SAML IDP and WS-Federation SP with ADFS 2.0
I am very confused about my current ADFS setup. I have an identity
provider that issues a SAML 2.0 token to ADFS 2.0 in an IDP-Initiated
scenario. ADFS translates the token into WS-Federation, and forwards it on
to a claims aware (WIF) web application. The web application, however
doesn't recognize the user has having authenticated and redirects back to
Home Realm discovery. I've used SAML Tracer in Firefox and I can see the
SAML assertions going in and the WS-Federation claims in the parameters
being sent to the web application. Is there a step I am missing? I set up
custom claim rules to translate the SAML assertion into a WS-Federation
claim (e.g. http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name) If
I switch the SP application to a SAML 2 web app, then everything works
fine.
No comments:
Post a Comment