Comments (14)
There are some other threads in the core repo that ask about this. Of course, they're using OIDC for the protocol. We don't have a sample for this, but the approach would be to use the acr_values to indicate you want this "delegation" and use PreAuthN like you suggest to get the user logged in without credentials. So I think you're on the right track.
from identityserver3.wsfederation.
We don't support custom parameters for WS-Federation. We do for OIDC.
Check the ws-fed spec if you find a suitable parameter that could be used for extensibility.
from identityserver3.wsfederation.
I think I would like to make use of either the wfed or maybe the legacy wres parameter. Not sure how to get these passed through from the RP side yet (using Microsoft.Owin.Security.WsFederation)
wfed -> SignInRequestMessage.Federation (context id or any string?)
wres -> SignInRequestMessage.Resource (legacy/unused?)
Anything where a value could be passed all the way through would be useful...
from identityserver3.wsfederation.
If you're going to update the WS-Fed RP to pass custom params, why can't you update it for OIDC?
from identityserver3.wsfederation.
Aiming to get full stack implementation working using WsFed for now, OIDC would be a bit further down the line
Plugging in "wfed" as an option for RP by overriding WsFederationAuthenticationHandler was quite straightforward actually. Most things there are virtual.
from identityserver3.wsfederation.
What kind of extra data do you want to pass to the wsfed endpoint?
Sent from my iPhone
On 02.02.2015, at 18:39, rayph [email protected] wrote:
Aiming to get full stack implementation working using WsFed for now, OIDC would be a bit further down the line
Plugging in "wfed" as an option for RP by overriding WsFederationAuthenticationHandler was quite straightforward actually. Most things there are virtual.
—
Reply to this email directly or view it on GitHub.
from identityserver3.wsfederation.
I'm thinking of using an encrypted(url-safe) bit of data that the UserService.PreAuthenticateAsync can act on. It may automatically authenticate the user as a guest login for instance.
from identityserver3.wsfederation.
It would be pretty handy if "wfed" was forwarded by the WsFederationController maybe as LoginHint or perhaps an entirely new property on SignInMessage to the AuthenticationController. I imagine other folks might want to forward a parameter from the RP like this or am I doing completely unexpected?
from identityserver3.wsfederation.
Why do you need to make a round trip to idsrv for signing in someone as a guest wouldn't it be easier to just set a local cookie for the guest in your app?
Sent from my iPhone
On 02.02.2015, at 19:24, rayph [email protected] wrote:
I'm thinking of using an encrypted(url-safe) bit of data that the UserService.PreAuthenticateAsync can act on. It may automatically authenticate the user as a guest login for instance.
—
Reply to this email directly or view it on GitHub.
from identityserver3.wsfederation.
We have multiple apps - also being able to sign-in as a particular account without actually asking for credentials is something we need to provide
from identityserver3.wsfederation.
I will look into it - in general i am not opposed to being able to pass custom data - but i don't think the wfed
parameter is the right one. Looking at the spec - none of them seem right. So we might also just re-use acr_values
.
from identityserver3.wsfederation.
Yes, none of the standard parameters feel quite right. The acr_values sounds interesting but I would be hoping for a convenient way to pass it through from the RP, right now I set WsFederationMessage.Wfed to the custom value and it gets forwarded/serialised as per the spec. Would I instead manually append "acr_values" query string parameter to the sign in redirect url? and would having a 'weird' value in SignInMessage.AcrValues cause issues elsewhere in IdSrv (or is it better to have a specific property for this)?
from identityserver3.wsfederation.
done on dev. will push a 1.1 nuget soon
from identityserver3.wsfederation.
Very helpful. Thanks!
from identityserver3.wsfederation.
Related Issues (20)
- Missing AuthenticationStatement with external provider HOT 4
- WsFederationServiceFactory IUserService registration HOT 4
- 2.3.0 is throwing exceptions while retrieving metadata using /wsfed/metadata HOT 2
- Minor tweak in SignInResponseGenerator for testing purposes HOT 4
- Multiple and wildcard replyURLs for Relying Parties using WS-Fed HOT 9
- Consider passing sid to signout endpoint
- Question: The requested resource does not support http method 'POST' when adfs redirects back to wsfed endpoint HOT 2
- WS-Fed Endpoint usernamemixed HOT 3
- Add Client Id to LocalAuthenticationContext SignInMessage using WSFederation HOT 6
- Question: Ignoring ReturnUrl Parameter HOT 2
- Restrict identity providers HOT 5
- ASP.Net Core support? HOT 2
- WS-Federation not getting redirected to client application HOT 2
- Sign Out not invoked on WsFed RP's HOT 23
- Error Page for CustomRequestValidator HOT 2
- Windows Server 2008 r2 /wsfed url being served as a static file by IIS HOT 1
- WS-Federation signin response exception (SharePoint 2013) HOT 4
- Silent sign-in HOT 2
- FedAuth Cookie is empty HOT 2
- WsFederationController conflict with IdentityServer3 Admin
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from identityserver3.wsfederation.