Get WsFederation token inside the WebAPI controller

May 15, 2014 at 8:17 PM
I am using WsFederation (Microsoft.Owin.Security.WsFederation) and I am able to authenticate to WsFederation Identity Provider. Now I want to pass the token I received from the IdP (SAML token) to a different service. That second service has a trust with WsFederation Identity Provider, so it should trust a token from it.
Could someone point me how would I do that? I see that there is a cookie set after successful login, but I don't know how can I extract a token from it.

May 15, 2014 at 8:22 PM
when I overwrite TokenValidationParameters and create a method for AudienceValidator - I can see the token, and it is actual Saml2SecurityToken. How can I get to it from WebApi Controller? is it possible?
May 15, 2014 at 8:44 PM
Look at the WsFed Options.Notifications.SecurityTokenValidated. You'll have to store the token somewhere, so many people put it into the ClaimsIdentity.
May 15, 2014 at 11:11 PM
how do you get to ClaimsIdentity from inside SecurityTokenValidated, and how would you recommend storing it?
May 16, 2014 at 5:18 PM
as the workaround I did next:

private Task TokenValidated(SecurityTokenValidatedNotification<WsFederationAuthenticationOptions> arg)
        var claimsIdentity = arg.AuthenticationTicket.Identity;
        var context = (BootstrapContext) claimsIdentity.BootstrapContext;
        claimsIdentity.AddClaim(new Claim("secret", context.Token));
        return Task.FromResult(0);
basically added one more claim with token in it. Is this sounds like right thing to do?