Try to register IdSrv as a remote identity provider within OpenAm

[Wolfium]

Hi All, first of all great product and we are using it right now as a federation service for our .NET application and also in some java/spring application using fediz spring module which works flawlessly.

However I had been mandated to federate an application that is using OpenAm as its security layer and we are trying to register our instance of IdSrv with it with no luck at all.

I have tried with plain metadata from integration page at idsrv, and finally looking at other federation service example it look like that OpenAM, with says that accept saml2 identity providers does not like the roledescriptor tag that IdSrv gives with it metadata, I am guessing that it expected a idpssodescritor as with other metadata example at least it got accepted and registered, still yet not tested.

I am wondering it there any way I can migrate/transform current roledescriptor to an idpssodescriptor?or may be way not getting idsrv to generate them as with current roledescriptor tags?

Thanks in advance for any help and will appreciate any hint on solving this. Regards Nestor

[brockallen]

IdentityServer does not support the SAML2 protocol (but it does support SAML tokens via the WS-Federation protocol).

[Wolfium]

Thanks Brock for your prompt response.

Understand, was not sure regarding SAML2 protocol.

However, OpenAM expects a metadata using idpssodescriptor tag but IdentityServer produce roledescriptor tags and from what I reviewed the former inherit from the later one, would be possible to manually create expected tags from the generated one?

On the other hand, how hard, difficult or impossible would be to add SAML2 protocol support to IdentityServer?

I am really needing to integrate both federeations as the external service provider application uses OpenAm as their security layer.

Any hints...?

Thanks in advance for all your help

[leastprivilege]

SAML2p is not supported by .NET and would need to be added using commercial third party libraries. This is a substantial amount of work.

Someone else here managed to integrate OpenAM IIRC - but using some WS-Fed support there. Maybe check the old issues.

[Wolfium]

Clear regarding SAML2p .NET support and skipped for now.

Great tip for the OpenAm integration, my first issue is that a am not being able to register IdSrv with WSFED metadata generated, but will investigate old issues as stated.

By the way, apologies for my missing, but what IIRC stand for? it is a OpenAM product?

Thanks again...

[leastprivilege]

IIRC == If I Remember Correctly ;)

also try the FederationRP document (there are two links on the front page)

[Wolfium]

LOL... while a am not an english native speaker I never read that acronym.

Thanks for the federationRP hint, will do that...

Regards