Monday, October 12, 2015

ADFS : SAML 2.0 token

This question came up during a discussion with a customer.

They wanted Active Directory Federation Services (AD FS) to deliver a SAML 2.0 token.

Recall that ADFS delivers a SAML 1.1 token for WS-Fed and a SAML 2.0 token for SAML-P 2.0.

The easiest way is simply to configure the connection to use SAML-P 2.0 (P BTW for protocol).

Simply provide ADFS with metadata for a SAML-P connection.

If you can't do that, you can convert the token by using Azure ACS or by using thinktecture's identityserver as an intermediate step. Both allow you to configure the outbound token type.

While on the subject, did you know that ADFS on Server 2012 R2 (ADFS 3) can deliver JWT tokens for WS-Fed?

Refer : JSON Web Token (JWT) support in ADFS.

Enjoy!

No comments: