIF and ADFS - Requesting for more\extra claims

I have a a ASP.NET web site which uses a ADFS 2.0 to provide claims. On the ADFS I have implemented a Custom Attribute Store. This store goes and gets some particular claims from an old legacy system which can take some time (20 -30sec) What I would like to know is how to do I only get this claim w...
Darrin Robertson
1

votes
1

answer
468

Views

Calling web services from an ASP.Net application authenticated with WIF

I have a ASP.Net web application which authenticates using passive authentication with a WIF STS. I want to host web services on this STS to access it's membership and related data. How would the ASP.Net application authenticate with the web services? Is this active federation? At the moment the ser...
Max
1

votes
2

answer
563

Views

Can I use WIF to authenticate on services like Gmail and Hotmail?

Can Windows Identity Foundation allow us to connect to services and read contact information? Here is a idea of how WIF advantages: WIF externalizes authentication, passing it over to security token services (STS) and reducing the demands on individual developers WIF also supports trust relationshi...
Junior M
1

votes
1

answer
208

Views

WIF - optional authentication

I'm working on a proof of concept app. The basic functionality works, where I can log into one website, link to another site that shares the same STS, and the partner site picks up the credentials properly. However, the partner site only requests the token if the page that we link to requires authen...
Dominick
1

votes
1

answer
851

Views

ADSF Secured Web Application Calling Web Services

I have Active Directory Federation Services 2.0 all setup and ready to work, but I have a scenario that falls outside pretty much everything I've read on enabling a relying party application. The 2 scenarios that are well documented involve A) Passive authentication for a web site or B) Using a thic...
Don Fitz
1

votes
1

answer
1k

Views

Implementing an Identity Provider

I have implemented App Fabric Labs' mechanism for authentication into my MVC3 app so now I can log in with Facebook, Google, Yahoo and LiveID. yea!! now, what if a user doesn't want to use any of those systems? I need to provide 'traditional' signup forms. I'm thinking that calls for implementing...
ekkis
1

votes
1

answer
459

Views

Windows Identity session management for silverlight / wpf

I'm testing WIF, most examples are in Asp.Net though and I'm more interested by WPF/Silverlight. How would you handle sessions in this case ? With Asp.net in case the soap service requests a new login, we are redirected to the login page, how can we do when using WPF or Silverlight ? More generally...
fabien
1

votes
2

answer
313

Views

WIF - Federated Provider with multiple Identity Providers - store IP info in db?

So despite the warnings, I think I need to build a custom STS. We will support an arbitrary number of customers who provide identity information via SAML. What is the best practice to store details on each IP? Most examples seem to store this info in the STS's web.config. That seems like it wou...
Code Silverback
1

votes
1

answer
620

Views

How to fix “not a known principal” error with Windows Azure Access Control Service (ACS) and custom STS

I'm working on a proof of concept for Federated Authentication. I've created a custom STS (basically a re-write of the Windows Identity Foundation Basic STS sample) and set up relying parties to use this successfully. The next stage of the PoC is to use Azure ACS to allow federated login with Googl...
Rammesses
1

votes
2

answer
1.1k

Views

EPiServer and Windows Identity Foundation (WIF)

I am researching the possibilities of using WIF to identify users on parts of a customer's site running on EPiServer. I've managed to get WIF to kick in using, amongst others, the following post: http://world.episerver.com/Blogs/Ben-Morris/Dates/2010/6/Converting-EPiServer-6-to-use-claims-based-auth...
Erik A. Brandstadmoen
1

votes
2

answer
478

Views

WIF STS, different “kinds” of users, applications and claims

We are currently looking into implementing our own STS (Microsoft WIF) for authenticating our users, and in that process we have come up with a few questions that we haven’t been able to answer. We have different kinds of users, using different kinds of applications. Each kind of user needs some s...
Tommy Jakobsen
1

votes
2

answer
653

Views

How to use file-based config for Saml2SecurityTokenHandler?

Using Saml2SecurityTokenHandler to validate SAML2 bearer token from internal provider or from ACS. Able to programmatically configure the handler to validate just fine, but it doesn't seem to want to pick up configuration from the microsoft.IdentityModel section in my config file. Constructing a Sec...
andrewbadera
1

votes
1

answer
662

Views

How to grab serialized in http request claims in a code using WIF?

ADFS 2.0, WIF (WS-Federation), ASP.NET: There is no http modules or any IdentityFoundation configuration defined in a web.config (like most WIF SDK samples show), instead everything is done via program code manually using WSFederationAuthenticationModule, ServiceConfiguration and SignInRequestMessag...
YMC
1

votes
1

answer
514

Views

self-signed certificates in an identity federation scenario

I'm using WCF webservices with WIF. More specification, I'm using WS2007FederationHttpBinding. All works well on the localhost machine used for development. However, when trying a remote install with the server deployed on IIS and the client being launched from an other PC, my channel Open method fa...
fabien
1

votes
1

answer
316

Views

How do I sign out of Google, Yahoo, or LiveID with ACS

I am signing out from the FAM correctly, but my cookies are still being stored in a way that doesn't prompt them for credentials after the SignIn link is checked. I think the issue is with a cookie being saved from Yahoo or gmail. How do I erase it? Or if I describe the situation another way..I hav...
Tom Lee
1

votes
1

answer
185

Views

Dummy STS project is missing Default.aspx and Login.aspx

Has anyone ever run a problem where creating a new STS project in Visual Studio via the 'Add STS Reference ...' menu item yields a project that does not contain the necessary Default.aspx and Login.aspx files? This was working earlier and now I'm baffled.
Raymond Saltrelli
1

votes
1

answer
707

Views

SWT token decrypt claim's value

I'm integrating OData service with ACS. Everything works fine but when I get token in Authorization header value is encrypted. Example (it's already URL decoded): http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name=mYuAaeTWh6vbXFGCMZPqeTm5dpPnq8e3MaB2cmiwBWQ=&http://schemas.xmlsoap.org/ws/20...
Glaxalg
1

votes
1

answer
2.6k

Views

Add STS reference not displaying in VS2010 Express

I have already done the following. I have VS Express 2010 (trial) installed on my windows 7 machine. Installed WIF 6.1 and WIF sdk 4.0 from http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=4451 Installed VS C++ express to get Visual Studio command prompt Tried to execute C:\Progra...
user179056
1

votes
3

answer
11.1k

Views

ADFS 2.0 - request token for service in different AD

I have the following scenario: Active Directory 1: WCF Client, ADFS 2.0 (STS) Active Directory 2: WCF service (Relying Party) I have added the RP to the ADFS but when I request a token from the ADFS I recieve the following error: System.ServiceModel.FaultException: ID3242: The security token could n...
flayn
1

votes
1

answer
4.7k

Views

saml token resolver unable to resolve token reference

I am currently working on a small ASP.NET project involving authentication of users against a 3rd party identity provider. I am having problems with SP-initiated SLO requests. I am using the WIF SAML 2.0 extension to handle the SAML protocol. When debugging my application it crashes immediately, giv...
matsho
1

votes
1

answer
521

Views

How do I programmatically redirect an unauthenticated request to an STS?

I need unauthenticated users to first be redirected to a login page on an ASP.NET website, then I'll do some business logic to determine one of three authentication types: the user will manually log in with a username and password the user will get redirected to an STS for a federated login or (in...
RichC
1

votes
2

answer
562

Views

TCP Federation and ADFS

I hope someone can help me out. How can I do federation over TCP? I am using ADFS as my STS. My WCF service (Relying party) expose its endpoint over net.tcp bindings. The STS would be accessed through wsHttp endpoints. How would I do this? Any suggestions? Thank you
Geek Coder
1

votes
1

answer
401

Views

Mixed authentication with WIF for multiple endpoints in a Windows service

We need to expose two WCF endpoints in a single Windows service. One endpoint should use claims based authentication (WIF), with the other using certificate authentication. Unfortunately all our attempts have failed because WIF configuration attaches to all WCF endpoints; the endpoint which should u...
user1528536
1

votes
1

answer
1.6k

Views

ADFS 2.0 Claims Not Accessible in WCF 4.5

I have been working on a POC for outside users to authenticate to a WCF service using ADFS 2.0 with a username/password. I have the client configure to use https:///adfs/services/trust/13/username and a security mode of TransportWithMessageCredentail. And after pulling my hair out for a few days I h...
JAG
1

votes
1

answer
1.9k

Views

Using ClaimsPrincipalPermissionAttribute, how do I catch the SecurityException?

In my MVC application I have a Controller Action that Deletes a customer, which I'm applying Claims Based Authorization to using WIF. Problem: if someone doesn't have access they see an exception in the browser (complete with stacktrace), but I'd rather just redirect them. This works and allows me t...
Ryan Roark
1

votes
2

answer
393

Views

Custom STS for Web SSO

We have an Internet facing Web Application running, and recently our company made some agreements with a 3rd-party company which owns another web site. The idea is to provide access to this external web site to our current customers. Our users will click on an internal link in our solution which wil...
user1365571
1

votes
1

answer
2k

Views

ADFS 2.0 - Customize Home Realm Discovery Page

I hate the default looks of the Home Realm Discovery (Claims Provider Selection screen) page when multiple STS are added to the ADFS 2.0 Snapin. Below is the default Can this be Customized. Such that it redirects to somepage.aspx where i can login with username and password. Then it returns the clai...
Deeptechtons
1

votes
1

answer
167

Views

Does windows Azure ACS WIF .net 4.5 support a relying party with WIF 3.5?

I am thinking of implementing SSO using Azure access control. But some of the web applications are in .net 3.5. Does Azure ACS based STS support WIF 3.5 Relying Party?
user1893509

View additional questions