presently we have ADFS 3.0 acting as federation gateway among multiple client IDPs and our web application. So in summary, for client IDPs our ADFS act as Relying Party, while for our in house .net based web applications (taking advantage of WIF framework), our ADFS act as IDP. Finally when user ends up on web application, we receive all transformed claims from client IDPs. One of our client IDP uses SAML protocol, which is nicely converted to WIF claims by ADFS and web application can read these claims. But we have new requirement, where we will also need to read untouched SAML Protocol response which is http-posted to ADFS by client IDP during SSO handshake. During this HTTP POST on ADFS, we receive SAMLResponse and RelayState as 2 different parameters. Now this message is converted to WIF based params (wa, wresult, wctx) by ADFS and posted to our web applications. Our web application acting as relying party on ADFS 3.0 is configured with WS-Federation Passive Endpoints. There is possibility of adding additional SAML Assertion Consumer. But I am not sure how I can mix and match multiple endpoints? Any idea how I will get SAMLResponse parameter which was originally posted on ADFS. Is it achievable?
Thanks in advance!
