How to federate SelfSTS with ADFS v2.0

3
votes

Has anyone successfully managed to do this?

SelfSTS is a WCF application not a ASP.NET one and there don't seem to be many examples or code samples for doing WCF integration?

It would be really useful because SelfSTS allows you to dynamically create combinations of claims which is really useful for unit testing.

Update:

Here's the problem:

The Federation metadata provided by SelfSTS is a http URL not https so you have to save the xml to a file. If you input the http URL to ADFS when adding a Claims Provider trust, it will throw an error stating that it will only accept https.

When you import data from a file, ADFS complains that some of the federation metadata was skipped because it is not supported by ADFS.

I then add pass through rules for Name and Email.

SelfSTS now appears in the list of Claims Providers.

However, when I view the properties, it does not have an endpoint. All my other STS in the list have an endpoint of WS-Federation Passive. (None of these are WCF). I would have expected SelfSTS to have an endpoint of WS-Trust?

If I then connect to an application configured as a RP in my ADFS, the Home Realm Discovery dropdown contains entries for all my passive Claims Providers but there is no entry for SelfSTS?

1
adfsadfs2.0
Are you encountering a specific problem or error? Or are you only asking in general whether someone has done this? Also, what is the exact configuration in which you want to use SelfSTS. Do you want to unit test a scenario where AD FS redirects to an external STS, configured as a Claims Provider Trust in AD FS? In that case it doesn't matter much that SelfSTS is a WCF application, it seems: as long as it implements WS-Federation (and from the docs it looks like it does), AD FS can federate with it. So why would you need any "examples or code samples for doing WCF integration"?MarnixKlooster ReinstateMonica
Title of the question is good, but I am unsure about what your are asking when reading the text. As far as I know, ADFS does the federation, and STS the authentication.Frode Stenstrøm
I wanted to do this to build up a list of claims providers federated to ADFS for demos, unit tests etc. You cannot federate SelfSTS to ADFS as per the reasons above, You can however federate SelfSTS with ACS and ACS with ADFS thereby achieving the object with one extra hop. The real point of my question was : "Why does ADFS not federate with SelfSTS?". Is this by design or a bug?rbrayb

1 Answers

0
votes

I have no idea about SelfSTS. But it may help you to create custom STS and register it standard way in ADFS as Claim Provider Trust. There you can also define what claims you want to return in code.

References: http://code.msdn.microsoft.com/Custom-Token-ddce2f55
http://edo-van-asseldonk.blogspot.cz/2011/10/add-custom-sts-to-adfs.html
http://chris.59north.com/post/2013/04/09/Building-a-simple-custom-STS-using-VS2012-ASPNET-MVC.aspx