adfs v3 configuration for asp.net application


using visual studio 2013 pro, update 2, we used the c# asp.net wizard to make a sso-enabled project, which at project creation time we configured as shown next:

image

This app is hosted on the IIS express service of the same windows host running ADFS v3.

image

Above, we show how we configured the RP – at the IDP.  one MUST take the option and turn ON ws-fed and one MUST enter the RP site’s ACS endpoint.

image

To make windows integration authentication actually work, we had to turn on forms authentication,  for all RPs, as show above. I suspect this just rests the service somehow.

This gives us confidence that ADFS is setup now to be a simple IDP for the (not public) rapmls.info domain.

image

Now, to ensure this IDP is setup properly to cooperate with the FP relay at microsoftonline, we make the organizationid variant of the same project

image

image

 

At this point, we have lots of  confidence that our ADFS is working well and cooperates well with a MicrosoftOnline STS/FP to land on a registered application of the domain (and office.microsoft.com portal site, too, not shown).

this allows us to showcase that INDEED the IDP –> FP to saml bearer flow at the oauth endpoint, from the so-called headclass client use case, DOES work.

image

 

See https://onedrive.live.com/redir?resid=5061D4609325B60!10656&authkey=!AC_k8xmZ6kPpZXo&ithint=file%2c.saz for fiddler trace.

Advertisements

About home_pw@msn.com

Computer Programmer who often does network administration with focus on security servers. Very strong in Microsoft Azure cloud!
This entry was posted in ADFS. Bookmark the permalink.