Tuesday, September 11, 2012 1:56 PM
I have a working ADFS machine. I want to construct a passive request that will generate a saml 2.0 token.
the following request:
generates the error: "Microsoft.IdentityServer.Protocols.Saml.NoAuthenticationContextException: MSIS7040: None of the requested authentication types are supported by the server."
yet if I change the request to:
It works but the token generated by ADFS is SAML 1.0.
What is the correct form to construct a request for passive federation with SAML 2.0 tokens?
Friday, September 14, 2012 8:26 PM
ADFS 2.0 will not send SAML2 tokens to WS-Fed RPs. It will always be a SAML1 Token.
It does (and should) use SAML2 Tokens with SAML2 protocol partners.
Saturday, September 15, 2012 5:40 PM
The above url was not used in a WCF scenario (WS Federation) but in a simple asp.net passive web site.
Do you mean that passive federation always use SAML 1.1?
Saturday, September 15, 2012 6:38 PM
To be as precise as I dare: ADFS 2.0 when using passive (WS-Federation 1.2, chapter 13) sends only 1.1 Tokens. There are all kind of historical reasons for that. If you really need 2.x Tokens, then you will have to use a Custom STS. Nothing against it, but why would you want to (just curious)?