Reputation: 27
Send passive federation request to ADFS 2.0 for SAML 2.0 token
I have a working ADFS machine. I want to construct a passive request that will generate a saml 2.0 token.
the following request for saml 2.0 token:
https://adfstest.cld.sr/adfs/ls/?wa=wsignin1.0&wtrealm=https%3A%2F%2Flocalhost%2FPro%2FFederatedLogin.mvc&wauth=urn:oasis:names:tc:SAML:2.0:am:password
generates the error: "Microsoft.IdentityServer.Protocols.Saml.NoAuthenticationContextException: MSIS7040: None of the requested authentication types are supported by the server."
yet if I change the request to a request for saml 1.0:
https://adfstest.cld.sr/adfs/ls/?wa=wsignin1.0&wtrealm=https%3A%2F%2Flocalhost%2FPro%2FFederatedLogin.mvc&wauth=urn:oasis:names:tc:SAML:1.0:am:password
It works but the token generated by ADFS is SAML 1.0.
What is the correct form to construct a request for passive federation with SAML 2.0 tokens?
Upvotes: 0
Views: 2074
Answers (1)
Reputation: 21
AD FS 2.0 does not support SAML 2.0-based IDP-initiated SSO to a WIF relying party application. The url you used in a ws-federation request and as such only saml 1.1 will be returned by ADFS.
Upvotes: 2
Related Questions
- How to send SAML 2.0 LogOut Request to ADFS?
- ADFS 3.0 works with WS-Federation but fails with SAML
- ADFS SAML request is not signed with expected signature algorithm
- ADFS 3.0 and JWT token
- How to configure ADFS so that it indicates authentication requests should be signed
- Pass through incoming claims
- Using SAML Tokens in ADFS Without a Windows ID
- SAML 2.0 claims not passing through ADFS
- Adfs Saml request fails via Passport-saml
- SAML IDP and WS-Federation SP with ADFS 2.0