ws-federation

How to validate WS-Federation SAML tokens with Java Service Provider

最后都变了- 提交于 2021-02-17 20:55:20
问题 I am working on a project that uses ws_federation and SAML to authenticate to a Identity Provider running on a IIS server running on .net called thinktecture I need to write a Java Service Provider that sends a SAML authentication request to the Identity Provider and get the SAML response back on my java web app. I need to know if there are any good libraries to validate SAML and mabye some direction on setting it up or links to a tutorial on getting started. I have tries spring_security-saml

Authenticate to STS by Issued Token

假装没事ソ 提交于 2021-02-08 09:26:05
问题 I'm working on federating an application with various areas and extremely fine-grained permissions. Each of the various areas has a federated WCF endpoint to communicate back to the server. Because of the fine grained permissions, a single token containing all of the permissions can be as large as 1MB, maybe more. Requirements dictate that the user's username and password credentials must not be held within our code base after the initial log in process. The permissions cannot be combined to

SignOut (LogOut) Error in AspNetCore 2.1 with WsFederation

Deadly 提交于 2021-01-29 04:00:57
问题 I am getting following error while logging out (signing out) in ASP .NET Core 2.1 application No sign-out authentication handler is registered for the scheme 'Federation'. The registered sign-out schemes are: WsFederation, Cookies. Did you forget to call AddAuthentication().AddCookies("Federation",...) Here is a code snippet in my Startup.cs public void ConfigureServices(IServiceCollection services) { services.AddAuthentication(sharedOptions => { sharedOptions.DefaultScheme =

Getting NULL Identity while authenticating user via Azure AD authentication

痞子三分冷 提交于 2020-06-29 04:37:45
问题 I am trying to authenticate user by Azure AD using WS-federation. I've implemented multiple authentication schemes and redirect the user to the respective schemes using Challenge(). return Challenge(new AuthenticationProperties { RedirectUri = "http://localhost:57826/Account/AzureADLogin"}, authenticationScheme); This can redirect me to the Microsoft login page and after successful login, it redirects me to the action method AzureADLogin(). But somehow in AzureADLogin(), I could not able to

How to authorize user in multiple authentication scheme?

风流意气都作罢 提交于 2020-03-05 04:27:12
问题 I have implemented multiple authentication scheme under my .net core application. services.AddAuthentication( sharedOptions => { sharedOptions.DefaultScheme = Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationDefaults.AuthenticationScheme; sharedOptions.DefaultSignInScheme = Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationDefaults.AuthenticationScheme; }) .AddCookie() .AddWsFederation("AuthenticationScheme1", options => { options.Wtrealm = tenantList.Find(m => m

MVC5 OWIN ws-federation AuthenticationManager.GetExternalLoginInfoAsync() returns null

房东的猫 提交于 2020-01-24 04:37:46
问题 I'm trying to setup integrated OWIN WS-Federation (ADFS) authentication in a new MVC 5 project in Visual Studio 2013. WsFederation in Startup.Auth is configured as follows: app.UseWsFederationAuthentication(wtrealm: "MyRealm", metadataAddress: "https://myADFSInstanceHost/FederationMetadata/2007-06/FederationMetadata.xml"); Federation button at login page works fine. ADFS login page is achievable, i can log in there. Required cookies seems to being set properly. At least there is passed

MVC5 OWIN ws-federation AuthenticationManager.GetExternalLoginInfoAsync() returns null

社会主义新天地 提交于 2020-01-24 04:37:11
问题 I'm trying to setup integrated OWIN WS-Federation (ADFS) authentication in a new MVC 5 project in Visual Studio 2013. WsFederation in Startup.Auth is configured as follows: app.UseWsFederationAuthentication(wtrealm: "MyRealm", metadataAddress: "https://myADFSInstanceHost/FederationMetadata/2007-06/FederationMetadata.xml"); Federation button at login page works fine. ADFS login page is achievable, i can log in there. Required cookies seems to being set properly. At least there is passed

How to grab serialized in http request claims in a code using WIF?

僤鯓⒐⒋嵵緔 提交于 2020-01-15 11:54:48
问题 ADFS 2.0, WIF (WS-Federation), ASP.NET: There is no http modules or any IdentityFoundation configuration defined in a web.config (like most WIF SDK samples show), instead everything is done via program code manually using WSFederationAuthenticationModule, ServiceConfiguration and SignInRequestMessage classes. I do http redirect to ADFS in a code and it seems to work fine, returning claims and redirecting user back to my web site with serialized claims in http request. So the question is how

Exchange an OAuth2 access token (or OpenID Connect id_token) for a WS-* SAML token?

心已入冬 提交于 2020-01-06 03:03:27
问题 Is it possible to exchange an OAuth2 access token (or OpenID Connect id_token) for a WS-* SAML token? Here is our specific scenario that we would like to accomplish: A user has been authenticated using an OpenID Connect endpoint and issued an id_token. The same user has been authorized using an OAuth 2 endpoint and issued an access token. A single-page application (SPA) requests data from a secured ASP.NET Web API and it sends the id_token and access token. Here's the question/tricky part :

Authentication against multiple identity providers using WSFederationAuthenticationModule for asp.net

旧巷老猫 提交于 2020-01-04 02:31:05
问题 We have multitenant asp.net MVC web site which supports multiple partners. Currently we are using forms authentication to authenticate users. Now some of the partners have asked for single sign on support with SAML. I did quick POC to test it against “Thinktecture” identity provider. All I did was to install “Identity and access” extension for VS 2012 and configure the identity provider. I noticed that the extension added configuration settings like URL of the IP and realm in the web.config