{"id":975806,"url":"https://github.com/IdentityServer/IdentityServer4.WsFederation","last_synced_at":"2025-09-11T01:31:33.870Z","repository":{"id":52114631,"uuid":"80433584","full_name":"IdentityServer/IdentityServer4.WsFederation","owner":"IdentityServer","description":"Sample for implementing WS-Federation IdP support for IdentityServer4","archived":true,"fork":false,"pushed_at":"2019-11-01T21:58:39.000Z","size":1233,"stargazers_count":67,"open_issues_count":3,"forks_count":54,"subscribers_count":13,"default_branch":"net461","last_synced_at":"2024-12-20T17:41:58.838Z","etag":null,"topics":["identityserver4","ws-federation"],"latest_commit_sha":null,"homepage":null,"language":"C#","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/IdentityServer.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2017-01-30T15:25:46.000Z","updated_at":"2024-07-18T16:33:39.000Z","dependencies_parsed_at":"2022-09-08T08:21:59.057Z","dependency_job_id":null,"html_url":"https://github.com/IdentityServer/IdentityServer4.WsFederation","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/IdentityServer%2FIdentityServer4.WsFederation","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/IdentityServer%2FIdentityServer4.WsFederation/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/IdentityServer%2FIdentityServer4.WsFederation/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/IdentityServer%2FIdentityServer4.WsFederation/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/IdentityServer","download_url":"https://codeload.github.com/IdentityServer/IdentityServer4.WsFederation/tar.gz/refs/heads/net461","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":232587220,"owners_count":18546354,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["identityserver4","ws-federation"],"created_at":"2024-01-13T14:24:17.360Z","updated_at":"2025-01-05T12:31:43.349Z","avatar_url":"https://github.com/IdentityServer.png","language":"C#","funding_links":[],"categories":["C\\#"],"sub_categories":[],"readme":"# IdentityServer4.WsFederation\n**Sample** for implementing WS-Federation IdP support for IdentityServer4\n\n## Overview\nIdentityServer4 is designed to be extensible with custom protocol endpoints.\nThis repo shows a simple implementation of WS-Federation IdP services.\nThis is useful for connecting SharePoint or older ASP.NET relying parties to IdentityServer.\n\n**This is not supposed to be a generic WS-Federation implementation, but is rather a sample that you can use \nas a starting point to build your own WS-Federation support (or even for inspiration for integrating other custom protocols, which \nare not natively supported by IdentityServer4).**\n\nThe following is a brief description of some technical points of interest. Feel free to amend this document if more details are needed.\n\n## .NET Support\nThe underlying WS-Federation classes used in this repo are only part of the \"desktop\" .NET Framework and are not included in .NET Core.\n\n## WS-Federation endpoint\nThe WS-Federation endpoint (metadata, sign-in and out) is implemented via an MVC controller (~/wsfederation).\nThis controller handles the WS-Federation protocol requests and redirects the user to the login page if needed.\n\nThe login page will then use the normal return URL mechanism to redirect back to the WS-Federation endpoint\nto create the protocol response.\n\n## Response generation\nThe `SignInResponseGenerator` class does the heavy lifting of creating the contents of the WS-Federation response:\n\n* it calls the IdentityServer profile service to retrieve the configured claims for the relying party\n* it tries to map the standard claim types to WS-* style claim types\n* it creates the SAML 1.1/2.0 token\n* it creates the RSTR (request security token response)\n\nThe outcome of these operations is a `SignInResponseMessage` object which then gets turned into a WS-Federation response and sent back to the relying party.\n\n## Configuration\nFor most parts, the WS-Federation endpoint can use the standard IdentityServer4 client configuration for relying parties.\nBut there are also options available for setting WS-Federation specific options.\n\n### Defaults\nYou can configure global defaults in the `WsFederationOptions` class, e.g.:\n\n* default token type (SAML 1.1 or SAML 2.0)\n* default hashing and digest algorithms\n* default SAML name identifier format\n* default mappings from \"short\" claim types to WS-* claim types\n\n### Relying party configuration\nThe following client settings are used by the WS-Federation endpoint:\n\n```csharp\npublic static IEnumerable\u003cClient\u003e GetClients()\n{\n    return new[]\n    {\n        new Client\n        {\n            // realm identifier\n            ClientId = \"urn:owinrp\",\n            \n            // must be set to WS-Federation\n            ProtocolType = ProtocolTypes.WsFederation,\n\n            // reply URL\n            RedirectUris = { \"http://localhost:10313/\" },\n            \n            // signout cleanup url\n            LogoutUri = \"http://localhost:10313/home/signoutcleanup\",\n            \n            // lifetime of SAML token\n            IdentityTokenLifetime = 36000,\n\n            // identity scopes - the associated claims will be used to call the profile service\n            AllowedScopes = { \"openid\", \"profile\" }\n        }\n    };\n}\n```\n\n### WS-Federation specific relying party settings\nIf you want to deviate from the global defaults (e.g. set a different token type or claim mapping) for a specific\nrelying party, you can define a `RelyingParty` object that uses the same realm name as the client ID used above.\n\nThis sample contains an in-memory relying party store that you can use to make these relying party specific settings\navailable to the WS-Federation engine (using the `AddInMemoryRelyingParty` extension method).\nOtherwise, if you want to use your own store, you will need an implementation of `IRelyingPartyStore`.\n\n### Configuring IdentityServer\nThis repo contains an extension method for the IdentityServer builder object to register all the necessary services in DI, e.g.:\n\n```csharp\nservices.AddIdentityServer()\n    .AddSigningCredential(cert)\n    .AddInMemoryIdentityResources(Config.GetIdentityResources())\n    .AddInMemoryApiResources(Config.GetApiResources())\n    .AddInMemoryClients(Config.GetClients())\n    .AddTestUsers(TestUsers.Users)\n    .AddWsFederation()\n    .AddInMemoryRelyingParties(Config.GetRelyingParties());\n```\n\n## Connecting a relying party to the WS-Federation endpoint\n\n### Using Katana\nUse the Katana WS-Federation middleware to point to the WS-Federation endpoint, e.g.:\n\n```csharp\npublic void Configuration(IAppBuilder app)\n{\n    app.UseCookieAuthentication(new CookieAuthenticationOptions\n    {\n        AuthenticationType = \"Cookies\"\n    });\n\n    app.UseWsFederationAuthentication(new WsFederationAuthenticationOptions\n    {\n        MetadataAddress = \"http://localhost:5000/wsfederation\",\n        Wtrealm = \"urn:owinrp\",\n\n        SignInAsAuthenticationType = \"Cookies\"\n    });\n}\n```\n\n### SharePoint\n\nsee https://www.scottbrady91.com/Identity-Server/IdentityServer-4-SharePoint-Integration-using-WS-Federation\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FIdentityServer%2FIdentityServer4.WsFederation","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FIdentityServer%2FIdentityServer4.WsFederation","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FIdentityServer%2FIdentityServer4.WsFederation/lists"}