How to configure signing/encrypting security token which is exchanged between WCF service (as RP) and ADFS (as IdP)? RRS feed

  • 質問

  • Before explaining my question, let me say the background in the beginning.

    I have already successfully called claims-aware WCF service from simple client application.
    In this case, I used ADFS as Id Provider (IdP), and it is configured as following:

    Trust Relationships
    +Claims Provider Trust
    ++Active Directory: (Default)
    +Relying Party Trust
    ++ClaimsAwareWebService : (Manually added)
    +++[Identitifiers] tab
    ++++ (All urls of *.svc are registered)
    ++++(Certificatie of an application server which the WCF service resides on)

    My question is that :
    1) How to disable encrypting security token which exchange between WCF web service and ADFS?
    2) How to enable signing the token? (Same as above)

    I tried removing certificate from [Encryption] tab in ADFS Relying Party configuration. After that WCF service call fails. I believe I need to change web.config for WCF service, but I
    m not sure how should I edit it.

    I also add certificate to [Signature] tab in ADFS Relying Party configuration and sniff http/https packet with Fiddler. But there is no difference between after and before. It also needs to change web.config.

    My Environment:
    IdP) Windows Server 2012 Std + AD FS 2.1 + .NET Framework 4.5
    RP) Windows Server 2012 Std + IIS8 + ASP.NET + .NET Framework 4.5

        <serviceMetadata httpGetEnabled="false" httpsGetEnabled="true"/>
        <serviceDebug includeExceptionDetailInFaults="true"/>
        <serviceCredentials useIdentityConfiguration="true">
          <serviceCertificate findValue="CN=xxxxxx(same as in encryption tab)" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectDistinguishedName" />

    Please help me out if someone knows.

    2013年3月8日 8:15


  • Hello CEFED,

    Thank you for posting your question to JP MSDN Forum.
    However, unfortunately, I’m afraid it may be difficult for you getting a reply since people usually use Japanese here.

    Please click below to find an appropriate forum(category) depending on the type of your question.

    MSDN Forum <en-us>

    I hope you find some useful information! Thank you.
     Akira Saeki - Moderator (MSKK)

    • 編集済み 佐伯玲 2013年3月8日 8:30
    • 回答としてマーク 佐伯玲 2013年3月8日 8:31
    2013年3月8日 8:21