IdentityServer3 WS-federation with AzureAD

Question

I have already posted similar question but with not answer, probably due to very bad description.

I will try explain again: I am working on POC, where I want to authenticate user on WCF service layer logged in using AzureAD. User is logged in MVC application and than wants to call WCF service using channel with issued token(Issued by Azure AD). MVC application and WCF service uses identityserver 3 for authentication identityserver uses WsFederation to make federation with Azure AD.

My question is if I can call WCF service with issued token by AzureAd/IdentityServer or I have to request new one? Is it even possible? I am getting securityfault exception when trying to call WCF service. Thanks in advance for any help.

Fei Xue - MSFT Fei Xue - MSFT · Accepted Answer · 2016-10-09T11:18:53

Based on the description, you config the MVC and WCF to trust the IdentityServer3( Identity provider, STS) and make the federation between IdentityServer3 and Azure AD.

If I understood correctly, the token issue from IdentityServer3 should OK for your WCF service. However the token issue from Azure AD depends on how you acquire it. If you follow the federation service like steps below, it should also could work because the token will be replaced by your federation server. But if you acquire the token directly from Azure AD, it will not work since the WCF only trust the token from IdentityServer3.

IdentityServer3 WS-federation with AzureAD

1 Answers