locked
send passive federation request to ADFS 2.0 for SAML 2.0 token RRS feed

All replies

  • ADFS 2.0 will not send SAML2 tokens to WS-Fed RPs. It will always be a SAML1 Token.

    It does (and should) use SAML2 Tokens with SAML2 protocol partners.


    Paul Lemmers

    Friday, September 14, 2012 8:26 PM
  • Thanks Paul

    The above url was not used in a WCF scenario (WS Federation) but in a simple asp.net passive web site.

    Do you mean that passive federation always use SAML 1.1?

    Manu


    Manu

    Saturday, September 15, 2012 5:40 PM
  • Yes.

    To be as precise as I dare: ADFS 2.0 when using passive (WS-Federation 1.2, chapter 13) sends only 1.1 Tokens. There are all kind of historical reasons for that. If you really need 2.x Tokens, then you will have to use a Custom STS. Nothing against it, but why would you want to (just curious)?


    Paul Lemmers

    Saturday, September 15, 2012 6:38 PM
  • The reason that I want to do this is because we need to get an OAuth token from another STS.  That STS only supports SAML 2.0 tokens.  http://blogs.msdn.com/b/bradleycotier/archive/2012/10/28/saml-2-0-tokens-and-wif-bridging-the-divide.aspx.  This links seems to give some good details but I have not tried it out yet.
    Thursday, April 17, 2014 1:23 PM