Creating an WCF rest service to accept SAML and authenticate Windows users
Question
I have to create a WCF service that will receive a request with SAML assertion. Internally it needs to get the Windows user (caller user) and then impersonate the next call to an application. This application only supports AD users.
I tried to get a solution but in most cases I got the solution using Azure Service bus and ACS, but in my case I do not have that. My SAML is directly passed to the WCF service (exposed over internet) and this needs to validate the token, get the windows user and then proceed with the next steps using the impersonation of that user.
My ADFS is set up with a Relaying Party (that my middle ware on cloud already is using to authenticate the user).
My questions are:
- Do I need to set up a trust with ADFS and WCF service? Are there any links for that?
- The SAML encryption is all encrypted. For decrypting this at y WCF do I need the same certificate which was used during ADFS setup?
- Can I use the same relaying party that my middle ware uses in the setting up the trust between my WCF service and ADFS?
Any links that provide a solution would be helpful.
The diagram flow is as shown in the picture:
1 answers
solution1
0 ACCPTED 2017-08-10 19:16:26
You can't use WCF to Azure (unless by Azure you mean a VM in Azure). It's all web API.
WCF goes straight to ADFS. This is the WS-Fed active profile eg this .
If the SAML token is encrypted in ADFS, it means the RP owns the private key. ADFS (in the RP encryption tab) only has the public key.
Yes, you need a separate ADFS RP for this.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.