The SP includes so-called "RP" support for the WS-Federation protocol as profiled by Microsoft in their ADFSv1 product. The SP can act as a WS-Federation Passive Profile relying party in the same fashion that it supports SAML. All SP features not specific to the SAML protocol are supported equally for WS-Federation IdPs.
Note |
---|
This page is not relevant to use of ADFSv2, which supports a subset of SAML 2.0. The CommercialInterop page has information on SAML interoperation with Microsoft's implementation (what little has been provided, anyway). |
Metadata
Support for WS-Federation is currently provisioned and secured using the same metadata sources used for SAML. A profile of SAML metadata for use by WS-Federation peers was developed for the Shibboleth 1.3 release and remains supported in Shibboleth 2.0.
...
Code Block | ||||
---|---|---|---|---|
| ||||
<OutOfProcess> <Extensions> <Library path="adfs.so" fatal="true"/> </Extensions> </OutOfProcess> <InProcess> <Extensions> <Library path="adfs-lite.so" fatal="true"/> </Extensions> </InProcess> |
Enabling the WS-Federation Protocol (SP V2.4 and Above)
To enable the WS-Fed support on current SP versions, simply add the ADFS
protocol token to the content of the <SSO>
element (and if desired, the <Logout>
element).
Enabling the WS-Federation Protocol
...
(SP Versions < V2.4)
On older versions, enabling the plugin requires some simple modifications to the handlers defined inside the <Sessions>
element:
...