IdentityServer / IdentityServer3.WsFederation

WS-Federation Plugin for IdentityServer v3
Apache License 2.0
25 stars 36 forks source link

WS-Fed Endpoint usernamemixed #74

Open joelhaslerfhnw opened 8 years ago

joelhaslerfhnw commented 8 years ago

Hi

We currently use ADFS 3.0 as a «protocol Gateway» to authenticate SharePoint 2013 against our SAML2-based Identity Provider (Shibboleth). We are investigating if we can replace the ADFS Server with a solution based on IdentityServer3 with the WS-Federation plugin together with Kentor Authentication Services (https://github.com/KentorIT/authservices). In our Proof of Concept Environment 95% woks like a charm, but there is one simple part missing so that we can replace ADFS definitely. We use a special endpoint from ADFS (/adfs/services/trust/13/usernamemixed) to get a SAML Token based on Username and Password from the Identity Provider "Active Directory". We need this in SharePoint to be able to get the current user context in a web service, because with ADFS and SharePoint by default the impersonation will be done with the IUSER and not with the current logged in user. Do you know if this can also be implemented in IdentityServer3?

Many Thanks for your help. Cheers, Joël

leastprivilege commented 8 years ago

That's a WS-Trust endpoint. We don't support that - and it cannot easily be added.

joelhaslerfhnw commented 8 years ago

thanks you very much for the fast answer! But it is possible to add the functionality, it is just a question of time, priority and of course money?

leastprivilege commented 8 years ago

Everything is a question of money ;)