This project has moved and is read-only. For the latest updates, please go here.

WS-Federation and external_login callback

Jul 1, 2014 at 3:12 AM
Edited Jul 1, 2014 at 3:15 AM
Hi guys,

I have set up my ADFS environment like this:

I am trying to set up my Web API to allow me to use ADFS as an external login provider (similarly to the way that we can use Twitter or Facebook), but having some issues getting WS-Federation to behave in this way.

When I choose ADFS to authenticate with, I am able to authenticate with the ADFS form, but I am redirected back to a page which is intercepted by the middleware and returns an invalid request:


The contents of the response are:




The source code for my application is at:

Are there any tutorials or examples which use federation on ADFS 3 (Windows Server 2012 R2) to achieve what I am trying to do?


Jul 1, 2014 at 4:23 AM
If I set the passive endpoint in ADFS to be something other than external_login it seems to work, however the externalLogin.LoginProvider property is set by ADFS to be:



Is there a way to specify the issuer name in ADFS?
Jul 3, 2014 at 10:34 PM
A few comments...
            app.UseCookieAuthentication(new CookieAuthenticationOptions());
Should be
            app.UseCookieAuthentication(new CookieAuthenticationOptions(DefaultAuthenticationTypes.ExternalCookie));
Also, you have two WsFed auth middleware with the exact same settings but different auth types & captions. Why?
Jul 3, 2014 at 10:35 PM
Woops, I meant:
            app.UseCookieAuthentication(new CookieAuthenticationOptions());