Reputation: 84
Enable Windows Identity Foundation in docker
In our current project we develop an ASP.net MVC application hosted in an docker (Docker Desktop for Windows) container using the windows server core image (https://hub.docker.com/r/microsoft/windowsservercore/). Everything is working well but now we would like to use the Windows Identify Foundation (WIF) for authentication with an ADFS.
Unfortunately, the Windows Server Core image for docker does not support the WIF feature and it cannot be installed.
Does someone have an idea how to use the WIF inside of a docker container and/or experience with installing the feature in this image?
Is their an alternative image with the feature enabled?
Similar topics without docker such as:
- https://support.microsoft.com/en-us/help/3044149/you-can-t-install-windows-identity-foundation-in-windows-core
- https://blogs.technet.microsoft.com/server_core/2012/05/09/configuring-the-minimal-server-interface/
Did not help.
Upvotes: 0
Views: 1704
Answers (2)
Reputation: 21
I know this is an old question, but I recently ran into the same problem and wanted to share the resolution I was able to come up with. In my case, I was working with a legacy software solution that referenced "Microsoft.IdentityModel.dll" (installed by WIF), and it was not as easy to just switch it out to something else.
I installed WIF on my laptop (Windows 10) and then added the file to my docker image
C:\Program Files\Reference Assemblies\Microsoft\Windows Identity Foundation\v3.5\Microsoft.IdentityModel.dll
Then, add a PowerShell script to your DOCKERFILE to install that assembly into the GAC manually. Here's a good blog post showing how to do that as well:
https://www.andrewcbancroft.com/2015/12/16/using-powershell-to-install-a-dll-into-the-gac/
Hope it helps!
Upvotes: 2
Reputation: 84
We could solve our problems with OWIN.
Bas Lijten posted a nice tutorial on this: http://blog.baslijten.com/configure-claims-based-web-applications-using-owin-wsfederation-middleware/
We configured the usage of WS-Fed with Owin but did not use an Embedded STS. Instead we created a standalone identityserver instance to test the ADFS integration. On GitHub you can find an example for such an identity server configuration:
Upvotes: 0
Related Questions
- How to enable docker remote API in "Docker for Windows"
- .NET Core Windows authentication in docker container
- Active Directory Docker - Windows Authentication Mode
- Docker for windows 'Logon Failure'
- Docker hello-world: authentication error
- Active directory accounts inside a windows container (server 2016 TP5)
- Integrating Windows Authentication in Docker Container ASP.NET App
- Windows Server Containers domain account auth
- Windows Server 2016 docker image default username/password
- Windows authentication of an application hosted in Windows Container