WS-Federation and external_login callback

Jul 1, 2014 at 2:12 AM
Edited Jul 1, 2014 at 2:15 AM
Hi guys,

I have set up my ADFS environment like this:
http://darb.io/blog/2014/06/30/WebAPI-and-ADFS-as-external-login-provider/

I am trying to set up my Web API to allow me to use ADFS as an external login provider (similarly to the way that we can use Twitter or Facebook), but having some issues getting WS-Federation to behave in this way.

When I choose ADFS to authenticate with, I am able to authenticate with the ADFS form, but I am redirected back to a page which is intercepted by the middleware and returns an invalid request:

Image

The contents of the response are:

Image

and

Image

The source code for my application is at:
https://github.com/darbio/Phoenix.Net/tree/feature/ADFS/Src/Phoenix.API

Are there any tutorials or examples which use federation on ADFS 3 (Windows Server 2012 R2) to achieve what I am trying to do?

Thanks,

James
Jul 1, 2014 at 3:23 AM
If I set the passive endpoint in ADFS to be something other than external_login it seems to work, however the externalLogin.LoginProvider property is set by ADFS to be:

Image

Image

Is there a way to specify the issuer name in ADFS?
Coordinator
Jul 3, 2014 at 9:34 PM
A few comments...
            app.UseCookieAuthentication(new CookieAuthenticationOptions());
            app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);
Should be
            app.UseCookieAuthentication(new CookieAuthenticationOptions(DefaultAuthenticationTypes.ExternalCookie));
            app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);
Also, you have two WsFed auth middleware with the exact same settings but different auth types & captions. Why?
Coordinator
Jul 3, 2014 at 9:35 PM
Woops, I meant:
            app.UseCookieAuthentication(new CookieAuthenticationOptions());
            app.UseExternalSignInCookie(CookieAuthenticationDefaults.AuthenticationType);