ws-trust

SAP SAML authentication doesn't accept WS-TRUST URI token

有些话、适合烂在心里 提交于 2020-04-17 04:17:37
问题 We have a SSO setup between SAP Netweaver and ADFS (acting as the STS). So, some user will login on a custom ASP.Net application and this application will request a SAML assertion from ADFS to access the SAP system. The thing is that according to SAP documentation the relying party identifier of the SAP system is not an URL (its just a name), and that way is specified en ADFS (eg: SAPSYSTEMRPID). How on earth I can get a token issued using WS-TRUST (which is what ADFS provides) when the

SAP SAML authentication doesn't accept WS-TRUST URI token

时间秒杀一切 提交于 2020-04-17 04:17:23
问题 We have a SSO setup between SAP Netweaver and ADFS (acting as the STS). So, some user will login on a custom ASP.Net application and this application will request a SAML assertion from ADFS to access the SAP system. The thing is that according to SAP documentation the relying party identifier of the SAP system is not an URL (its just a name), and that way is specified en ADFS (eg: SAPSYSTEMRPID). How on earth I can get a token issued using WS-TRUST (which is what ADFS provides) when the

Securing WCF 4.5 service using Azure ACS 2.0 [duplicate]

本秂侑毒 提交于 2019-12-18 13:48:16
问题 This question already has an answer here : Azure Active Directory and WCF [closed] (1 answer) Closed 6 years ago . How can I secure my WCF 4.5 service using Azure ACS 2.0? 回答1: Here is a basic tutorial: WCF (SOAP) Service With Federated Authentication Then you can look at samples by Dominick Baier and Brock Allen here: Thinktecture.IdentityModel.45. Also you can try to use Visual Studio tool for adding STS reference and point it to Azure ACS. AFAIK endpoint Uri is something like this for

Signed SOAP header has two BinarySecurityTokens (when in fact it could and should have one)

情到浓时终转凉″ 提交于 2019-12-13 20:24:16
问题 I'm trying to requests a security token from a STS service. The service is 3rd party, so I can't modify it, check logs, etc. The resulting request SOAP message looks almost identical to a sample request I have. It's only that there are two BinarySecurityToken elements added with identical values , while the proper request contains only one token. The SOAP message looks like this: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" xmlns:u="http://docs.oasis-open.org/wss/2004/01

What are the security implications of establishSecurityContext=“False” and negotiateServiceCredential=“False”

泪湿孤枕 提交于 2019-12-11 08:56:11
问题 We've set establishSecurityContext="False" and negotiateServiceCredential="False" on a wsHttpBinding . In a setup where every single web service call involves connecting and disconnecting, this reduces the number of requests per web service call from 5 to 1, providing a significant performance improvement. The client has been configured to know the server identity via the identity node: <endpoint address="..." behaviorConfiguration="..." binding="wsHttpBinding" bindingConfiguration="..."

Call WCF service with issued token

荒凉一梦 提交于 2019-12-11 05:18:21
问题 I attempt the following: A WCF client calls a STS and gets SAML assertion The client calls a service using the SAML assertion Now I have implemented the scenario above as three LinqPad scripts: client.linq , sts.linq (self hosted WCF service) and service.linq (self hosted WCF service). They can all be found at https://github.com/codeape2/WCF_STS I need some help getting this to work. Using the following code in client.linq , I am able to call my STS and get a SAML assertion: SecurityToken

Azure Active Directory and WCF [closed]

余生长醉 提交于 2019-12-11 03:37:03
问题 Closed. This question is off-topic. It is not currently accepting answers. Want to improve this question? Update the question so it's on-topic for Stack Overflow. Closed 6 years ago . How can I secure a WCF service using Azure Active Directory: My Status: - My WCF service that contains the business logic is hosted on Azure WebRole. I want your help to do the following: Configure my WCF Service in Azure to federate the authentication process to Azure Active directory. Configure my WCF Client

Is identity delegation via WS-Trust/ActAs supported in ACS?

断了今生、忘了曾经 提交于 2019-12-02 08:10:53
问题 I'm just getting started with claims-based security and have a question related to identity delegation. I've managed to set up a local dummy STS and a couple of WCF services that relies on it for authentication. A web application authenticates the user via the STS and makes a call to Service A on behalf of the user (using ChannelFactory.CreateChannelActingAs). This works fine. Now I would like to use Azure Access Control Service (ACS) as a federation provider and sign in using a Google

what protocol to use with ADFS when security webapi for non-browser clients

匆匆过客 提交于 2019-12-02 04:02:06
问题 Our webapi endpoints are used for both browser based clients (angular) and non-browser based clients (restsharp) and the webapi are currently secured using passive WS-Federation as the protocol and ADFS as the STS. We currently use a rather convoluted workaround for the restsharp clients since passive WS-Federation really isn't optimal for non-browser clients so we would like to find a better way to secure our webapi endpoints for these types of clients without having to replace ADFS or add

Is identity delegation via WS-Trust/ActAs supported in ACS?

萝らか妹 提交于 2019-12-02 03:21:19
I'm just getting started with claims-based security and have a question related to identity delegation. I've managed to set up a local dummy STS and a couple of WCF services that relies on it for authentication. A web application authenticates the user via the STS and makes a call to Service A on behalf of the user (using ChannelFactory.CreateChannelActingAs ). This works fine. Now I would like to use Azure Access Control Service (ACS) as a federation provider and sign in using a Google account (or whatever) instead, getting rid of the dummy STS altogether. I'm able to authenticate to the web
订阅 ws-trust