Condividi tramite


Windows Identity Foundation (WIF) Configuration – Part III ()

The information in this post is based on Windows Identity Foundation Config.xml file that ships with WIF SDK.

<wsFederattion> defines parameter settings for WS-Federation protocol STS. This affects the settings for the WSFederationAuthenticationModule.

ATTRIBUTES

  • authenticationType. String, default is "". The request wauth type.
  • freshness. Float, default is "" . The value of the required freshness.
  • homeRealm. String, default is "" . The home realm of the IdentityProvider
  • issuer. String, default is "" . The URI of the token issuer.
  • policy. String, default is "" . The URI of the relevant policy.
  • realm. String, default is "" . The URI of requesting realm.
  • reply. String, default is "" . The URI of address to reply to.
  • request. String, default is "" . The URI of WS-Federation request.
  • requestPtr. String, default is "". The URI of WS-Federation request pointer.
  • resource. String, default is "". The URI of WS-Federation resource value.
  • requireHttps. Boolean, default is true. Controls whether the module will only redirect a secure URL for the STS.
  • passiveRedirectEnabled. Boolean, default false. Controls whether the module is enabled to automatically redirect
    unauthorized requests to an STS.
  • persistentCookiesOnPassiveRedirects. Boolean, default is false. Specifies whether persistent cookies are issued when the module is enabled to initiate WS-Federation passive protocol redirects.
  • signInQueryString. String, default is "" . Application defined parameters for the sign in request URL.
  • signOutQueryString. String, default is "" . Application defined parameters for the sign out request URL.
  • signOutReply. String, default is "" . URL to return to following sign out.

Example:

       <wsFederation authenticationType="wauth"
                     freshness="45"
                     homeRealm="https://homeRealm"
                     issuer="i"
                     policy="https://policy"
                     realm="https://realm"
                     reply="https://reply"
                     request="https://request"
                     requestPtr="https://requestPtr"
                     resource ="https://resource"
                     requireHttps="true"
                     passiveRedirectEnabled="true"
                     persistentCookiesOnPassiveRedirects="true"
                     signInQueryString="abc=xyz"
                     signOutQueryString="def=uvw"
                     signOutReply="https://signoutreply" />