Comments (11)
It is not as easy as that. We also need to make sure the reply URL is legit. But I will open this as a todo.
from identityserver3.wsfederation.
I posted a similar issue into IdentityServer3 repo, which was obviously a wrong place for WS-Federation issues so I'll continue discussion here.
Any idea when this feature will be published?
from identityserver3.wsfederation.
Did you begin to code the solution for this issue? If not, I think if you implement a property in RelyingParty defining a pattern that match de wreply parameter would be a good idea. This is how JASIG CAS implements the OAtuh2 serviceId string. And then after the signout, you just redirect to the wreply url if it matches the reply url pattern.
from identityserver3.wsfederation.
I haven't started on it - and i have no ETA
from identityserver3.wsfederation.
Hi, i would really love this to be supported.
Right now we are having a market based client in IdentityServer3 (IDS3), with some markets supporting login. we are using IDS3 to give us open id connect support together with a relaying party (ADFS 2.0). Right now I'm looking into adding a map to the app builder used by identity server like this...
private void ConfigureWsFedRedirectEndpoint(IAppBuilder appBuilder)
{
appBuilder.Map(new PathString("/wsfedredirect"), (application) => application.Run((ctx) =>
{
var uri = new Uri("CLIENTBASEURI", UriKind.Absolute);
if (!string.IsNullOrEmpty(ctx.Request.Query.Get("market")))
{
uri = new Uri(uri, new Uri(string.Format("/{0}",ctx.Request.Query.Get("market")), UriKind.Relative));
}
ctx.Response.StatusCode = 301;
ctx.Response.Headers.Set("Location", uri.ToString());
return ctx.Response.WriteAsync("redirecting to client");
}));
}
And im using ADFS as an identity provider to IDS3 and setting the signoutwreply to "wsfedredirect and extracting the market using the notifications.
private WsFederationAuthenticationNotifications GetAdfsAuthenticationNotifications()
{
var notifications = new WsFederationAuthenticationNotifications()
{
RedirectToIdentityProvider = notification =>
{
if (notification.ProtocolMessage.IsSignOutMessage)
{
if (!string.IsNullOrEmpty(notification.ProtocolMessage.Wreply) &&
notification.ProtocolMessage.Wreply.Equals("WREPLY"))
{
notification.ProtocolMessage.Wreply += //EXTRACTING MARKET FROM COOKIE
}
}
return Task.FromResult(0);
}
};
return notifications;
}
Not sure how stable this solution is... But we will do load test on it and its not final yet.
from identityserver3.wsfederation.
Any progress on this? We are looking to implement a similar feature.
Thanks
from identityserver3.wsfederation.
Anyone want to propose a PR for this? If not, we will close this.
from identityserver3.wsfederation.
I am sorry but I did not have time to implement something. It is OK to close it.
from identityserver3.wsfederation.
I could look at re-opening and finishing #44 - I believe all that needs changing is defining the list of valid reply URLs per relying party instead of a global list. This method does present some issues if the user logs out multiple times. We have been successfully using a fork with the above changes in production for 5 months.
If there is interest, I'll find some time to pick the PR up again.
from identityserver3.wsfederation.
Unfortunately I don't have time for this right now, but I would be very appreciate if someone has. This is something that we still need.
from identityserver3.wsfederation.
This seems to be covered by #60
from identityserver3.wsfederation.
Related Issues (20)
- Missing AuthenticationStatement with external provider HOT 4
- WsFederationServiceFactory IUserService registration HOT 4
- 2.3.0 is throwing exceptions while retrieving metadata using /wsfed/metadata HOT 2
- Minor tweak in SignInResponseGenerator for testing purposes HOT 4
- Multiple and wildcard replyURLs for Relying Parties using WS-Fed HOT 9
- Consider passing sid to signout endpoint
- Question: The requested resource does not support http method 'POST' when adfs redirects back to wsfed endpoint HOT 2
- WS-Fed Endpoint usernamemixed HOT 3
- Add Client Id to LocalAuthenticationContext SignInMessage using WSFederation HOT 6
- Question: Ignoring ReturnUrl Parameter HOT 2
- Restrict identity providers HOT 5
- ASP.Net Core support? HOT 2
- WS-Federation not getting redirected to client application HOT 2
- Sign Out not invoked on WsFed RP's HOT 23
- Error Page for CustomRequestValidator HOT 2
- Windows Server 2008 r2 /wsfed url being served as a static file by IIS HOT 1
- WS-Federation signin response exception (SharePoint 2013) HOT 4
- Silent sign-in HOT 2
- FedAuth Cookie is empty HOT 2
- WsFederationController conflict with IdentityServer3 Admin
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from identityserver3.wsfederation.