问题
I'm trying to create a relying party web application which will use a local ADFS as its issuer. Doing this in Visual Studio 2012 was fairly easy using the tooling that was provided. Now I'm trying to do the same thing in Visual Studio 2013, and the experience is a little different. Basically I've followed the steps outlined in this blog post.
What I noticed is that there is no FederationMetadata.xml
file in the project, and when I browsed through the files generated by the template, I found IdentityConfig
which I assume provides the configuration which will then be used to generate the FederationMetadata.xml
file at runtime...?
One last thing which is very important for me is that I need to have a <fed:ClaimTypesRequested>
section so that my relying party application can set its required claims. How do I do that if I do not have a FederationMetadata.xml
file in the project?
Thanks.
回答1:
Yup - noticed that as well - I presume it's because the standard metadata path doesn't fit with MVC routing?
The fed:ClaimTypesRequested section is just for documentation. The claims your application receives are determined by the ADFS claims rules configuration.
Update:
No - authentication is login / password. The other attributes in AD are just for authorization. The only reason that ADFS does not send a configured claim is that it is null i.e. the attribute is not populated.
Yes - you can augment the claim set. You can add static claims via ADFS claims rules e.g. claims that are not in AD. You can also add claims on the RP side as you mention.
来源:https://stackoverflow.com/questions/24020091/set-claimtypesrequested-in-organizational-accounts-on-premises-federation