using visual studio 2013 pro, update 2, we used the c# asp.net wizard to make a sso-enabled project, which at project creation time we configured as shown next:
This app is hosted on the IIS express service of the same windows host running ADFS v3.
Above, we show how we configured the RP – at the IDP. one MUST take the option and turn ON ws-fed and one MUST enter the RP site’s ACS endpoint.
To make windows integration authentication actually work, we had to turn on forms authentication, for all RPs, as show above. I suspect this just rests the service somehow.
This gives us confidence that ADFS is setup now to be a simple IDP for the (not public) rapmls.info domain.
Now, to ensure this IDP is setup properly to cooperate with the FP relay at microsoftonline, we make the organizationid variant of the same project
At this point, we have lots of confidence that our ADFS is working well and cooperates well with a MicrosoftOnline STS/FP to land on a registered application of the domain (and office.microsoft.com portal site, too, not shown).
this allows us to showcase that INDEED the IDP –> FP to saml bearer flow at the oauth endpoint, from the so-called headclass client use case, DOES work.