IdSrv3 and ADFS2.0 ws-fed

[Lalithkx]

When I use external authentication with IdSrv3 and ADFS2.0/ws-fed, I get the following message

{"Message":"The requested resource does not support http method 'POST'."}.

Is it because POST is still not supported (Issue #3168)?

I am using idSrv3 v2.5.0.

Thanks

[leastprivilege]

WS-Fed works fine - we use it in our sample host as well

https://github.com/IdentityServer/IdentityServer3/blob/master/source/Host.Configuration/IdentityServerExtension.cs#L132

[Lalithkx]

Thanks for the advise. I was trying to run the WS-Fed example in Client Samples as well as trying to run MVC AUthentication against sample host with app.UseWsFederationAuthentication. After logging into the ADFS I get the above Post not supported error. I will look into the actual source test code.

[Lalithkx]

I am configuring my Startup.cs exactly as mentioned in the IdentityServerExtension.cs. I tried several clients with it, but all of them get the same error as I mentioned above. The ADFS WS-Federation end point binding is POST and I cannot change it. Do we have to do something on the host to handle that Post callback or is the IdentityServer3 is supposed to handle it and forward it to the client? The Client is connecting using the OpenId configuration to IdentitySrv host. Currently the WS-Federation end point is pointed to https:// Identitysrv/core. If I change it to the Client/SignInCallback (HttpPost), I get token and state values of null.

Any help will be greatly appreciated. Unfortunately we had IDSrv4 based system working fully but our IT decided to forgo the upgrade of AD servers to support OAuth2.

Thanks

[Lalithkx]

Got this working. Looks like the most important aspect is to set SignInAsAuthenticationType = signInAsType, i.e, let the Identity server set the SignInAsAuthenticationType.

[leastprivilege]

Yes - correct configuration is necessary ;)

[brianwagg]

I've gone through all this stuff, but I'm not seeing the piece that enables the POST to work. Is the SyncConfigurationManager shown in the link above required and/or does that handle it??

I am authenticating with ADFS properly, but the post back to the /identity/wsfed endpoint throws the error.
Any suggestions or thoughts?
I'm using IdentityServer3 v2.5.0 currently.

Any help would be greatly appreciated.

var metadataAddress = "https://someAdFsUrl/federationmetadata/2007-06/federationmetadata.xml";

        app.UseWsFederationAuthentication(
            new WsFederationAuthenticationOptions
            {
                Wtrealm = "https://localhost/app/ADFSTest/identity",
                AuthenticationType = "adfs",
                Caption = "ADFS",
                MetadataAddress = metadataAddress,
                SignInAsAuthenticationType = signInAsType,
                CallbackPath = new Microsoft.Owin.PathString("/identity/wsfed")
            });

[codyskidmore]

@brianwagg

I ran into the same error. The IdP CallbackPath uses the URL, "https://examle.com/idp/core/adfs". We install our applications in a root folder under IIS where the website points at the root folder. Then we add the IdP as an application under the root folder, so the URL looks like, "https://example.com/idp/core".

To get the CallbackPath working, I set the callback path to, "/idp/core/adfs". Then I updated the external provider's POST binding to point to the same URL. In this case, the external provider is ADFS 3.