WindowsAuthentication icon indicating copy to clipboard operation
WindowsAuthentication copied to clipboard
verified publisher icon IdentityServer

Confused about IdpReplyUrl

Open mkramar opened this issue 9 years ago • 4 comments

I must be missing something fundamental. I've spent a lot of time looking at examples and I still don't understand it. What is WindowsAuthenticationOptions.IdpReplyUrl? What kind of resource it should be pointing to? In your examples it is pointing to "https://localhost:44333/core/was" but I don't see how this endpoint is configured.

mkramar avatar Sep 14 '16 07:09 mkramar

It's the callback path of the WS-Federation relying party (wreply).

leastprivilege avatar Sep 14 '16 07:09 leastprivilege

Thanks for answering :) I'm trying to use WindowsAuthentication server from IdentityServer3. I'm using UseWsFederationAuthentication() on the IdentityServer3 side.

There is WsFederationAuthenticationOptions.CallbackPath propety, as I understand it should match WindowsAuthenticationOptions.IdpReplyUrl, correct?

my confusion:

What is listening at this URL? Is this URL handled by WsFederationMiddleware? Do I have to handle it somehow?

mkramar avatar Sep 14 '16 08:09 mkramar

CallbackPath is relative to the app base dir, IdpRreplyUrl is absolute.

Yes - the WSfed middleware is listening.

leastprivilege avatar Sep 14 '16 11:09 leastprivilege

I did a bit of debugging and figured out the solution Hope this will help

In WsFederationAuthenticationOptions I had to comment out CallbackPath initialization. This fixed the problem for me. It seems that "was" ending does not matter and there is nothing listening to this specific ending. WsFed middleware is just listening on all requests. From FORM post content it is figuring out if this request should be processed. If CallbackPath is assigned then logic is more complicated and it did not work to me.

mkramar avatar Sep 15 '16 02:09 mkramar