Hi
In our Proof of concept scenario we are trying to implement ADFS 2.0 (let's called ADFS 1) federation with Custom STS. I have implemented a simple CustomSTS. This CustomSTS is configured to sign and encrypt the claims. For signing it is configured to use"STSTestCert" and for encryption it is configured to use ADFS 1 encryption certificate (.cer).
Here is the scenario.
- Application1 is configured using ADFS 1 as Identity provider.
- Application1 is configured as relying party in ADFS1
- Custom STS is configured as Claims Trust Provider in ADFS1
- A typical user tries to login to Application1. He/She will be redirected to ADFS1 homerealm page.
- User can select ADFS1 or CustomSTS as identity providers
- When user selects ADFS1. The whole process, i.e issuing the token, sign, encrypting works fine. At the end, user is logged in and can see the Application1 page.
- When user select CustomSTS. He/She will be redirected to the login screen and up on the successful login CusomSTS is posting a saml token to ADFS1 at (adfs/ls).
- In the fiddler i can see token (Signed and encrypted.)
- On ADFS1. It cannot process the token some how. I can see this error: "System.ArgumentException: A SamlAssertion requires at least one statement. Ensure that you have added at least one SamlStatement to the SamlAssertion you are creating.
- Then i tried to disable the encryption on CustomSTS just see what Custom STS is posting to ADFS1. I can see the SAML token is posted to ADFS1 and seems like token is correct. i mean with proper saml assertions. When i paid some attention i can see that CustomSTS is posting a <trust:RequestSecurityTokenResponseCollection>. This collection has a SecurityTokenResponse.
It seems like ADFS1 cannot decrypt or It can decrypt but cannot see any token as it is a collection. I dont know whats going wrong here. Can you guyz please suggest me something.
Thanks in advance.
/Rakesh