Set ClaimTypesRequested in Organizational Accounts On-Premises Federation

别说谁变了你拦得住时间么 提交于 2019-12-08 12:04:36

问题


I'm trying to create a relying party web application which will use a local ADFS as its issuer. Doing this in Visual Studio 2012 was fairly easy using the tooling that was provided. Now I'm trying to do the same thing in Visual Studio 2013, and the experience is a little different. Basically I've followed the steps outlined in this blog post.

What I noticed is that there is no FederationMetadata.xml file in the project, and when I browsed through the files generated by the template, I found IdentityConfig which I assume provides the configuration which will then be used to generate the FederationMetadata.xml file at runtime...?

One last thing which is very important for me is that I need to have a <fed:ClaimTypesRequested> section so that my relying party application can set its required claims. How do I do that if I do not have a FederationMetadata.xml file in the project?

Thanks.


回答1:


Yup - noticed that as well - I presume it's because the standard metadata path doesn't fit with MVC routing?

The fed:ClaimTypesRequested section is just for documentation. The claims your application receives are determined by the ADFS claims rules configuration.

Update:

No - authentication is login / password. The other attributes in AD are just for authorization. The only reason that ADFS does not send a configured claim is that it is null i.e. the attribute is not populated.

Yes - you can augment the claim set. You can add static claims via ADFS claims rules e.g. claims that are not in AD. You can also add claims on the RP side as you mention.



来源:https://stackoverflow.com/questions/24020091/set-claimtypesrequested-in-organizational-accounts-on-premises-federation

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!