I am trying to programatically generate the following configuration contained inside the microsoft.identityModel configuration.
<federatedAuthentication>
<wsFederation passiveRedirectEnabled="false" requireHttps="true" issuer="https://IssuedByFoo.com" realm="http://Foo.com/" />
<cookieHandler requireSsl="true" path="/" />
</federatedAuthentication>
So far I have not been able to successfully configure this. I have tried setting the following in application_Start but I get an error message when I try to federate
"ID5002: The Issuer property on the FederatedPassiveSignIn control must be set to the address of an STS endpoint that can process WS-Federation passive protocol messages."
FederatedAuthentication.WSFederationAuthenticationModule.Realm = "http://Foo.com/";
FederatedAuthentication.WSFederationAuthenticationModule.Issuer = "https://IssuedByFoo.com";
FederatedAuthentication.WSFederationAuthenticationModule.PassiveRedirectEnabled = false;
FederatedAuthentication.WSFederationAuthenticationModule.RequireHttps = true;
FederatedAuthentication.SessionAuthenticationModule.CookieHandler.RequireSsl = true;
FederatedAuthentication.SessionAuthenticationModule.CookieHandler.Path = "/";
I am pretty sure that I am not configuring FederatedAuthentication correctly, and I am not sure where to configure it correctly. One thing I notice is that when I set a breakpoint on begin request, and inspect the FederatedAuthentication.WSFederationAuthenticationModule I do not see the properties set on it when the values are not present in the web.config
I ended up going with this
Is it possible to get ACS claims without editing web.config?
This seems to work, and we were already usign a custom Module so it was easy to implement