Wednesday, November 12, 2014

IdentityServer: two different WS-Fed endpoints

So I've been using thinktecture's IdentityServer for a project.

First off - it's a damn good product - but then you have two top class MVP's working on it!

I'm using V2.

I'm using it in two modes:

As an IDP against the SQL Server DB
As a R-STS - effectively a broker that just passes on the traffic.

Normally these are the same endpoint e.g. ADFS.

But I was battling until I realised that there are actually TWO WS-Fed endpoints.

My bad - it's obvious when you see the metadata list.

So /issue/wsfed works for the IDP and /issue/hrd works for the R-STS. As the name implies, this brings up the HRD screen.

If you look at the two controllers, the code (as you would expect) is pretty similar and they both share the same WSFederationResult.

Enjoy!

No comments: