ADFS2.0 URL to send RST(RequestSecurityToken)
-
06 Maret 2012 21:47
I worked on implementing SSO using ADFS2.0 and SAML2.0 last June. Since then I haven't had chance to visit here. Now I am working on WS security using Java, ADFS2.0 and SAML2.0. I know here is .NET world, but my question is about ADFS. Suppose, I build RST and wrapped inside soap and try to send it to ADFS using following code. What is address for RST in ADFS? When I send my AuthnRequest, I send it to https://strts01.sma.dev/adfs/ls/. Should I use same URL for RST? I just started WS security work and don't know much about this.
var client = new WebClient();
client.Headers.Add("Content-Type", "application/soap+xml; charset=utf-8");
var client = new WebClient();
client.Headers.Add("Content-Type", "application/soap+xml; charset=utf-8");
var result = client.UploadString(
address: "https://yourcompany.com/adfs/services/trust/",
method: "POST",
data: soapMessage);Thanks.
Gina
Gina Choi
Semua Balasan
-
07 Maret 2012 5:09 http://www.leastprivilege.com/WIFADFS2AndWCFndashPart1Overview.aspx
Dominick Baier | thinktecture | http://www.leastprivilege.com
- Ditandai sebagai Jawaban oleh Gina Choi 13 Maret 2012 15:11
-
13 Maret 2012 15:14
Hi Dominick,
Thank you very much for your prompt response. I am trying to use https://strts01.wke.dev/adfs/services/trust/13/windowsmixed, but I am seeing
https://strts01.wke.dev/adfs/services/trust/2005/windowsmixed as well. How should I choose one over another(13 vs 2005)? Where can I get more information about windowsmixed?
Thanks.
Gina
Gina Choi
-
13 Maret 2012 15:33
The difference is the WS-Trust version (1.3 vs Feb2005) - typically you should use 1.3.
WindowsMixed means that it does Windows integrated authentication using mixed mode security (TransportWithMessageCredential in WCF).
Dominick Baier | thinktecture | http://www.leastprivilege.com
- Ditandai sebagai Jawaban oleh Gina Choi 13 Maret 2012 16:07
-
14 Maret 2012 16:42
I copied following xml for RequestSecurityToken from Internet and I try to build similar one with
Java. I am going to send it to my ADFS(URL: https://strts01.wke.dev/adfs/services/trust/13/windowsmixed)
to get RequestSecuriytTokenResponse which contains SAML2.0 assertion token. I
would like to verify if values for xmlns:trus, keyType, RequestType are correct
since I am using WS-Trust version 1.3 for my ADFS URL. Is it ok to use http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue?
or there is something like http://docs.oasis-open.org/ws-sx/ws-trust/13/Issue
around?<o:p></o:p>
<trust:RequestSecurityToken
xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">
<wsp:AppliesTo xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
<a:EndpointReference>
<a:Address>https://mycompany.com</a:Address>
</a:EndpointReference>
</wsp:AppliesTo>
<trust:KeyType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Bearer</trust:KeyType>
<trust:RequestType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue</trust:RequestType>
<trust:TokenType>urn:oasis:names:tc:SAML:2.0:assertion</trust:TokenType>
</trust:RequestSecurityToken><o:p></o:p>
Gina Choi
