ws-federation

问题 I am working on a project that uses ws_federation and SAML to authenticate to a Identity Provider running on a IIS server running on .net called thinktecture I need to write a Java Service Provider that sends a SAML authentication request to the Identity Provider and get the SAML response back on my java web app. I need to know if there are any good libraries to validate SAML and mabye some direction on setting it up or links to a tutorial on getting started. I have tries spring_security-saml

问题 I'm working on federating an application with various areas and extremely fine-grained permissions. Each of the various areas has a federated WCF endpoint to communicate back to the server. Because of the fine grained permissions, a single token containing all of the permissions can be as large as 1MB, maybe more. Requirements dictate that the user's username and password credentials must not be held within our code base after the initial log in process. The permissions cannot be combined to

问题 I am getting following error while logging out (signing out) in ASP .NET Core 2.1 application No sign-out authentication handler is registered for the scheme 'Federation'. The registered sign-out schemes are: WsFederation, Cookies. Did you forget to call AddAuthentication().AddCookies("Federation",...) Here is a code snippet in my Startup.cs public void ConfigureServices(IServiceCollection services) { services.AddAuthentication(sharedOptions => { sharedOptions.DefaultScheme =

问题 I am trying to authenticate user by Azure AD using WS-federation. I've implemented multiple authentication schemes and redirect the user to the respective schemes using Challenge(). return Challenge(new AuthenticationProperties { RedirectUri = "http://localhost:57826/Account/AzureADLogin"}, authenticationScheme); This can redirect me to the Microsoft login page and after successful login, it redirects me to the action method AzureADLogin(). But somehow in AzureADLogin(), I could not able to

问题 I have implemented multiple authentication scheme under my .net core application. services.AddAuthentication( sharedOptions => { sharedOptions.DefaultScheme = Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationDefaults.AuthenticationScheme; sharedOptions.DefaultSignInScheme = Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationDefaults.AuthenticationScheme; }) .AddCookie() .AddWsFederation("AuthenticationScheme1", options => { options.Wtrealm = tenantList.Find(m => m

问题 I'm trying to setup integrated OWIN WS-Federation (ADFS) authentication in a new MVC 5 project in Visual Studio 2013. WsFederation in Startup.Auth is configured as follows: app.UseWsFederationAuthentication(wtrealm: "MyRealm", metadataAddress: "https://myADFSInstanceHost/FederationMetadata/2007-06/FederationMetadata.xml"); Federation button at login page works fine. ADFS login page is achievable, i can log in there. Required cookies seems to being set properly. At least there is passed

问题 I'm trying to setup integrated OWIN WS-Federation (ADFS) authentication in a new MVC 5 project in Visual Studio 2013. WsFederation in Startup.Auth is configured as follows: app.UseWsFederationAuthentication(wtrealm: "MyRealm", metadataAddress: "https://myADFSInstanceHost/FederationMetadata/2007-06/FederationMetadata.xml"); Federation button at login page works fine. ADFS login page is achievable, i can log in there. Required cookies seems to being set properly. At least there is passed

问题 ADFS 2.0, WIF (WS-Federation), ASP.NET: There is no http modules or any IdentityFoundation configuration defined in a web.config (like most WIF SDK samples show), instead everything is done via program code manually using WSFederationAuthenticationModule, ServiceConfiguration and SignInRequestMessage classes. I do http redirect to ADFS in a code and it seems to work fine, returning claims and redirecting user back to my web site with serialized claims in http request. So the question is how

问题 Is it possible to exchange an OAuth2 access token (or OpenID Connect id_token) for a WS-* SAML token? Here is our specific scenario that we would like to accomplish: A user has been authenticated using an OpenID Connect endpoint and issued an id_token. The same user has been authorized using an OAuth 2 endpoint and issued an access token. A single-page application (SPA) requests data from a secured ASP.NET Web API and it sends the id_token and access token. Here's the question/tricky part :

问题 We have multitenant asp.net MVC web site which supports multiple partners. Currently we are using forms authentication to authenticate users. Now some of the partners have asked for single sign on support with SAML. I did quick POC to test it against “Thinktecture” identity provider. All I did was to install “Identity and access” extension for VS 2012 and configure the identity provider. I noticed that the extension added configuration settings like URL of the IP and realm in the web.config