Comments (4)
brockallen
commented on May 30, 2024
Well, that error is coming from the browser and not from any of our code. Having said that, it's a legit error -- you should not be running the RP (or the STS) over HTTP; you should always be using HTTPS.
The only reason it's not using HTTPS for the RP is because it's not configured that way in the RP config in IdentityServer.
I can sort of understand in development not using SSL, but then you won't really be developing and testing how you will eventually deploy. Also, it's not that hard to get SSL working in VS and IIS Express.
from identityserver3.wsfederation.
cristian-eriomenco
commented on May 30, 2024
@brockallen Yes its not a problem to setup an SSL while development but why should the RP strictly use HTTPS? Isn't this a limitation after all?
from identityserver3.wsfederation.
brockallen
commented on May 30, 2024
The RP needs SSL because tokens are being sent to it. Do you want those tokens sent over the plaintext shared network? I don't. Also, what about the cookie it issues to log the user in? What about the content it's showing to the user? If you're not using SSL then all of that is basically leaked onto the shared plaintext network.
from identityserver3.wsfederation.
cristian-eriomenco
commented on May 30, 2024
@brockallen Thank you very much for explaination.
from identityserver3.wsfederation.
Related Issues (20)
- Missing AuthenticationStatement with external provider HOT 4
- WsFederationServiceFactory IUserService registration HOT 4
- 2.3.0 is throwing exceptions while retrieving metadata using /wsfed/metadata HOT 2
- Minor tweak in SignInResponseGenerator for testing purposes HOT 4
- Multiple and wildcard replyURLs for Relying Parties using WS-Fed HOT 9
- Consider passing sid to signout endpoint
- Question: The requested resource does not support http method 'POST' when adfs redirects back to wsfed endpoint HOT 2
- WS-Fed Endpoint usernamemixed HOT 3
- Add Client Id to LocalAuthenticationContext SignInMessage using WSFederation HOT 6
- Question: Ignoring ReturnUrl Parameter HOT 2
- Restrict identity providers HOT 5
- ASP.Net Core support? HOT 2
- WS-Federation not getting redirected to client application HOT 2
- Sign Out not invoked on WsFed RP's HOT 23
- Error Page for CustomRequestValidator HOT 2
- Windows Server 2008 r2 /wsfed url being served as a static file by IIS HOT 1
- WS-Federation signin response exception (SharePoint 2013) HOT 4
- Silent sign-in HOT 2
- FedAuth Cookie is empty HOT 2
- WsFederationController conflict with IdentityServer3 Admin
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from identityserver3.wsfederation.