rbrayb
Reputation: 46720
What is the relationship / purpose between ClaimTypesRequested in the IP-STS and ClaimTypeRequired in the RP
The ClaimTypesRequested section seems to be built up from the “Claim Descriptions” tab in ADFS and the web.config and metada inherit this when “bound” via FedUtil.
- Does WIF compare the two in any way?
- Does the RP list have to be a subset?
- Are any errors thrown when “out of sync”?
e.g. you can define custom claims in the ADFS claims rules that don’t appear in either list and yet seem to get through to the RP?
Upvotes: 2
Views: 400
Answers (1)
Scott Densmore
Reputation: 1469
WIF does not validate or compare the two at any time. They are there so you can call the API so your code can validate list the claims in your app. It is very confusing. I usually just have the required ones there as "documentation" of the claims that you need.
You can find our more about Claims & WIF in our guide http://claimsid.codeplex.com. The 2nd version will be out soon.
Upvotes: 2
Related Questions
- What is the purpose of nameidentifier claim?
- Claims Based Authentication - SharePoint and generally
- ADFS Claims Rules
- WCF, Claims, ADFS 3.0
- Claims Transformation in ADFS 3.0
- Updating claims with ADFS and WIF
- Why is there a resource/operation required instead of type/value using claim based auth
- WIF STS, different "kinds" of users, applications and claims
- Non-claims-enabled ASP.NET applications and ADFS v2.0
- WIF and ADFS - Requesting for more\extra claims